Challenge Overview
This is a shell-based challenge where participants need to find a hidden flag file in a user’s home directory. The challenge provides SSH access to a Linux system with a hidden file containing the flag.
Step 1: Connect to the System
The challenge provides SSH access through a web terminal interface. This initiates an SSH connection automatically
Step 2: Explore the Home Directory
Once connected, the system displays a welcome banner:
WELCOME TO METABOX
You know there's a hidden flag somewhere in your home directory... Can you find it?
This hints that there’s a hidden file in the home directory. If we try to simply list the directory, we won’t see any files though:
metabox:~$ ls
metabox:~$
Step 3: List Hidden Files
In Linux, files starting with a dot (.) are hidden by default. To see all files including hidden ones, use:
ls -la
This will reveal the .hidden_flag file!
metabox:~$ ls -al
total 8
drwxr-sr-x 1 meta meta 26 Sep 16 00:11 .
drwxr-xr-x 1 root root 18 Sep 15 22:02 ..
-rw-rw-r-- 1 root root 96 Sep 15 22:00 .bashrc
-rw-r--r-- 1 root root 49 Sep 16 00:10 .hidden_flag
Step 4: Read the Flag
Once the hidden file is found, read its contents:
cat .hidden_flag
The flag is: MetaCTF{n0t_l3tt1ng_4_d0t_g3t_th3_b3tt3r_0f_m3}