Last time when I tried CTF from series prepared by Fred Wemeijer it was "4n6 - part 1". This time we will check 2nd VM - FourAndSix:2. Here we go...
We will start here:
Cool, OpenBSD again. Let's check for open ports:
Checking if there will be the same bug as it was before:
Unfortunately no. But I found backup.7z file. Checking:
Great, so I used bash command to (try to) extract the content of the archive:
$ for pwd in `cat /path/to/rockyou.txt'; do 7z x backup.7zip -p $pwd; done
... you should be somewhere here:
Still nope. Checking with another file from /usr/share/wordlists:
Now we are here:
Great, there are new files:
Hm... did I miss something...?
Great, we're in!
After some basic enumeration I tried to locate possible suidfiles (saved to /tmp/filename):
More hints from github source code:
Ok. After a while I got the idea what should be done here...
To escape from less-mode I started (in less) /usr/bin/vi. Then I used it to run sh and grab the final flag:
Very cool CTF. It was nice to play it (as well as part1) :)
Big thanks goes to Fred Wemeijer for preparing those VM's.
Also bit thanks goes to the VulnHub Team for sharing all of those games.
See you next time!