CTF Writeup

March 14, 2019

Stall Mucking Report Cranberry Pi terminal challenge

📍 Wunorse Openslae at 1nd floor go right enter the room continue forward you find him.

Hi, I’m Wunorse Openslae

What was that password?

Golly, passwords may be the end of all of us. Good guys can’t remember them, and bad guess can guess them!

I’ve got to upload my chore report to my manager’s inbox, but I can’t remember my password.

Still, with all the automated tasks we use, I’ll bet there’s a way to find it in memory.


Plaintext Credentials in Commands > Keeping Command Line Passwords Out of PS


1- First let’s use command ls to list directories & files:


2- Take a look at content of report.txt for any leads:


3- Use ps command as suggested in hints to display the usernames / passwords on the command line for the running processes , write the command as following :

ps Twww

T Basic options: all processes on this terminal, w Show threads options : unlimited output width


4- Interesting command related to samba :

/bin/bash /home/manager/ --verbosity=none --no-check-certificate --extraneous-command-argument --do-not-run-as-tyler --accept-sage-advice -a 42 -d~ --ignore-sw-holiday-special --suppress --suppress //localhost/report-upload/ directreindeerflatterystable -U report-upload

So the username report-upload and the password directreindeerflatterystable and the share folder //localhost/report-upload/

You can find more about smbclient here:

5- Now let’s upload the report to the share folder using smbclient to access share folder :

smbclient //localhost/report-upload/ -U report-upload directreindeerflatterystable

Then upload the file report.txt :

put report.txt




Thank goodness for command line passwords - and thanks for your help!

Speaking of good ways to find credentials, have you heard of Trufflehog?

It’s a cool way to dig through repositories for passwords, RSA keys, and more.

I mean, no one EVER uploads sensitive credentials to public repositories, right? But if they did, this would be a great tool for finding them.

But hey, listen to me ramble. If you’re interested in Trufflehog, you should check out Brian Hostetler’s talk!

Have you tried the entropy=True option when running Trufflehog? It is amazing how much deeper it will dig!

Oh my! Santa’s castle… it’s under siege!

We’re trapped inside and can’t leave.

The toy soldiers are blocking all of the exits!

We are all prisoners!


Trufflehog Tool:

Trufflehog Talk:

Brian Hostetler is giving a great Trufflehog talk upstairs