Finding a vulnerability that can compromise the admin account for CTF [closed]
I'm doing a CTF challenge and would appreciate some help. The summary for the challenge:
Employees were obligated to back up their data. The backup occurred at the end of each day to a shared area located in /var/backups.
Since you could not find any mention of a backup program, you decided to investigate the matter further as a potential security issue or a case of improper privilege management.
My goal is to enumerate the system to find vulnerable configurations. I found one regarding improper privilege management: the /var/backup was empty and the users don't have permission to write in the directory.
Another goal is to find a vulnerability that can compromise the admin account to exploit it and obtain the admin's command history.
This is the part I can't find any information about. All this while they gave me regular user access.
I found this in the cron directory:
ls /etc/cron.*
/etc/cron.daily:
apt-compat bsdmainutils dpkg man-db passwd
/etc/cron.weekly:
man-db
and about SSH I found this one has setuid /usr/lib/openssh/ssh-keysign
