http://2600.moe/tags/ctf-boxes/ Recent content in CTF Boxes on Keyboard Cowboy Hugo en-us Wed, 08 Jan 2025 23:59:21 -0500 http://2600.moe/posts/2025-01-08-pg-practice-flow/ Wed, 08 Jan 2025 23:59:21 -0500 http://2600.moe/posts/2025-01-08-pg-practice-flow/ Summary Flow contains a MLFlow install with several different vulnerabilities one of which allows for local file inclusion. After gaining a user shell by viewing ssh keys you’ll find the user has sudo privileges for a single set of options for a powerful command. This command can be abused to obtain root in one of two ways. I happened to stumble upon an interesting Python related one that differs from the intended machine solution.