Terminal: Prison-Escape
Objective
Recover the Elfen Ring
Task 3: Prison Escape
Difficulty: 3/5 Christmas Trees
Description: Escape from a container. Get hints for this challenge from Bow Ninecandle in the Elfen Ring. What hex string appears in the host file /home/jailer/.ssh/jail.key.priv?
Terminal Details
######################################################
Sat Dec 10 21:31:47 UTC 2022
On attempt [5] of trying to connect.
If no connection is made after [60] attempts
contact the holidayhack sys admins via discord.
######################################################
Greetings Noble Player,
You find yourself in a jail with a recently captured Dwarven Elf.
He desperately asks your help in escaping for he is on a quest to aid a friend in a search for treasure inside a crypto-mine.
If you can help him break free of his containment, he claims you would receive "MUCH GLORY!"
Please, do your best to un-contain yourself and find the keys to both of your freedom.
grinchum-land:~$
Solution
Begin by enumerating the jailed environment.
grinchum-land:/$ sudo -l
User samways may run the following commands on grinchum-land:
(ALL) NOPASSWD: ALL
Based on the listings in /dev, the docker container was probably started with the --privileged flag.
grinchum-land:~$ ls /dev
autofs loop1 ptp0 tty12 tty24 tty36 tty48 tty6 vcs1 vcsu
btrfs-control loop2 pts tty13 tty25 tty37 tty49 tty60 vcs2 vcsu1
core loop3 random tty14 tty26 tty38 tty5 tty61 vcs3 vcsu2
cpu loop4 shm tty15 tty27 tty39 tty50 tty62 vcs4 vcsu3
cpu_dma_latency loop5 snapshot tty16 tty28 tty4 tty51 tty63 vcs5 vcsu4
cuse loop6 stderr tty17 tty29 tty40 tty52 tty7 vcs6 vcsu5
fd loop7 stdin tty18 tty3 tty41 tty53 tty8 vcsa vcsu6
full mem stdout tty19 tty30 tty42 tty54 tty9 vcsa1 vda
fuse mqueue tty tty2 tty31 tty43 tty55 ttyS0 vcsa2 vsock
input net tty0 tty20 tty32 tty44 tty56 uhid vcsa3 zero
kmsg null tty1 tty21 tty33 tty45 tty57 uinput vcsa4
loop-control nvram tty10 tty22 tty34 tty46 tty58 urandom vcsa5
loop0 ptmx tty11 tty23 tty35 tty47 tty59 vcs vcsa6
Create a mount point dir, then mount the main disk, vda.
grinchum-land:~$ mkdir vda
grinchum-land:~$ sudo mount /dev/vda vda/
Grab the contents of the file as stated in the task description.
grinchum-land:~$ cat ~/vda/home/jailer/.ssh/jail.key.priv
Congratulations!
You've found the secret for the
HHC22 container escape challenge!
.--._..--.
___ ( _'-_ -_.'
_.-' `-._| - :- |
_.-' `--...__|
.-' '--..___
/ `._ \
`. `._ one |
`. `._ /
'. `._ :__________....-----'
`..`---' |-_ _- |___...----..._
|_....--' `.`.
_...--' `.`.
_..-' _.'.'
.-' step _.'.'
| _.'.'
| __....------'-'
| __...------''' _|
'--''' |- - _ |
_.-''''''''''''''''''-._
_.' |\
.' _.' |
`._ closer |:.'
`._ _.' |
`..__ | |
`---.._.--. _| |
| _ - | `-.._|_.'
.--...__ | - _|
.'_ `--.....__ |
.'_ `--..__
.'_ `.
.'_ 082bb339ec19de4935867 `-.
`--..____ _`.
```--...____ _..--'
| - _ ```---.._.'
| - _ |
|_ - - |
| - _ |
| -_ -_|
| - _ |
| - _ |
| -_ -_|
Close the terminal and enter the string on the last signpost sign into the answer field under this task in the objectives section of you badge.
Return to the Elf House Area.