About
This program resides in /home/flag14/flag14 . It encrypts input and writes it to standard output. An encrypted token file is also in that home directory, decrypt it
To do this level, log in as the level14 account with the password level14 . Files for this level can be found in /home/flag14.
Since we do not have any source code nor hints in this challenge, we can jump straight into the shell.
First we will check the token file:
level14@nebula:~$ cat /home/flag14/token
857:g67?5ABBo:BtDA?tIvLDKL{MQPSRQWW.
After that we will start probing /home/flag14/flag14
:
level14@nebula:~$ echo 1234567890 > /tmp/probe
level14@nebula:~$ /home/flag14/flag14 -e < /tmp/probe
13579;=?A9level14@nebula:~$
I’ve chosen numbers first since we do know that previous tokens
were build mainly
from them. And this is actually end of this challenge — One can easily spot that the encryption algorithm works somewhat like this:
int i = 0; while((ch=getchar())!=EOF) { printf("%c", ch+i); i++; }
Hence writing decipher is a piece of cake:
#include <stdio.h> #include <stdlib.h> int main() { int i = 0; char ch; while((ch = getchar()) != EOF){ printf("%c", ch-i); i++; } return; }
level14@nebula:~$ gcc
/tmp/blya.c -o /tmp/blya
level14@nebula:~$ ./blya < token
8457c118-887c-4e40-a5a6-33a25353165
level14@nebula:~$ su flag14
Password:
sh-4.2$ /bin/getflag
You have successfully executed getflag on a target account
QED.