daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/2023/RITSEC CTF 2023/Red Team Activity 4
History
daffainfo e6c48e50f1 feat: grouped the challs 2024-01-09 16:59:32 +07:00
..
images feat: grouped the challs 2024-01-09 16:59:32 +07:00
README.md feat: grouped the challs 2024-01-09 16:59:32 +07:00
auth.log feat: grouped the challs 2024-01-09 16:59:32 +07:00

README.md

Red Team Activity 4

Q4: Which binary (full path to binary) was modified by redteam to later escalate privileges?

Note: Flag format is RS{MD5sum()}

About the Challenge

We were given a log file (You can download the file here) and we need to find the binary files to do privilege escalation

How to Solve?

To do this, I attempted to search the log file using the keyword su redteam to find the redteam user first

redteam

As you can see before redteam user became root that user running this command

find . -exec /bin/sh -p ; quit

If we check on GTFOBins. That command used to spawn shell or to do privilege escalation. Before root user login to as redteam that user change the SUID permission so non-root user such as redteam can use that file to do privilege escalation

suid

Hash the binary name using md5sum. Here is the command

echo -n /usr/bin/find | md5sum

And then wrap the output with RS{.*}

RS{7fd5884f493f4aaf96abee286ee04120}