chattr and ctf
June 1st, 2008 by webstersprodigy
This is a way to make files ‘unmodifyable’ or ‘undeletable’ amongst other things in Linux.
Ugh.
First off, I did terrible at the ctf qualifiers. I got a measely 1300 points and basically gave up after the first day (I still worked on it for fun, but gave up any chance of doing well). The winners got 4000 points.
The problem is, hours after it’s done I’m able to look at some of these and do them relatively easily. A lot of my problem is my huge non-familiarity with freebsd. So I’ve been familiarizing myself.
Anyway, they have an interesting command called chflags which can sort of make a file undeletable. This is remarkably like chattr, which I have an interesting story about.
At wargamez (http://wargamez.org) this year we had a king of the hill game. There was a damn vulnerable system setup riddled with holes and a file to overwrite for points to be added up. My team (though it wasn’t my idea) chattr +i ed the file. Although another team rooted the box and kicked us off, they weren’t aware of the chattr command and it took them hours to figure it out.
So, back to ctf. There are a lot of really good people there. Amazingly fast. However, I think if I get some bright guys together we can do moderately well. Here is what I plan to do for next year, and I consider it a good way to prepare.
- Have unix vms ready to go and be familiar with them, at least on a basic level (eg have a way to dissassemble stuff)
- Go through these beforehand http://nopsr.us/
- Sleep the day before so you can manage on only 8 hours of sleep for the 48 hours of qualifiers. Be prepared with food and stuff. This was another problem for me.
- Get tip top on binary stuff and reversing. It seems to be weighted very heavily.
So I guess I’ll ‘fetch’ (rather than wget) another file for my freebsd vm and continue learning about these weird different programs that do the same thing.
Tags: ctf