Last updated: 15 Apr 24 15:46:28 (UTC)
WhoWantsToBeTheKing: 1
WhoWantsToBeTheKing:1
By Lawcky 11/04/24
Introduction
Difficulty : Easy
Additionnal info :
Name: WhoWantsToBeTheKing
Release date: 1 Dec 2020
Author: Bjorn
Series: Who Wants To Be King
Scans
Write-UP
we got an unknown binary
skeylogger: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ba22a62cfb23e5f98841e89718b9d3f5e76bdf94, for GNU/Linux 3.2.0, with debug_info, not stripped
skeylogger: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ba22a62cfb23e5f98841e89718b9d3f5e76bdf94, for GNU/Linux 3.2.0, with debug_info, not strippedafter some analysis of the bin we find :
/home/sunita/Descargas/simple-key-logger-masterZHJhY2FyeXMK
base64 decoded : ZHJhY2FyeXMK = dracarys
after trying for different user i found a matching combo
daenerys:dracarys
this did not work
(root) NOPASSWD: /usr/bin/mint-refresh-cache (root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/synaptic-workaround.py (root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/dpkg_lock_check.sh
(root) NOPASSWD: /usr/bin/mint-refresh-cache
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/synaptic-workaround.py
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/dpkg_lock_check.shnone of these files exist and they cant be created by our user
found this file
found possible match with google :
flag found
"aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1nTjhZRjBZZmJFawo=" = https://www.youtube.com/watch?v=gN8YF0YfbEk
"aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1nTjhZRjBZZmJFawo=" = https://www.youtube.com/watch?v=gN8YF0YfbEk