What's up everyone, I wanted to start a new series for the picoCTF 2023 General Skills challenges. I'm going to try to make a walk-through for every challenge as I'm working through them so you can follow along. This first one we'll be going through today is the "chrono" challenge.
Right of the bat if you have a pretty good knowledge of Linux you might know where the challenge is going based off of the name alone. If you are newer to Linux you might not and that's okay. Let's go ahead and jump into this challenge.
Okay so after opening the challenge it's prompting us to start a new instance so let's go ahead and click that and it should start a new instance for us to use.
After starting a new instance we're going to have to use ssh to connect to the server so go ahead and get into the web shell and we'll be entering this command:
$ ssh picoplayer@saturn.picoctf.net -p (port number)
Now that we are connected to the server we can go ahead actually start the challenge. So we're seeing this prompt saying "How to automate tasks to run at intervals on linux servers?". Lucky for us they give us no hints for this one. There's really nothing else here that gives us any information as to where to even start with this challenge so what we're going to do is use hacker's best friend: google.
I'm just going to simply google the prompt it gives us and see what we can find. So I googled "How to automate tasks to run at intervals on linux servers?" and I found this link: https://www.freecodecamp.org/news/cron-jobs-in-linux/
Go ahead and read through the link if you'd like but there's a couple things that stood out to me.
So after reading further we see cron jobs need to be added in the /etc directory. Well if you been studying linux fundamentals you might know this but if not let's learn real quick what is usually stored in the /etc folder using google. So I'm going to google "what is stored in /etc in linux?" and see what we can find.
I stumbled across this website: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s07.html
Okay so based off of that we may want to go ahead and explore /etc to find our flag. So I'm going to play around in the terminal a little bit and see what I can find it that directory as should you.
So here you can I've used cd to change directory over to /etc and looking around here we see stuff related to crone. So I'm just gonna ls some stuff to list what's in the folders and see if I can't maybe cat out some stuff. While looking at this I wanted to note we can see a cronetab just like we saw in the article earlier so maybe that might be promising.
Okay so after playing around with some different commands I decided to go ahead and just cat out the contents of crontab and looks like we found our flag!
So after going through this CTF it may seem like that one was pretty easy all we really had to do was cd over to a directory and then cat out the contents of a file but there are two big takeaways for me from this challenge. 1. Using google can be our best tool in some challenges. There's going to be a lot of times that you're looking at your screen having no idea what's going on and that's for whatever level you're at so get used to using google as a tool. 2. We learned a little bit about what 'cron' does and how it works as well as a little bit about the /etc directory and what we can find there so a lot of these beginner challenges are all about researching things we may not know about and keep in mind some of these general skills are geared towards middle school and high school students however it can be for any beginners also. We started this challenge off with no hints and by utilizing the resources we had we were able to find this flag with some simple commands and that's what it's all about! We were able to learn about linux systems and that ultimately was the goal with this challenge.
Go ahead and cat it out yourself if you haven't already and find your flag! And that's going to wrap it up for this CTF walk through. Stayed tuned for more in the 2023 general skills series soon..
No comments:
Post a Comment