Words are not the price for your flag

 Well, I was fine doing this room (https://tryhackme.com/room/linuxagency) until I faced the challenge for mission25 flag.

 We have a binary file named bribe and the clue says:

mission24@linuxagency: ~$ ./bribe

There is a guy who is smuggling flags

Bribe this guy to get the flag

Put some money in his pocket to get the flag

Words are not the price for your flag

Give Me money Man!!!

It doesn't say too much information at the first glance, so I tried many options to find the flag but nothing worked. The hint says "send money to other country" in the THM room for that mission.

TBH I tried some writeups over there only for that mission but none of them had the right answer, at least this day the answer weren't in the way other found it, so I decided to try harder (these writeups for mission25 password said that it is in .viminfo file).

Then I used the strings command ant tried to understand what is inside, and I saw things like:

AWAVI

AUATL

[]A\A]A^A_

pocket  

money

Here ya go!!!

Don't tell police about the deal man ;)

init    (personal note, look at this)

There is a guy who is smuggling flags

Bribe this guy to get the flag

Put some money in his pocket to get the flag

export init=abc (another personal note, look at this too)

Money

MONEY

Words are not the price for your flag

Give Me money Man!!!

;*3$"

GCC: (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0

The "personal notes" are not part of the strings command's output, so I suggest to put attention on that because that is the way how to solve it.

So I tried to change the value of init with export command and when I did that the message changed to something shorter:

Words are not the price for your flag.

Give Me money Man!!!

Look how I beautifully failed... lol

Nothing worked but something told me that I was near of the solution, so after trying many values I read carefully the strings command output and noticed 2 strings: money and pocket.

As it said in the clue originally: Put some money in his pocket to get the flag.

When I did: export (look at image below) that gave me the flag when I ran again the ./bribe binary

Takeways: Try to understand what you have in front before to just copy and paste the answers, in real life scnearios there is no chance to look for flags. In this case, the behavior of bribe binary depended of the value of the existence and value from pocket variable. Suggestion: reading more about GNU/Linux basics like env, set, export commands. Try to get comfortable with the use of the most used Operating System in the world (I bet some people don't realize where a variation of GNU/Linux is used).

Bytes & C ya!

Read more ►

How to change docker root directory to a new location

 

Recently had notifications about lower space in / so, that space was used by docker images I've downloaded recently.

Because I have partitioned the disk in /, /home and other partitions, obviously /home has much more space than /.

Searching some information about this I used two solutions I've read. One for save new images in a new location and the other one to move the current downloaded images.

To change the place where new images will be downloaded:

We need to know where currently are saved, we have to run:

docker info

This can be changed editing the /lib/systemd/system/docker.service file.

sudo nano /lib/systemd/system/docker.service

Edit the line starting with ExecStart and add this -g /path/to/your/new/location

For example, if it's something like this:

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Change it to (for example in my personal case):

ExecStart=/usr/bin/dockerd -g /home/gamliel/containers -H fd:// --containerd=/run/containerd/containerd.sock

Save the file and restart the daemon:

sudo service docker restart

When I restarted the service showed me a warning:

Warning: The unit file, source configuration file or drop-ins of docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.

But it provides the solution, so I ran:

sudo systemctl daemon-reload

And everything came fine... I decide restart again the service to confirm zero errors/warnings and was fine.

sudo service docker restart

Now, if I run docker info command this is the output regarding to the location where docker images will be downloaded:

Well, everything is fine changing the Docker Root Dir to a new location, now it's time to move the current images to the new location to give more free space to /.

Step 1. Stop docker daemon: sudo /etc/init.d/docker stop

Step 2. Make sure that there are no docker related processes: ps aux | grep docker

Step 3. Move the contents of /var/lib/docker to your new location: sudo mv /var/lib/docker /home/gamliel/containers

Step 4. Start docker daemon: sudo /etc/init.d/docker start

Where I read about moving the content to the new location says something to create a symlink but I skip that step because previously I changed where the new images will be downloaded.

That's all, thanks for reading my personal notes about what worked for me.

Sources where I found both solutions:

1. https://hsadanuwan.medium.com/how-to-change-docker-default-data-directory-f884dac76c1f

2. https://www.crybit.com/change-default-data-image-directory-docker/

Bai.

UPDATE 20210307: After moving docker root directory to another one and changing the location in order to appear the right one when I run docker info everything was fine, 2 days after when I wanted to download other docker images (CodeIgniter) and listed the images with docker images just the CodeIgniter image appeared in the list, so I searched how to fix this and found another articles but this one https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/ fixed the issue. Kudos to Augusto. (Si vienes por aqui, Augusto... Gracias compadre! :D)

The solution was:

1. Stop docker service with: sudo service docker stop

2. Create a file named daemon.json inside of /etc/docker with: sudo nano /etc/docker/daemon.json

3. Paste this inside that new added file:

{ 
   "data-root": "/path/to/your/docker" 
}

where /path/to/your/docker is the directory where you will move the content of /var/lib/docker

4. In the cited article says this way how to copy the current data to the desired new location:

sudo rsync -aP /var/lib/docker/ /path/to/your/docker

Despite that in the last cited article (the step that made all work fine again) says that you have to rename the old docker directory, in the below steps I did before I moved the content so it wasn't necessary for me.

5. Restart the docker daemon with: sudo service docker restart

6. Test. I tested trying to list the images with docker images and with docker ps -a and everything is fine.

Hope the update saves time to anyone that could stumble with this blogpost. I've not posted how to install docker on Debian 10 because there are plenty of good articles over there that is easy to follow, but decided to post about this because I faced the issue that no enough space on disk ("/").

Read more ►