The image above is what we see when visiting the challenge URL (104.197.195.221:8087)
That's strange. Initially I thought the site is down but it's fine.
Let's try to connect with NetCat and see what the server tell us and why browser can't display it.
and response we get back is:
221.195.197.104.bc.googleusercontent.com [104.197.195.221] 8087 (?) open
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Doesn't look like valid HTTP resopnse lol. Ok now we know that SSH server is running on that port so let's try to connect.
As a hint the challenge name is hermit so the user is probably has the same name but we still need to know password.
Poking around, trying different things I noticed that hermit 2 challenge is on the same IP address where hermit 1 is.
That's actually great because we have shell access on the server from the previous challenge.
So I went to /home/hermit/.ssh folder, copied user's private key and used it in my ssh command like this:
We're in. Now... where is the flag? We know one flag from the previous challenge but I wasn't able to find another one. Grep'ing everything didn't help. My assumption was that the flag is somewhere in `/root` folder or somewhere else where hermit user doesn't have access to. Now... how can I become a root? Tried some stuff but didn't find anything useful. Then I grepped for `flag` in `/etc` folder and I found
This record means that we can execute that command without asking for password.
Let's do it:
text/geminiThis content has been proxied by September (3851b).