 Hey, what's going on everybody? My name is John Hammond. Welcome back to the YouTube video So checking out the junior CTF capture the flag competition. I have that same intro for literally everything that I do Can you guys tell me like what else I should say at the very start of a video like what the heck do I need to say or do? This challenge I want to showcase is called restricted area was one of the admin challenges for whatever reason I don't know what category that's supposed to be four of the points. So I guess a few people solved it It says you're given a trial run as an admin the mystery shack your first test to define access permission the critical information according to this matrix So you have an access control matrix for a couple users And there are apparently a bunch of files that we can determine whether their reader read permissions on there This is the information stored on this special storage disk Which you can download also information about system users in a program which checks if the settings are correct If you do it right according to the matrix, you'll receive the flag. Oh, okay, so awesome This doesn't look too difficult then. Um, just kind of tedious because we'll have to like clone and recreate this access matrix So I'm gonna show you what I did. I'm not probably gonna recreate everything. I'm just gonna try and Really just show you what I did but I'll try and go through the steps and explain everything I had done. So What was this challenge called restricted area? So hop on over there Take a look at what we just got restricted area It is a gun zipped thing so we can image it just like this and I would want to mount this But I couldn't really figure out how to initially I think it's like if you run file on this thing by the way, it is a file system It is an exterior ex ex t2 file system. So you can mount dash t ex t2 Image bin and I don't know if you can how you specify where it goes And only root can do it. So you have to be root and Okay, cool. It is mountain then so I Can see to my file system over here now I have this 10 megabyte volume mounted over at media fuse and I can just copy all these files Actually, I'm probably gonna have to change the owner of it. So you know, John John so now I should be able to copy the files Hopefully out of here Juniors restricted area and we'll just paste them in there. What do you want? Why is they are all permission to night? Everything should be belong to me Please juniors Restricted area Do it Okay, so now we have all these things So what I ended up doing again, I did have to actually like type out all of these things Initially I thought like oh, okay, I can't just Well, okay first before I show you all that I'll show you what this check 64 thing does these check binaries do They must be running through privileges that got me super worried. I'm like, I don't really like that Why do I have to run a CTF program that I've been given with? pseudo privileges Whatever I just ran. I don't want to take a look at what it does and obviously it's just checking for the permission So, okay, fine So it determines okay user ID 2004 2005 2006 2007 2008 and what they can read what files they can read Apparently nothing right now But it looks like it would give us the flag whether not all these people could read these things So first we needed users that would match these user IDs and apparently dipper Mabel Seuss Wendy and Stan So I added these with the user add command I gave them the username and I actually just used the dash you flag to specify their user ID So that's how I can make sure they have that a thousand four thousand five thousand six. So I can actually show that in my Password file I have these here and I just mapped the a thousand four thousand five thing to the proper username And then I had tried to end up using shown on everything I had ran Like to made the owner of all these files the individual but when I did that I accidentally realized I overwrote the things that were duplicated like Once I said dipper to be the owner of read and later on I said Seuss to be the owner of I'm sorry I said dipper to be the owner of the lazy black cat File and then I said Seuss to be the owner of the lazy black cat file Dipper can no longer access a dipper no longer has read access to it So I tried to Google and I tried to research How do I actually just set one permission to be able to read these things and I guess there's like a set fact FACL Yeah, yeah, yeah, it's set file access controllers by a specific user. So here's what I did Restricted area. I had all of these files that I created a dipper dot text that would be a list of I just literally typed out. I used tab completion. So I didn't have to type them all out All the things that that user is supposed to read and I do this again for Mabel and Seuss and all the others And then I created this in force ACL script and what that would do is it would just read through all the text files Which are the only the extensions that have a username here dipper and Mabel stands who somebody and I would cat them out I'd get the name of the file But and while I read every single line in that in that file that I'm displaying So while I read through every single one of those file names that it's supposed to have permissions on I ran that set FACL command with the string to specify the user Again dipper dot text replacing dot text with nothing So I just have dipper be their name or Mabel or Seuss or standard Wendy Whatever whatever when I'm actually reading in the loop and then I set the read set For the contents file and contents is going to be the file name lazy black cat or lazy black dog or lazy black pig Etc etc so just again another like messy one-liner bash loop or multiple bash loose again I have two going here But that enforces the ACL So that I can actually you know like run the check program with a utility and the Actual access control is to set up for us. So Let me copy these to Junior What is it called restrict area? Yeah, so now ideally Okay, we have all these things and can I enforce ACL? Hope that worked on some of these things. I don't know I can run check 64 though and make sure all these things work and I had some Wrong things I had some things missing sly white pig is red for dipper good Pipe this to less so I can scroll through it Mabel has the last one they were just sly white cat. So okay, so it didn't get sly white dog So you'd have to add that by hand, which again isn't hard. It's just it's the same command and sly White cat, okay sly white dog is missing again for Seuss Sly white pig is getting for the next one and sly red cat. Oh It's in then a thousand eight is missing sly red cat It gets up to sly white dog or silly white dog So then those I added by hand I didn't have to do all the others and that will give you the proper flag once you run through it all But that's how I had solved the problem again. It's not technically hard. It was just literally typing out all these so I try to do it in a Clean and kind of easy way when I just looped through them all and in separate files So I didn't have to type them all over and over and over again But that's how I ended up doing it. You can see even in the n-force ACL I get a couple of errors. So I know things must be being interpreted the wrong way, but I digress it still seemed to work okay for All things but the last one the last couple of fields and I wonder why that is honestly It's not a it's not an extra space an extra new line character There might just be things that uh for whatever reason the syntax is hiccuping on but Whatever that's how I solved the challenge again just enforcing ac the access control list and using the set um Command set facl set file access control lists to specify just the read permission should be allowed by this user on these files So cool Thanks for watching guys. Hope you enjoyed this one Again some interesting bash loops that I tend to use for quick and dirty ctf solutions And some interesting commands that you may be May think of a peculiar but that's it Thanks for watching guys. See you in a later video