ctf-xinetd
ctf-xinetd copied to clipboard
[Question] Spawning a shell starts in root directory?
I spawned a shell to test out kafel capabilities, but I always land in the /
directory. Is there any way to land in /home/ctf
instead, so a player can just run cat flag.txt
instead of cat /home/ctf/flag.txt
? Thanks!
Source:
#include "stdio.h"
#include "stdlib.h"
int main() {
system("/bin/sh");
return 0;
}
Expected output:
root@docker-s-1vcpu-1gb-nyc3-01:~# nc 127.0.0.1 1123
pwd
/
cat flag.txt
flag{test}
Actual output:
root@docker-s-1vcpu-1gb-nyc3-01:~/chal# docker run -p 1123:20000 ctf1
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 8
Set TCPDUMP_ENABLE to enable packet capture.
ok: down: tcpdump: 0s, normally up
root@docker-s-1vcpu-1gb-nyc3-01:~# nc 127.0.0.1 1123
pwd
/
cat /home/ctf/flag.txt
flag{test}
Dockerfile:
same as default
Xinetd:
service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
type = UNLISTED
port = 20000
bind = 0.0.0.0
server = /home/ctf/ctf.bin
# server_args = -R
banner_fail = /etc/banner_fail
# safety options
# the maximum instances of this service per source IP address
per_source = 10
# the maximum number of CPU seconds that the service may use
rlimit_cpu = 20
# the Address Space resource limit for the service
rlimit_as = 512M
#access_times = 2:00-9:00 12:00-24:00
kafel_rule = /etc/pwn.kafel
}