Talking To The Dead
Flags 1, 2, 3 and 4
SSHing in and running the command whoami we see we're logged in as luciafer.
Navigating to /home/luciafer/Documents, I ran ls -alt and the output was as follows:
Since luciafer owns both these files, I can simply run cat flag1.txt and cat .flag2.txt to get the flags.
flag 1: flag{cb07e9d6086d50ee11c0d968f1e5c4bf1c89418c}
flag 2: flag{728ec98bfaa302b2dfc2f716d3de7869f3eadcbf}
After looking around, I found flag3.txt located at /home/spookyboi/Documents/flag3.txt and flag4.txt at /root/flag4.txt. Since luciafer doesn't have sufficient perms to read these files, I ran the command
find / -perm -u=s -type f 2>/dev/null to find SUID files.
SUID is a special file permission for executable files, which enables other users to run the file with effective permissions of the file owner. This means we could privilege escalate to root or a higher privileged user, giving us perms to read the flag files.
This was the output:
The program ouija jumped out to me, so i tried running it:
Excellent! it reads files in the /root directory, meaning we simply go
We use the same program to get the flag from flag3.txt as so:
Note: as we start in the /root directory, so must go back one (../) to navigate to flag3.txt.
By das