cat: flag.txt: Permission denied
NOTE: This challenge is related to permission denied.
Beginner Hint 1 (AI-translated)
- If you connect with
nc, you will notice that a shell starts. - If you read
chal.sh, you can see thatflag.txtis created with permission400before the shell starts. - This command is executed by the
rootuser. - So
400means that only therootuser can read the file. - After that,
runuser -u alpaca -- shstarts a shell as thealpacauser. - However, if you run
cat flag.txt, you still getPermission denied, so you cannot read the flag. - How can you read the flag, then?
Beginner Hint 2 (AI-translated)
- This is a meta-level hint, but why is the permission of
flag.txtbeing set insidechal.shin the first place? - The permission of
chal.shis specified in theDockerfile. - In the same way, it should also be possible to set the permission of
flag.txtin theDockerfile. - Think about what behavioral difference is created between setting permissions in the
Dockerfileand setting them later inchal.sh.
Beginner Hint 3 (AI-translated)
- In the previous challenge,
permission denied, thenobodyuser was used, but this time thealpacauser is used. - Also, the shell runs in the
/home/alpacadirectory. - What does this make possible?
[Announcement] Thank you for playing Daily AlpacaHack! We'd appreciate it if you could fill out the survey