# Hacking Tube

## 33C3 CTF 2016 -- The 0x90s called

Category: pwn
Points: 150

First we'll have to go to a web page to start our challenge session. The page will show us the port (same IP address with the web page) and the ID/password.

Once we connected to the remote host and login the machine, we'll found that we're inside a Slackware Linux:

Later we'll found that there's a flag.txt inside the root directory:

Looks like we'll need a local root exploit to capture the flag.

By googling "slackware linux 0.99 local root exploit", we found a working PoC. Now all we need to do is copy the PoC to the remote host, then compile & execute the exploit so we can escalate to root.

Although it looks simple, it still took me a while to complete the challenge, since there's no tool that can help us download the PoC to the host -- no wget, no curl, not even nc!! And the vi editor is just terrible!! Finally I decided to use cat <<'EOF' >> test.c + copy & paste to write the exploit into test.c.

After we compile & execute the local root exploit, we're able to escalate to root and get the flag:

flag: 33C3_Th3_0x90s_w3r3_pre3tty_4w3s0m3