[cs615asa] CtF ended
Sen Jiang
sjiang11 at stevens.edu
Tue May 6 02:22:05 EDT 2014
I think this is worth mentioning too.
You have given us the following information in an email.
# grep cs615 /usr/pkg/etc/sudoers
%cs615 ALL = (ALL) NOPASSWD: /bin/cat /etc/master.passwd
This means every user in cs615 group can run sudo cat /etc/master.passwd
without root password.
So I was able to get the hashes of the passwords of all users, and it seems
the algorithm is SHA1, which means it is possible to crack if the passwords
are not complicated enough.
But our team already got all the passwords from leaky at that time, so I
didn't spend time to crack these hashes, just changed our password to a
longer one.
On Tue, May 6, 2014 at 1:26 AM, Jan Schaumann <jschauma at stevens.edu> wrote:
> Jin Sun <jsun6 at stevens.edu> wrote:
> > One thing I still want to know is that why leaky can't delete leaky.sh?
>
> Same as for the 'leaky' program:
>
> > > Team Blender also removed the 'leaky' program itself to prevent anybody
> > > else from repeating the steps, but since we wanted to keep the game a
> > > bit interesting, I re-created the program and then set the files to be
> > > immutable ('chflags schg file'), so they couldn't be removed.
>
>
> ls -lo
>
> shows the flags:
>
> -rwsr-xr-x 1 root users schg 5139 May 4 15:28 leaky
> -rwx------ 1 leaky users schg 124 May 3 14:10 leaky.sh
>
> -Jan
>
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20140506/e68c0b46/attachment.html>
More information about the cs615asa
mailing list