Skip to main content
Hashnodeholmesphere

Command Palette

Search for a command to run...

CyberYami CTF - LINUX WARRIOR - Write-up

Published
3 min read
CyberYami CTF - LINUX WARRIOR - Write-up
H
Hardeep Singh

This CTF was hosted by Cyberyami team powered by wissenhive E-learning.
In this 12 hr long CTF, I got Rank 2.

image.png Link - Here Here's the list of challenges I faced and was able to solve, 38/40.

List of challenges:

The challenges had no names and only numbers, so I'll be using numbers [1-40] to refer to them.
I’ve used Kali Linux standard VM to solve these challenges. As this was a linux based CTF, connecting to ssh over linux is more breeze-y then windows. (duh PuTTY!)

Challenge 1:

The challenge description had 2 parts:

  • IP: PORT format of server information
  • Username and password to connect to it.

image.png

We simply connect to the server with
ssh chall1@3.110.44.235 -p 2221
image.png

For the first challenge, I am going to explain in detail on how to connect to ssh and what is everything, after this, we’ll be going more comprised.

image.png

This was fairly simple, the file was hidden file. ls -a showed it up.

Challenge 2

Next challenge was interesting, you had to login similarly, but you can’t see any file with content in it. There about 10-20 files with names p4nth3r[a-z], but all of them empty. But if we look closely, ls -la we can see that there is a file called - a hyphen, that is a special character. So we need to do character escaping to solve this. But I just lazed out and did it with python. As shown in screenshot.

image.png

Challenge 3:

This challenge probably required a specific method to solve, but again, I found 2 methods that gave me flag without needed to research anything. One was simply grep -r WHL as this is constant in flag, -r will keep grep recursive.

image.png

Challenge 4:

Being a fan of Daedalus and Labyrinth, this challenge as special. Again, there may have been some offical method to do this, but I just found 2 ways to solve it.

  1. By using grep -r.

  2. By using find.

    image.png

image-20220314040154810

image.png

And that’s how I found this flag.

Challenge 5:

From here onwards, I’ll be going even more comprised for solutions. In this home directory of chall5, we only had one folder and that had a ton of chunky files.
But doing a ls -Sla lists the files sorted according to file size, and we can see a different file with 26 file size. We read that, and boom, flag.

image.png

Again, this challenge was also solvable using grep -r WHL.

Challenge 6:

This challenge was about a binary file in home folder, you had to execute it to get the flag, but we are not allowed to change the permissions of the file in home directory, so I made a copy of original to /tmp/hell-holmes and then changed it’s permissions, and moreover, it ran and gave the flag.image.png

Challenge 7:

This challenge was about unzipping a file present in ~/chall/data , upon checking the file for headers using file it showed it’s a zip file. but if you cat/read it normally, you can see the flag.

One more method that I tried was, copying the file over to your machine, like I did screenshot.

image.png

Challenge 8:

-- I am just super lazy and will add the remaining solutions here in next 12 hrs or so.

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

holmesphere

3 posts

“When you learn the art of learning, nothing is out of scope”

I make and break things, spend most of my time either reading novels or crawling terminals.