Tags: sandbox 

Rating: 0

# Work Computer (sandbox)

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-GOOGLE/images/2-0.png)

We're given a server and port to connect to. Let's go ahead and connect to it using netcat and see what the challenge has in store for us. If you're on a school network or an otherwise moderated network, make sure that the server isn't blocked by your network.

To connect to the target using netcat, we'll simply just call `nc` from the terminal and supply the given server and port.

```
$ nc readme.ctfcompetition.com 1337
```

After doing so, we're greeted with a prompt, so let's see what we're dealing with. I'll first list all the files in the home directory of whatever user I am using `ls`. After that, I'll go ahead and see who I am using `whoami`, and then I'll try to print all environment variables using `printenv` to hopefully get a better idea of what I'm dealing with. Finally, I'll try to read the flag using `cat`.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-GOOGLE/images/2-1.png)

It looks like we're in jail and we need to break out. It looks like a lot of the programs and utilities that we're used to are either unavailable to us or otherwise restricted. Let's go ahead and see if we can find out where we are,and if we can travel outside of our home directory. We can attempt to travel out using `cd`. We'll try to travel to the root directory, which is at the top (or base, depending on how you see it) of the filesystem. Then, we'll list the contents using `ls`.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-GOOGLE/images/2-2.png)

Since our environment seems to restrict what kinds of programs and utilities are at our disposal, let's go ahead and see what *is* at our disposal. On any sort of a \*NIX filesystem, binaries are usually stored in four main places: `/bin`, `/sbin`, `/usr/bin`, and `/usr/sbin`.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-GOOGLE/images/2-3.png)

Let's go ahead and list the contents of them using `ls`.

```
> ls /bin
arch
busybox
chgrp
-- snip --
> ls /sbin
acpid
adjtimex
apk
-- snip --
> ls /usr/bin
[
[[
basename
-- snip --
> ls /usr/sbin
addgroup
adduser
brctl
-- snip --
```

I must admit that I spent quite a while on this problem going through each of those programs and identifying what they do, and if they could be used to read the file and redirect them to STDOUT for us to read. After a lot of thorough searching, I found `shuf`, located in `/usr/bin`, to be the solution to this level. `shuf` is a program that randomly permutes lines. We don't care that it randomly permutes lines because either way, it's able to read files and redirect their contents to STDOUT. Even then, if we run `wc -l` (word count, `-l` for line count) on the `README.flag` file in our home directory, we see that there's only one line anyways.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-GOOGLE/images/2-4.png)

And just like that, we have the flag.

## Flag

```
CTF{4ll_D474_5h4ll_B3_Fr33}
```

# Next Stop

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-GOOGLE/images/2-5.png)

I unfortunately don't have the writeup for FriendSpaceBookPlus as another one of my teammates did this challenge, and it's frankly flying over my head.

Next stop: [Drive to the target](https://github.com/shawnduong/ctf-writeups/blob/master/2019-GOOGLE/beginners-quest/day5-drive-to-the-target.md) (Blue)