Ghost in a Shell 1

Challenge:

Connect to the server, snoop around, and find the flag!

. ssh 46.101.107.117 -p 2106 -l inky . password is: mucky_4444

Solution:

Following the challenge instructions I connected to the service and began listing the various file and directory structures. It was in the images directory that I spotted something of interest:

$ ls -la images/

total 304
drwxr-xr-x    1 root     root          4096 Feb 27 17:55 .
drwxr-xr-x    1 root     root          4096 Apr  3 00:00 ..
drwxr-xr-x    1 root     root          4096 Feb 27 17:55 ...
-rwxr-xr-x    1 root     root         23864 Feb 27 17:53 ghost_1.png
-rwxr-xr-x    1 root     root         25957 Feb 27 17:53 ghost_2.png
-rwxr-xr-x    1 root     root         37335 Feb 27 17:53 ghost_3.png
-rwxr-xr-x    1 root     root         30530 Feb 27 17:53 ghost_4.png
-rwxr-xr-x    1 root     root         27476 Feb 27 17:53 ghost_5.png
-rwxr-xr-x    1 root     root         35378 Feb 27 17:53 ghost_6.png
-rwxr-xr-x    1 root     root         31358 Feb 27 17:53 ghost_7.png
-rwxr-xr-x    1 root     root         32507 Feb 27 17:53 ghost_8.png
-rwxr-xr-x    1 root     root         27413 Feb 27 17:53 ghost_9.png

The ... directory is not a default directory like ., which represents the current directory and .. for the parent directory. Viewing the images/... directory reveals another ... sub-directory:

$ ls -la images/.../
total 36
drwxr-xr-x    1 root     root          4096 Feb 27 17:55 .
drwxr-xr-x    1 root     root          4096 Feb 27 17:55 ..
-rwxr-xr-x    1 root     root         20263 Feb 27 17:53 ...

Under that sub-directory I found an image file named ghost.png and retrieved it via SCP:

scp -P2106 inky@46.101.107.117:/home/inky/images/.../... ghost.png

The image contained a QR Code that could be scanned to retrieve the flag:

The accepted flag was, he2021{h1dd3n_d0td0td0t!}`