Quantcast

Maximum PC

It is currently Wed Oct 22, 2014 5:43 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 11:27 am 
Sharptooth
Sharptooth
User avatar

Joined: Fri Aug 18, 2006 11:31 pm
Posts: 457
Location: West Point
Hi all,

I'm trying out for my school's cyber team and we are authorized message boards for help.
Currently i'm trying to gain access to a directory on a linux based machine but cannot because I do not have permission.
The file is in the 'sub' directory. And I need to somehow open it.
Here is a picture of my current problem.

Image

As you can see I cannot change the permission settings.

Any tips would be appreciated. Thank you.

8)


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 2:12 pm 
Team Member
Team Member

Joined: Wed Aug 12, 2009 12:09 pm
Posts: 597
I am not really sure what you're trying to do here. Are you new to linux?

I am not sure gedit has a command line interface (CLI) option. You can view the text in the file (no editing) using the 'more' command:

Code:
more ~/Documents/subfolder/document


Use tab to autofill the filepath. The 'cp' command is copy.

You can edit files from CLI using emacs (if installed) or Vim (default installed in linux). Unless you're pretty deep in the directory tree, you shouldn't get the 'permission denied'. Unless of course, the file is password protected by its creator.


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 2:31 pm 
Sharptooth
Sharptooth
User avatar

Joined: Fri Aug 18, 2006 11:31 pm
Posts: 457
Location: West Point
The layout of the challenges is a Capture the Flag format (CTF). Where the flag is located in between two {flag} where flag is the flag.

Once you find a flag you input it into a text box on the website to get points.
I'm using the program PuTTY to remotely access the server and linux OS.

So there is a flag somewhere in this directory, but I don't have permissions to view it.
Here is the prompt for the question:

"My buddy tells me that the CS (Computer Science) department uses a script called sub to turn in all their hw assignments. It must elevate privileges at some point since it copies files to a folder I don't have access to. I managed to locate the directory where they keep all the supporting executables for sub, but I've gotten stuck. Can you find a way to get root?"

"Working files can be stored in /tmp/\. If you do find an exploit, please don't manipulate anything on the server"


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 2:51 pm 
Team Member
Team Member

Joined: Wed Aug 12, 2009 12:09 pm
Posts: 597
I am not sure if you found the "flag" or not. Did you try 'ls -a' to locate the flag in the directory? Even if you can't access the file, you should be able to see it using the 'list all' command I just mentioned.

EDIT: I like 'ls -halt' to show all the files in a directory (a), in human-readable format (h), list-view (l), time-ordered (t)


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 2:56 pm 
Sharptooth
Sharptooth
User avatar

Joined: Fri Aug 18, 2006 11:31 pm
Posts: 457
Location: West Point
Essentially I have to find a way into 'root'.

The website provides a zip file called 'sub' that has all these random files that are on the sub directory.

I don't fully understand what I have to do either haha.


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 3:09 pm 
Team Member
Team Member

Joined: Wed Aug 12, 2009 12:09 pm
Posts: 597
mecoatwar wrote:
Essentially I have to find a way into 'root'.

The website provides a zip file called 'sub' that has all these random files that are on the sub directory.


Let me understand, the flag is located in between 2 directories named '/flag' somewhere in a root folder? So you would be looking for something like /flag/flag/flag?

When you log into the machine, you are at the /home, right? From there you can try 'ls -halt ../../{tab}{tab}'. This will show you the directories above ~/

I have no idea what that sub dir you mention is for? Can you use it to match the dir tree in the target machine?


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 3:10 pm 
Sharptooth
Sharptooth
User avatar

Joined: Fri Aug 18, 2006 11:31 pm
Posts: 457
Location: West Point
Here is where I am now:

Image

I can see flag has only a -r-------

I need to change the permissions so that I can access flag. Every time I try and access it, "Permission Denied" comes up.

The whole goal of this challenge is to gain access to 'Root'.

Any suggestions?


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 3:17 pm 
Sharptooth
Sharptooth
User avatar

Joined: Fri Aug 18, 2006 11:31 pm
Posts: 457
Location: West Point
A file was included in the challenge and inside are all these other files:

Image

I think i'm supposed to somehow use C and make a program that can do something to give me access to the root.

Thank you for all your help so far Phillyj


Top
  Profile  
 
 Post subject: Re: School Tryouts for Cyber Team, Need Help
PostPosted: Sat Jan 11, 2014 3:35 pm 
Team Member
Team Member

Joined: Wed Aug 12, 2009 12:09 pm
Posts: 597
Hmm, I see. So you found the flag, which seems to be a document. However, it is readable-only file, so you can't copy, edit, etc.

Is the verify_file_linux supposed to be used to verify the identity of the flag?

I am not sure how you're going to get the root p/w. Basically, the CTF is to crack the box and take the 'flag'? hmm...If this is what you're supposed to do then check out this link:

http://www.slashroot.in/how-are-passwor ... adow-utils

Not sure if it's any help I never needed to try anything like this.

Hey, maybe the 'exploit.c' has some method to crack the p/w?? Good luck


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

© 2014 Future US, Inc. All rights reserved.