# Level 00

## how to login

username: level00

password: level00

## Goal

run `getflag` as user `flag00`

## Actually doing something

When logging in, nothing to see

```sh
level00@SnowCrash:~$ ls -la .
total 12
dr-xr-x---+ 1 level00 level00  100 Mar  5  2016 .
d--x--x--x  1 root    users    340 Aug 30  2015 ..
-r-xr-x---+ 1 level00 level00  220 Apr  3  2012 .bash_logout
-r-xr-x---+ 1 level00 level00 3518 Aug 30  2015 .bashrc
-r-xr-x---+ 1 level00 level00  675 Apr  3  2012 .profile
```

Trying to find anything to do:

```sh
level00@SnowCrash:~$ find / -user flag00 -print 2>/dev/null
/usr/sbin/john
/rofs/usr/sbin/john
```

The `/rofs` seems to be a read only version of the root (`/`), meaning that we dont really care about it

running `file` on `/usr/sbin/john` says that it is an ASCII file
lets open it

```bash
level00@SnowCrash:~$ cat /usr/sbin/john
cdiiddwpgswtgt
```

lets also confirm that the `/usr/sbin/john` and `/rofs/usr/sbin/john` is the same

```bash
level00@SnowCrash:~$ sha256sum /rofs/usr/sbin/john /usr/sbin/john 
c36e744787ff060c5711ac4b5d06439a9f265169fb82946a8d1052f4a935103e  /rofs/usr/sbin/john
c36e744787ff060c5711ac4b5d06439a9f265169fb82946a8d1052f4a935103e  /usr/sbin/john
```

They are indeed the same. I have fiddled with the iso itself, and it uses a readonly filesytem to store everything,
so this seems to be how they still have some kind of "normal" system

We now have something that looks like it wants us poke at it (the text).
The file itself isn't executable (even if it is in `/usr/sbin/`)

Cyberchef is a nice tool to fiddle with random ciffers, so lets have fun :D
link: [https://cyberchef.org/](https://cyberchef.org/)

After having fun with the website, we can see that with a ROT11 (also named Caesar substitution), we find some english text:
```
nottoohardhere
```

is it the password of the user `flag00` ?

```bash
level00@SnowCrash:~$ su flag00
Password: 
Don't forget to launch getflag !
flag00@SnowCrash:~$ getflag
Check flag.Here is your token : x24ti5gi3x0ol2eh4esiuxias
```

yes it is !