This is for the UMassCTF ’21 CTF.
Challenge Author: Cobchise#6969
For this challenge, we are provided the following information:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-13.png)
Hint 1:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-14.png)
Hint 2:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-15.png)
Going to the provided link in my browser, I get an invalid response error:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-16.png)
I then decide to netcat to that port to see what I can get:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-17.png)
Ahh, this is an SSH port.
Thinking back to the previous Hermit challenge, I notice this is the same IP, just a different port.
I go back to my one-line PHP shell that I uploaded and poke around some more.
I decide to run the whoami to see what user I am:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-18.png)
Now I check sudo – l to see what hermit can do:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-19.png)
Ahh, that looks interesting. I run that command:
![](https://terminalcats.com/wp-content/uploads/2021/03/image-20.png)
That made it easy!
UMASS{a_test_of_integrity}