This was an interesting small challenge. We have been given the password to ssh in to the machine.
After we do of course we would like to run a “sl” or sl -al” commands to see what we have in the current directory. Oh wow a directory with a name secret. Lets cd in to that folder. Opps we can’t! This command tells us something important. We are working on “restricted bash”. Please see the image bellow.
Now it is a matter of knowing how to escape that. A simple google search can give you the result. As always I will post a link in the end of the article. In this case we need to exit the ssh session and log in again but with some extra arguments in the command. The command will be in the format – ( ssh username@IP -t “bash –noprofile” ).
After we are in, go to the same .secret directory and just “cat” the file to see the flag.
The flag for this challenge is: LLS{you_found_my_hidden_secrets}
The links I promised:
https://d00mfist.gitbooks.io/ctf/escaping_restricted_shell.html