Update README.mdx

nuoxoxo · Nov 17, 2024 · baef310 · baef310
1 parent 5190bc9
commit baef310
Showing 1 changed file with 38 additions and 20 deletions.
diff --git a/level00/README.mdx b/level00/README.mdx
@@ -9,35 +9,53 @@ $ ssh level00@$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}') -p 4242
 
 # 00
 
-- to begin with
+Ideas
+
+- `ls` `pwd`
+  - the folder is empty, we are at `/home/user/level00`
+- `id` `whoami` `id flag00`
+  - we are level00 
+  - another user flag00 has different permissions
+- Let's compare their privileges:
+
+```b
+> grep level00 /etc/passwd
+level00:x:2000:2000::/home/user/level00:/bin/bash
+> grep flag00 /etc/passwd
+flag00:x:3000:3000::/home/flag/flag00:/bin/bash
+                    ^^^^^^^^^^^^^^^^^ 👈 user home directories stored here
+> ls -l /home/user/level00
+total 0
+> ls -l /home/flag/flag00
+ls: cannot open directory /home/flag/flag00: Permission denied
+```
+
+- `level00` has an empty Home directory
+- Let's check if we have other files outside of Home
 
 ```b
-$ ls -l
-$ find / -user level00 
-$ find / -user level00 2>/dev/null
-$ find / -user flag00 2>/dev/null
-$ find / -user flag00 -exec cat {} + 2>/dev/null\
+> ls -l
+> find / -user level00 
+> find / -user level00 2>/dev/null
+> find / -user flag00 2>/dev/null
+> find / -user flag00 -exec cat {} \; 2>/dev/null
+OR
+> find / -user flag00 -exec cat {} + 2>/dev/null
 cdiiddwpgswtgt
 cdiiddwpgswtgt
 ```
 
-- command explained
-    - `/` - from root directory
-    - `+` - forces `find` to run `cat` on many files at once and not one at a time
-    - `2>/dev/null` - redir stderr output to `/dev/null`
-- decipher ___`cdiiddwpgswtgt`___ in python
+- `2>/dev/null` : redir stderr output to `/dev/null`
+- `\;` : mark the end of `-exec` and runs `cat` on one file a time
+- `/` : from root directory
+- `+` : forces `find` to run `cat` on many files at once 
+
+
+Decipher ___`cdiiddwpgswtgt`___ in python
 
 ```py
 a = ord('a')
 for i in range(26):
-    print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt'))
+    print(''.join(chr(a+(ord(c)-a+i)%26) for c in 'cdiiddwpgswtgt'))
 ```
 
-- token
-
-```b
-> su flag00
-Password: nottoohardhere
-> su level01
-> Password: x24ti5gi3x0ol2eh4esiuxias
-```