Skip to content

Latest commit

 

History

History
170 lines (128 loc) · 4.23 KB

HINTS.md

File metadata and controls

170 lines (128 loc) · 4.23 KB
Raw

CTF2022 Challenge Hints

Here are hints for the challenges.

Challenge 1: So Su Me

SUDO rule: localuser1 ALL=(ALL) NOPASSWD: /bin/su *, !/bin/su root

Hint Does that ! do what the author of rule intended it to do?

Challenge 2: Copy Challenge

SUDO rule: localuser2 ALL=(ALL) NOPASSWD: /bin/cp

Hint You can copy any file, including one you wrote, to anywhere on the system, including overwriting files already in place!

Challenge 3: Copy Cat

SUDO rule: localuser3 ALL=(ALL) NOPASSWD: /bin/cp * /var/tmp

Hint Have you thought about what a symbolic link could do for you?

Challenge 4: Copy Dog

SUDO rule: localuser4 ALL=(ALL) NOPASSWD: /bin/cp /var/tmp/* /tmp/*

Hint Try connecting the dots?

Challenge 5: A Sudo With a View

SUDO rule: localuser5 ALL=(ALL) NOPASSWD: /usr/bin/view

Hint Read that man page again.

Challenge 6: Finders Weepers

SUDO rule: localuser6 ALL=(ALL) NOPASSWD: /usr/bin/find /var -name [A-Za-z0-9]*

Hint Check those command line arguments for find again.

Challenge 7: Less With More

SUDO rule: localuser7 ALL=(ALL) NOPASSWD: /bin/more /var/log/*

Hint Have you tried typing h?

Challenge 8: Tar Is Older Than Tar

SUDO rule: localuser8 ALL=(ALL) NOPASSWD: /bin/tar [ctx]f /backup.tar *

Hint Run "pwd", and consider that for a moment.

Challenge 9: Pass The Root Please

SUDO rule: localuser9 ALL=(ALL) NOPASSWD: /usr/bin/passwd *, !/usr/bin/passwd root

Hint Consider the ! and the *.

Challenge 10: "You're the Top, You're the Colosseum"

SUDO rule: localuser10 ALL=(ALL) NOPASSWD: /usr/bin/top

Hint Re-read that top man page.

Challenge 11: Send in the Chowns

SUDO rule: localuser11 ALL=(ALL) NOPASSWD: /bin/chown localuser11 /var/spool/our_queue/[a-z][a-z][a-z]/?

Hint Concentrate on the '?'.

Challenge 12: Watching You Watching Me

SUDO rule: localuser12 ALL=(ALL) NOPASSWD: /usr/bin/watch du -hs /var

Hint Are you on the right *path*?

Challenge 13: The Chmod Squad

SUDO rule: localuser13 ALL=(ALL) NOPASSWD: /bin/chmod [ugoa][-+=][rwxXst] /var/spool/our_queue/[a-z][a-z][a-z]/?

Hint Try re-reading the chmod man page.

Challenge 14: Conjunction Junction ...

SUDO rule: localuser14 ALL=(ALL) NOPASSWD:SETENV: /bin/ls

Hint Look at sudo -l again, and read all the things.

Challenge 15: htop Was Made for Walkin...

SUDO rule: localuser15 ALL=(ALL) NOPASSWD: /usr/bin/htop

Hint To find the right path, hit h and go through all the features.

Challenge 16: Fresh Popt Corn

SUDO rule: localuser16 ALL=(ALL) NOPASSWD: /usr/bin/rsync -a /app/dir1/ /app/dir2

Hint Try ldd and re-read the man page.

Challenge 17: Replay It Again Sam

SUDO rule: localuser17 ALL=(ALL) NOPASSWD: /bin/ls /reports/, /bin/cat, /usr/local/bin/sudo_report.sh

Hint This one is hard, but I have sed that before.

Challenge 18: License to Kill

SUDO rule: localuser18 ALL=(ALL) NOPASSWD: /usr/local/bin/admin_task.sh, /usr/local/bin/kill_admin.pl

Hint Hmm... system() eh?

Challenge 19: Copy Llama

SUDO rule: localuser19 ALL=(ALL) NOPASSWD: /usr/local/bin/dir_archive.sh

Hint $F <-- Hmm...

Challenge 20: MOTD in a bottle

SUDO rule: localuser20 ALL=(ALL) NOPASSWD: /usr/local/bin/motd.py

Hint What's this dash e doing in here?

Challenge 21: Overflowing with Users

SUDO rule: localuser21 ALL=(ALL) NOPASSWD: /usr/local/bin/qa_users.py, /usr/local/bin/rm_qa_users.sh, /bin/su - mail_qa_*

Hint This one is real hard, no hints for you!