Self Driving Car (Smart City, 250p)

For your efforts, the city council has decided to award you with a free flight to a holiday destination.
Just as you have finished packing you get another call.
A company building self-driving cars has been experiencing an odd after-effect from the recent attacks against the city.
The city council has forwarded the company representative to you and after discussing the details you find out that they had a city guide application API integrated into their self-driving cars.
The company has provided you with SSH credentials and information that they use Robot Operating System for their self-driving cars.
You must find the status message of the active instance and help debugging the vehicle.
SSH:
Hostname: envXXX.target03
Port: 2222
Username: jack
Password: autonomous1337vehicles

solution

Connect to SSH server. 

# ssh -p 2222 jack@envXXX.target03
jack@envXXX.target03's password: autonomous1337vehicles

 █████╗ ██╗   ██╗██╗   ██╗███████╗    ██████╗  ██████╗ ███████╗
██╔══██╗██║   ██║██║   ██║██╔════╝    ██╔══██╗██╔═══██╗██╔════╝
███████║██║   ██║██║   ██║█████╗      ██████╔╝██║   ██║███████╗
██╔══██║██║   ██║╚██╗ ██╔╝██╔══╝      ██╔══██╗██║   ██║╚════██║
██║  ██║╚██████╔╝ ╚████╔╝ ███████╗    ██║  ██║╚██████╔╝███████║
╚═╝  ╚═╝ ╚═════╝   ╚═══╝  ╚══════╝    ╚═╝  ╚═╝ ╚═════╝ ╚══════╝

 ██████╗ ██████╗ ███╗   ██╗███████╗ ██████╗ ██╗     ███████╗
██╔════╝██╔═══██╗████╗  ██║██╔════╝██╔═══██╗██║     ██╔════╝
██║     ██║   ██║██╔██╗ ██║███████╗██║   ██║██║     █████╗
██║     ██║   ██║██║╚██╗██║╚════██║██║   ██║██║     ██╔══╝
╚██████╗╚██████╔╝██║ ╚████║███████║╚██████╔╝███████╗███████╗
 ╚═════╝ ╚═════╝ ╚═╝  ╚═══╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝


jack@auvetech_ros:~$

List running processes. 

jack@auvetech_ros:~$ ps auxww
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   2612   524 ?        Ss   Oct04   0:00 /bin/sh -c /start-services.sh
root         6  0.0  0.1   4640  2628 ?        S    Oct04   0:00 /bin/bash /start-services.sh
root        36  0.1  2.1 281188 43300 ?        Sl   Oct04   1:05 /usr/bin/python3 /opt/ros/noetic/bin/roslaunch auvetech_ros main_starter.launch
root        37  0.0  1.0  28144 22000 ?        S    Oct04   0:05 /usr/bin/python3 /usr/bin/supervisord -c /root/supervisor.conf
root        53  0.0  0.2  12176  4196 ?        Ss   Oct04   0:00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
root        55  0.6  2.0 508504 41360 ?        Ssl  Oct04   3:29 /usr/bin/python3 /opt/ros/noetic/bin/rosmaster --core -p 11311 -w 3 __log:=/root/.ros/log/0c1423ec-4438-11ed-9ef1-0242ac150002/master.log
root        75  0.1  0.9 275140 19268 ?        Ssl  Oct04   0:49 /opt/ros/noetic/lib/rosout/rosout __name:=rosout __log:=/root/.ros/log/0c1423ec-4438-11ed-9ef1-0242ac150002/rosout-1.log
root        78  0.3  2.0 426384 40900 ?        Ssl  Oct04   2:11 python /opt/ros/noetic/share/auvetech_ros/scripts/autonomous_shuttle_console.py __name:=autonomous_shuttle_console __log:=/root/.ros/log/0c1423ec-4438-11ed-9ef1-0242ac150002/autonomous_shuttle_console-2.log
root        79  0.4  2.0 426188 40972 ?        Ssl  Oct04   2:37 python /opt/ros/noetic/share/auvetech_ros/scripts/autonomous_shuttle_statushandler.py __name:=autonomous_shuttle_statushandler __log:=/root/.ros/log/0c1423ec-4438-11ed-9ef1-0242ac150002/autonomous_shuttle_statushandler-3.log
root      8825  0.0  0.4  13144  8392 ?        Ss   08:22   0:00 sshd: jack [priv]
jack      8843  0.0  0.2  13384  5160 ?        S    08:22   0:00 sshd: jack@pts/0
jack      8844  0.0  0.2   6656  4396 pts/0    Ss   08:22   0:00 -bash
jack      9298  0.0  0.1   7648  3328 pts/0    R+   08:24   0:00 ps auxww

One of the running processes contains flag. It is probably not the intended way to solve, but it is what it is. 

jack@auvetech_ros:~$ cat /opt/ros/noetic/share/auvetech_ros/scripts/autonomous_shuttle_statushandler.py
#!/usr/bin/env python
import rospy
from std_msgs.msg import String
from random import *


def talker():
    pub = rospy.Publisher('status', String, queue_size=10)
    rospy.init_node('talker', anonymous=True)
    rate = rospy.Rate(2) # 10hz
    while not rospy.is_shutdown():
        a = 5
        a = randint(1,20)
        if a > 10:
            hello_str = "500 - FAILED", rospy.get_time()
            rospy.loginfo(hello_str)
            pub.publish(str(hello_str))
            hello_str = "205 - RETRY", rospy.get_time()
        if a == 5:
            hello_str = "413 - ctf-tech{92331be2-07b8}", rospy.get_time()
        if a < 10 and a != 5:
            hello_str = "200 - OK", rospy.get_time()
        rospy.loginfo(hello_str)
        pub.publish(str(hello_str))
        rate.sleep()

if __name__ == '__main__':
    try:
        talker()
    except rospy.ROSInterruptException:
        pass

Flag is ctf-tech{92331be2-07b8}.

Buy Me A Coffee