csictf 2020

CTF Writeup - https://ctftime.org/event/1081

Home csictf 2020 Writeups Home
22 July 2020

Where Am I

by vishalananth

Something is not right? I feel like I am in a prison!

nc chall.csivit.com 30623

Solution

We netcat into the given ip and see that we are inside a Linux shell. We try going to the topmost directory and printing all files, but we did not get the flag. So we start inspecting things inside the shell one by one. We notice that, we are able to access the /root directory. Inside that we see the .ssh directory with the SSH public and private keys.

We notice that the public key and authorized key files contain the same key. Seeing this we realize that root user can ssh into the machine without needing any password. So we try

ssh root@localhost 2>&1

We see the error message and realize that it is checking for .ssh keys in ctf user’s repo. So we try explicity mentioning the root user’s public key with:

ssh -i /root/.ssh/id_rsa root@localhost

But, it still does not work. When trying to reproduce this in our local machine, we find that whenever we ssh for the first time, there is a prompt which appears, where we need to agree by typing yes to add the system to the known hosts. So we try to supress the host checking with:

ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no root@localhost

It worked and gave us the flag.

Flag

csictf{n1c3_d093_w0w_5uch_55h}
tags: Linux