AlpacaHack Logo

Challenges

Sign InSign Up

Rows:

CHALLENGEAUTHORS

SOLVES

(CURRENT)

Loading challenges...

Rows:

permission denied

Daily AlpacaHackTopic: File PermissionReleased: Apr 29, 2026

78 solves
Misc
Hard

by

minaminao

minaminao

cat: flag.txt: Permission denied

Beginner Hint 1 (AI-translated)
  • If you connect with nc, you will see that a shell starts up.
  • If you read chal.sh, you can see that flag.txt is created before the shell starts.
  • After that, the permissions of flag.txt are set to 400.
  • These commands are executed by the root user.
  • So 400 means that only the root user can read the file.
  • Then runuser -u nobody -- sh starts a shell as the nobody user.
  • However, if you run cat flag.txt, you get Permission denied, so you cannot read the flag.
  • So how can you read the flag?
Beginner Hint 2 (AI-translated)
  • This is a more meta hint, but why does chal.sh bother setting the permissions of flag.txt in the first place?
  • The permissions of chal.sh are specified in the Dockerfile.
  • In the same way, it should also be possible to set the permissions of flag.txt in the Dockerfile.
  • Think about what behavioral difference is created between setting permissions in the Dockerfile and setting them later in chal.sh.
permission-denied.tar.gz

Please sign in to submit the flag.

descriptionsolveswriteups