I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?
There’s not really enough information in your comment for me to know for sure what is going on here, but that script doesn’t work correctly under python2 if that helps. If that is the issue, however, you’re missing another important detail.
I do know that I have su access to the script when I run it as a certain person. I can get it to run now, but I’m having issues in adding my own commands after the IP for the -p option
I do know that I have su access to the script when I run it as a certain person. I can get it to run now, but I’m having issues in adding my own commands after the IP for the -p option
Keep at it
@zac777 said:
Stuck on that part as well, maybe reading the code might help , but even with that I’m still lost.
It will help, but you could also just try something and see what happens.
I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?
There’s not really enough information in your comment for me to know for sure what is going on here, but that script doesn’t work correctly under python2 if that helps. If that is the issue, however, you’re missing another important detail.
I do know that I have su access to the script when I run it as a certain person. I can get it to run now, but I’m having issues in adding my own commands after the IP for the -p option
Yeah, so there are a bunch of hints earlier in this thread about that. Examine what the code is doing in that codepath and think about how you might be able to exploit it if there weren’t a filter. Then try to figure out if there’s some way to do something similar without getting caught by the filter.
Nice privesc! Thought it would be simple but it turned out trickier than I thought, which is a welcome surprise!
Not a fan of the phase from initial foothold to user though…
Some tips: (again if mods feel this is too spoilery please feel free to edit)
Initial foothold: If I gave you a CTF web problem that asks you to search something, what’s the first thing you should try?
User: Google around for some bypasses
Root: Just blindly following a certain well known website won’t give you everything, there’s more to it than what’s given.