mysudo
MediumBash
Overview
I created my own mysudo application because I don’t trust any existing app to manage my server.
You can find the binaries along with their corresponding C source files in the /challenge directory:
* auth_check.c → libauth_check.so
* chall.c → chall
Here, chall is the mysudo application.
Try to read the root flag from /root/flag.txt
Flag Format: Flag{}
Lab Details
Prerequisites & Requirements
- Familiarity with archive basic vulnerabilities
- Familiarity with Python scripting
- Familiarity with Server Side Template Injection (SSTi) vulnerability
What will you learn?
- How archive extraction can lead to path traversal (zip-slip/tar-slip).
- How to craft a minimal image carrier (BMP) that passes naive image checks.
- How to inject template code into overwritten templates (SSTI).
- How SSTI can lead to remote code execution and reading sensitive files.
Tools
- Burp Suite (optional, for request replay/inspection).
- A simple hex editor or small script to craft/modify BMP bytes.
Job Positions
Penetration Tester
Tags
User ManagementPrivilege EscalationElf BinaryRoot AccessSandbox