Type your comment> @TazWake said:
@gtux said:
@TazWake said:
Its likely someone had recently compromised the box and failed to clean up after themselves. You shouldn’t be able to get root directly from a shell which can’t read the user flag.
This is weird. I reset the box and tried again. After getting shell as the first user (which cannot read user.txt), I can start the race to root directly from there.
Fascinating. I didn’t think that account had the rights to run the script.
-rwxr-xr-x