Outils pour utilisateurs

Outils du site


ctf:public:seccon:exec-dmesg

Exec dmesg - Writeup by Maxima

Challenge

Please find the secret message from the iso linux image.

image.zip

Solution

We find in the archive a file core-current.iso which is a bootable CD-ROM image. We then run it using Virtualbox or qemu:

$ qemu-system-x86_64 -cdrom core-current.iso -boot d

We quickly get a shell. The first step is to gain root access:

tc@box:~$ sudo su
root@box:/home/tc#

We now try to exec dmesg (the title is probably a hint!):

# dmesg
dmesg: applet not found

This is weird, we look into /bin:

# ls -l /bin/dmesg
lrwxrwxrwx    1 root root   7 Nov   1 02:50 /bin/dmesg -> busybox

It looks like all binaries are symbolic links to busybox and dmesg is not compiled. After a few searches on Google, we finally learn that dmesg just reads /proc/kmsg, so we try:

# cat /proc/kmsg | grep SECCON
<7>SECCON{elf32-i386}

And here is the flag!

Author

Maxime Arthaud 2015/12/07 10:23

ctf/public/seccon/exec-dmesg.txt · Dernière modification: 2016/10/15 20:18 par arthaum