Home CTFs | HeroCTF_2024 | Misc | Einstein
Post
Cancel

CTFs | HeroCTF_2024 | Misc | Einstein

Einstein

image

So in this challenge, we connect to an SSH server and we list the files:

image

In the learn.c file we see the following code where the cat binary is called as is but not like /bin/cat:

image

So we can create our own cat program and put its path at the beginning of the PATH variable:

image

Note the use of -p in the bash command. This allows us to get the pid of the effective user (eistein) instead of the user running the program (user)

Now we can run the learn binary and get the flag:

image

This post is licensed under CC BY 4.0 by the author.