CTFtime.org

Chm0d

by merlin777k / NSEC-CARAGA

Rating:

No captcha required for preview. Please, do not write just a link to original writeup here.
*by merlin777
*
***1. The chmod command.*** Since the challenge belongs to "System" then this might be using a particular Operating System (OS). Definitely probably Linux OS.
Also the title of the challenge is Chm0d which is actually a syntax command in Linux OS. chmod takes three main arguments: r, w and x, which stands
for read(r), write(w), and execute(x), respectively adding or removing combinations of the arguments controlsfile and folder permissions. For
example , $chmod +rwx adds permission to read, write, and execute to the file properties.

2. Knowing this is a linux OS, the one way to connect to the system is ***using openssh tunel***. The syntax command needs a user and password. Syntax used was:

ssh user@dyn-01.heroctf.fr -p 14343
user@dyn-01.heroctf.fr password$ password123

This is only possible if you have already enabled the instance that will provide you the url link (in this case dyn-01.heroctf.fr , with port 14343).
Take note that each instance is limited to 40 minutes. Thus running same challenge instance will give a different url and port.

3. ***Exploring the OS file system.*** After your successful ssh login, you will be have access to user "user" folder. using linux command "pwd" will give you
/home/user , your present working directory. Using "ls" command to list files will give you zero content. So you try to "$cd\" to access root directory.
Upon viewing the list at root directory using "ls" command you notice there is a file "flag.txt" but you cannot open the file using "cat flag.txt". What do you do ?

4. Tying to ***view list in column mode "ls -l" ***will give you information that the owner of the file "flag.txt" is user and there are no file properties. Just like this:
file properties | | owner | group owner | file size | date | filename
--------------- user user 40 kb flag,.txt

5. Then you ***try to use chmod***: $chmod +rwx flag.txt
$Access Denied. You cannot run chmod
You try $sudo chmod 777 flag.txt
$Access Denied

6. ***Tried to inquire*** , posted a ticket at heroctf team organizers at discord. One of the team facilitators messaged me saying that there are other alternatives
to run a linux OS command in terminal. This made me try to research for ways. Took me almost a day, then found this website:
https://unix.stackexchange.com/questions/83862/how-to-chmod-without-usr-bin-chmod

### 7.*** Found an example i***n the website like this: perl -e 'chmod 0755, "foobar.file"' So, trying the syntax to: perl -e 'chmod 0755, "flag.txt"'

8. ***Doing ls - l now*** will give you this display:
file properties | | owner | group owner | file size | date | filename
-rwxr-xr-x user user 40 kb flag,.txt

9. Since the user is the owner and its now readable, ***we can then proceed with***:
user@1615fec4fcb39bd07329213b36d48f1d:/$cat flag.txt
this will give the flag:
Hero{chmod_1337_would_have_been_easier}

10. ***Lessons Learned:***
a. Its great to ask for help at discord
b. there are alternatives to run linux commands in the terminal. This time its perl. Its also because perl was enabled (installed) at the given OS.
Thanks for this challenge ! I get to be interested again in relearning PERL.

Comments