First we'll have to go to a web page to start our challenge session. The page will show us the port (same IP address with the web page) and the ID/password.
Once we connected to the remote host and login the machine, we'll found that we're inside a Slackware Linux:
Later we'll found that there's a
flag.txt inside the root directory:
Looks like we'll need a local root exploit to capture the flag.
By googling "slackware linux 0.99 local root exploit", we found a working PoC. Now all we need to do is copy the PoC to the remote host, then compile & execute the exploit so we can escalate to root.
Although it looks simple, it still took me a while to complete the challenge, since there's no tool that can help us download the PoC to the host -- no
curl, not even
nc!! And the
vi editor is just terrible!! Finally I decided to use
cat <<'EOF' >> test.c + copy & paste to write the exploit into
After we compile & execute the local root exploit, we're able to escalate to root and get the flag: