HacktivityCon CTF

CTF Writeup - https://ctftime.org/event/1101

Home Other writeups of HacktivityCon CTF
2 August 2020

Pseudo

by vishalananth

Someone here has special powers… but who? And how!?

Connect here: ssh -p 50014 user@jh2i.com # password is ‘userpass’

Solution

After looking at nearly everything within the remote machine, we finally saw that the /etc/sudoers file contained:

....
....
#includedir /etc/sudoers.d

So we tried to read whatever is in sudoers.d using

cat /etc/sudoers.d/*
.....
.....
# The credentials for the 'todd' account is 'needle_in_a_haystack'
todd ALL = NOPASSWD: ALL

We got the credentials of todd and see he has root access, switching to todd and then to root using:

su todd
password: needle_in_a_haystack
sudo -i
cat flag.txt

gives us the flag

Flag

flag{hmmm_that_could_be_a_sneaky_backdoor}
tags: Miscellaneous