boot2root was based on India time. It was all over before I could start with it. I made it through one solve within the CTF end. I will update others as I solve them…

Steve Rogers

  • Challenge
    • Given a linux server. Flag is somewhere here, find it
  • Solution
    • After a search for hidden files and string grep all over the file system. A root process run with command line args had the flag on it.
  • Flow
root@kali:~/Downloads# ./connect.sh 
steve@cef09516fb92:~$ 
steve@cef09516fb92:~$ 
steve@cef09516fb92:~$ ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  1 17:34 pts/0    00:00:00 bash /tmp/42.sh b00t2root{Cmd_l1
root        14     1  0 17:35 ?        00:00:00 /usr/sbin/sshd
root        16     1  0 17:35 pts/0    00:00:00 su -l steve
steve       18    16  0 17:35 pts/0    00:00:00 -su
steve       25    18  0 17:35 pts/0    00:00:00 ps -ef

steve@cef09516fb92:~$ ps -e --context
  PID CONTEXT                         COMMAND
    1 docker-default (enforce)        bash /tmp/42.sh b00t2root{Cmd_l1n3_fl4g5_4
   14 docker-default (enforce)        /usr/sbin/sshd
   16 docker-default (enforce)        su -l steve
   18 docker-default (enforce)        -su
   29 docker-default (enforce)        ps -e --context
steve@cef09516fb92:~$ 

steve@cef09516fb92:~$ ps -e -o command
COMMAND
bash /tmp/42.sh b00t2root{Cmd_l1n3_fl4g5_4r3_0bv10u5}
/usr/sbin/sshd
su -l steve
-su
ps -e -o command
  • References:
* https://www.tecmint.com/ps-command-examples-for-linux-process-monitoring/
* https://askubuntu.com/questions/699439/output-only-the-column-under-command-of-ps-command-in-terminal