Trapped in Plain Sight 2
Only the chosen may see. The password is password. by Caleb (@eden.caleb.a on discord) ssh -p 4302 trapped@challenge.utctf.live
We are given a SSH port we can connect to. We see a start.sh script that grants ACL permissions to a secret user over the flag:
We see that only root can read the file, but secretuser has special permissions:
In /etc/passwd we see a potential password:
We can su as this user and get the flag:
This post is licensed under CC BY 4.0 by the author.