30 lines
700 B
Markdown
30 lines
700 B
Markdown
# Hack the Jail - Part 1
|
|
|
|
## Difficulty
|
|
|
|
Very easy, but the participant needs to know about "sudo", which might be unknown for Linux novices.
|
|
|
|
## How To Solve
|
|
|
|
![](https://imgs.xkcd.com/comics/sandwich.png)
|
|
|
|
If something says "permission denied" on Linux, try with `sudo`. In this case the `/etc/sudoers` file seems to contain a peculiar line related to the currently executing user `ig`. It states the following:
|
|
|
|
```
|
|
ig ALL = NOPASSWD: /bin/cat
|
|
```
|
|
|
|
This means that the `ig` user is allowed to execute the `/bin/cat` binary with elavated permissions without using a password.
|
|
|
|
Therefore executing:
|
|
|
|
```
|
|
sudo cat /flag.txt
|
|
```
|
|
|
|
reveals the flag.
|
|
|
|
## Flag
|
|
|
|
IGCTF{ASimpleVisudoCanDoGreatDamage1}
|