GuidePoint Security CTF 2021 - Netcatter (pwn)

3 minute read Published:

Writeup for the Guidepoint 2021 CTF Netcatter pwn challenge
Guidepoint Security CTF 2021 - Netcatter (pwn) For this challenge we get ssh access to a docker container as a regular user. We don’t really get any clues as to what we are looking for so we start by exploring the machine a little. Under running processes we see the following process that stands out: root 1 /bin/sh -c /etc/init.d/ssh start && while true; do ./netcatter files ; sleep 60; done We do a find to see where this netcatter file located and notice that it is a SUID binary and is owned by the user target.