Step 1: To connect to the “AI Command Executor”, you use: nc <IP> <port>
My instinct here was to try and run a basic command to list all files, ‘ls’. The response I got was a modified version of what I’d typed in. From here, I knew that whatever I typed in was likely going to be modified, so it would be a case of sending the right commands in order to get the flag.
Step 2: Locating flag.txt
I will save you the pain, but for a long while, I thought this box might require priv-esc, so I went down a rabbit hole before running “ls /root”
My command was upgraded as expected to “ls -la /root” and this showed that the flag was inside the /root directory
Step 3: Reading the flag
A few attempts later, I was able to read the flag with “cat /root/ flag.txt” which upgraded the command to what I wanted: “cat /root/flag.txt”
🍺 Quick message to readers: if my writeups help you, please consider a small donation to my buymeacoffee link here. This is not required but is very much appreciated! 🍺
