misc

eighth_circle

After googling “eight circle of hell cipher” we find something called Malbolge, a programming language. We use a decoder for it and we get the

https://malbolge.doleczek.pl/

flag - flag{bf201f669b8c4adf8b91f09165ec8c5c}

Prison Break

cat /just/out/of/reach/twh.txt -> No such file or directory i.e. real cat error

but if you try

cat /just/out/of/reach/flag.txt -> error changes into a custom one

script is detecting the keyword flag

Zenith

• Goal was to privesc to root and get the flag from root directory

• detecting privesc was easy because all i had to do was sudo -l

• we can execute zenity with sudo without password

• zenity is an application which generates GUI pop ups.

• but we have ssh, a simple workaround for this is to use -X commandline option of ssh which forwards gui applications to our machine, so using this we can execute zenity on remote server and popups will appear on our machine.

• now after reading manpage of zenity few times this command worked

zenity --text-info --filename "/root/.ssh/id_rsa"

• and a pop up appears with private key of root <3