Approach:

$ ls -l /home/hacker-weekly/abacus
-r--r----- 1 root abacus 373 Nov 12  2012 /home/hacker-weekly/abacus
$ id
uid=1554(gilles) gid=1555(gilles) groups=1555(gilles)

So we need to either gain root permissions or gain abacus group permissions. But how?

Hint (step 1): _{How do you elevate privileges?}

Full solution (step 1):

Look for setuid or setgid executables that shouldn't be there:
    find / -xdev -perm /4000 -ls 2>/dev/null
There are two likely candidates: /usr/local/abacus and /usr/bin/hacker-weekly-abacus. Running the latter prints out an SSH private key.

Hint (step 2): _{The obvious way to use this file is to log into some other account. Which account?}

Full solution (step 2):

Look through /etc/passwd and see what accounts are present (other than the system accounts and the participants). Look in /etc/passwd and /etc/group to find members of the abacus group. There's just guest.
So copy the private key to ~/.ssh/id_rsa, set the permissions correctly, and ssh guest@localhost. Bingo.

<advertisement>

If you like this kind of stuff, we participate in capture-the-flag competitions as the sec.se (Security Stack Exchange) CTF team (see the meta post for organizational details). There's more web, reverse engineering and crypto involved than unix though.

Approach:

$ ls -l /home/hacker-weekly/abacus
-r--r----- 1 root abacus 373 Nov 12  2012 /home/hacker-weekly/abacus
$ id
uid=1554(gilles) gid=1555(gilles) groups=1555(gilles)

So we need to either gain root permissions or gain abacus group permissions. But how?

Hint (step 1): _{How do you elevate privileges?}

Full solution (step 1):

Look for setuid or setgid executables that shouldn't be there:
    find / -xdev -perm /4000 -ls 2>/dev/null
There are two likely candidates: /usr/local/abacus and /usr/bin/hacker-weekly-abacus. Running the latter prints out an SSH private key.

Hint (step 2): _{The obvious way to use this file is to log into some other account. Which account?}

Full solution (step 2):

Look through /etc/passwd and see what accounts are present (other than the system accounts and the participants). Look in /etc/passwd and /etc/group to find members of the abacus group. There's just guest.
So copy the private key to ~/.ssh/id_rsa, set the permissions correctly, and ssh guest@localhost. Bingo.

<advertisement>

If you like this kind of stuff, we participate in capture-the-flag competitions as the sec.se (Security Stack Exchange) CTF team (see the meta post for organizational details). There's more web, reverse engineering and crypto involved than unix though.

Approach:

$ ls -l /home/hacker-weekly/abacus
-r--r----- 1 root abacus 373 Nov 12  2012 /home/hacker-weekly/abacus
$ id
uid=1554(gilles) gid=1555(gilles) groups=1555(gilles)

So we need to either gain root permissions or gain abacus group permissions. But how?

Hint (step 1): _{How do you elevate privileges?}

Full solution (step 1):

Look for setuid or setgid executables that shouldn't be there:
    find / -xdev -perm /4000 -ls 2>/dev/null
There are two likely candidates: /usr/local/abacus and /usr/bin/hacker-weekly-abacus. Running the latter prints out an SSH private key.

Hint (step 2): _{The obvious way to use this file is to log into some other account. Which account?}

Full solution (step 2):

Look through /etc/passwd and see what accounts are present (other than the system accounts and the participants). Look in /etc/passwd and /etc/group to find members of the abacus group. There's just guess.
So copy the private key to ~/.ssh/id_rsa, set the permissions correctly, and ssh guest@localhost. Bingo.

<advertisement>

If you like this kind of stuff, we participate in capture-the-flag competitions as the sec.se (Security Stack Exchange) CTF team (see the meta post for organizational details). There's more web, reverse engineering and crypto involved than unix though.

Approach:

$ ls -l /home/hacker-weekly/abacus
-r--r----- 1 root abacus 373 Nov 12  2012 /home/hacker-weekly/abacus
$ id
uid=1554(gilles) gid=1555(gilles) groups=1555(gilles)

So we need to either gain root permissions or gain abacus group permissions. But how?

Hint (step 1): _{How do you elevate privileges?}

Full solution (step 1):

Look for setuid or setgid executables that shouldn't be there:
    find / -xdev -perm /4000 -ls 2>/dev/null
There are two likely candidates: /usr/local/abacus and /usr/bin/hacker-weekly-abacus. Running the latter prints out an SSH private key.

Hint (step 2): _{The obvious way to use this file is to log into some other account. Which account?}

Full solution (step 2):

Look through /etc/passwd and see what accounts are present (other than the system accounts and the participants). Look in /etc/passwd and /etc/group to find members of the abacus group. There's just guest.
So copy the private key to ~/.ssh/id_rsa, set the permissions correctly, and ssh guest@localhost. Bingo.

<advertisement>

If you like this kind of stuff, we participate in capture-the-flag competitions as the sec.se (Security Stack Exchange) CTF team (see the meta post for organizational details). There's more web, reverse engineering and crypto involved than unix though.