Greenhouses is a Python/Bash service where Martians can plant seeds in a greenhouse and watch them grow. The service is a systemd nspawn container with a SSH server running on port 2222. Accounts of this service are just plain Unix accounts in this container. Users access the functionality over a SSH connection, where commands are exposed in /opt/bin.

The service contains two vulnerabilities: wrong permissions set on the database file, and a DBus file descriptor leakage resulting in privilege escalation attacks on a custom sudo implementation.

For more info, read the full writeup at https://saarsec.rocks/2020/07/17/FAUSTCTF-greenhouses.html

Original writeup (https://saarsec.rocks/2020/07/17/FAUSTCTF-greenhouses.html).