Scenario: "Madrid": exploiting capabilities

Level: Hard

Type: Hack

Tags: hack  

Access: Email

Description: You are logged in as the admin user without sudo privileges.

A secret string is in the file /root/flag.txt and you don't have permission to read it directly.

However, a standard system binary has been misconfigured with a "hidden" capability that allows it to bypass file permissions.

Your mission is to find the misconfigured binary and use it to copy the content of /root/flag.txt into the file /home/admin/flag.txt.

Root (sudo) Access: False

Test: cat /home/admin/flag.txt displays the same string that is in /root/flag.txt, with md5sum /home/admin/flag.txt returning a43d338b0fc1dfb0c6425aa55e24c8c6 (the solution string without an ending newline is also accepted)

The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute.

Time to Solve: 20 minutes.