pwn

Guidepoint Security CTF 2021 - Hackback (1 &) 2 (pwn) This challenge is a little odd for me since I found the flag for part 2 but despite spending considerable time, never found the flag for part 1 of this challenge. For this challenge we get a .doc file (So ye olde MS Word format, none of that fancy new .docx stuff.) as well as a web page, which does not seem to do much for us yet.

Guidepoint Security CTF 2021 - Netcatter (pwn) For this challenge we get ssh access to a docker container as a regular user. We don’t really get any clues as to what we are looking for so we start by exploring the machine a little. Under running processes we see the following process that stands out: root 1 /bin/sh -c /etc/init.d/ssh start && while true; do ./netcatter files ; sleep 60; done We do a find to see where this netcatter file located and notice that it is a SUID binary and is owned by the user target.