Tags: sandbox

Rating: 0

# Work Computer (sandbox)

We're given a server and port to connect to. Let's go ahead and connect to it using netcat and see what the challenge has in store for us. If you're on a school network or an otherwise moderated network, make sure that the server isn't blocked by your network.

To connect to the target using netcat, we'll simply just call nc from the terminal and supply the given server and port.




After doing so, we're greeted with a prompt, so let's see what we're dealing with. I'll first list all the files in the home directory of whatever user I am using ls. After that, I'll go ahead and see who I am using whoami, and then I'll try to print all environment variables using printenv to hopefully get a better idea of what I'm dealing with. Finally, I'll try to read the flag using cat.

It looks like we're in jail and we need to break out. It looks like a lot of the programs and utilities that we're used to are either unavailable to us or otherwise restricted. Let's go ahead and see if we can find out where we are,and if we can travel outside of our home directory. We can attempt to travel out using cd. We'll try to travel to the root directory, which is at the top (or base, depending on how you see it) of the filesystem. Then, we'll list the contents using ls.

Since our environment seems to restrict what kinds of programs and utilities are at our disposal, let's go ahead and see what *is* at our disposal. On any sort of a \*NIX filesystem, binaries are usually stored in four main places: /bin, /sbin, /usr/bin, and /usr/sbin.

Let's go ahead and list the contents of them using ls.


> ls /bin
arch
busybox
chgrp
-- snip --
> ls /sbin
acpid
apk
-- snip --
> ls /usr/bin
[
[[
basename
-- snip --
> ls /usr/sbin
brctl
-- snip --


I must admit that I spent quite a while on this problem going through each of those programs and identifying what they do, and if they could be used to read the file and redirect them to STDOUT for us to read. After a lot of thorough searching, I found shuf, located in /usr/bin, to be the solution to this level. shuf is a program that randomly permutes lines. We don't care that it randomly permutes lines because either way, it's able to read files and redirect their contents to STDOUT. Even then, if we run wc -l (word count, -l for line count) on the README.flag file in our home directory, we see that there's only one line anyways.

And just like that, we have the flag.

## Flag


CTF{4ll_D474_5h4ll_B3_Fr33}


# Next Stop

I unfortunately don't have the writeup for FriendSpaceBookPlus as another one of my teammates did this challenge, and it's frankly flying over my head.

Next stop: [Drive to the target](https://github.com/shawnduong/ctf-writeups/blob/master/2019-GOOGLE/beginners-quest/day5-drive-to-the-target.md) (Blue)