jaeger@shoppy:~$sudo-l[sudo] password for jaeger:Sorry,tryagain.[sudo] password for jaeger:MatchingDefaultsentriesforjaegeronshoppy:env_reset,mail_badpass,secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/binUserjaegermayrunthefollowingcommandsonshoppy: (deploy) /home/deploy/password-managerjaeger@shoppy:~$
we can run password-manager as deploy
Decompiling the binary with ghidra
main function
boolmain(void){int iVar1; basic_ostream *pbVar2; basic_string<> local_68 [32]; basic_string local_48 [47]; allocator<char> local_19 [9]; pbVar2 = std::operator<<((basic_ostream *)std::cout,"Welcome to Josh password manager!"); std::basic_ostream<>::operator<<((basic_ostream<>*)pbVar2,std::endl<>); std::operator<<((basic_ostream *)std::cout,"Please enter your master password: "); std::__cxx11::basic_string<>::basic_string(); /* try { // try from 00101263 to 00101267 has its CatchHandler @ 001013cb */ std::operator>>((basic_istream *)std::cin,local_48); std::allocator<char>::allocator(); /* try { // try from 00101286 to 0010128a has its CatchHandler @ 001013a9 */ std::__cxx11::basic_string<>::basic_string((char*)local_68,(allocator *)&DAT_0010205c); std::allocator<char>::~allocator(local_19); /* try { // try from 001012a5 to 00101387 has its CatchHandler @ 001013ba */ std::__cxx11::basic_string<>::operator+=(local_68,"S"); std::__cxx11::basic_string<>::operator+=(local_68,"a"); std::__cxx11::basic_string<>::operator+=(local_68,"m"); std::__cxx11::basic_string<>::operator+=(local_68,"p"); std::__cxx11::basic_string<>::operator+=(local_68,"l"); std::__cxx11::basic_string<>::operator+=(local_68,"e"); iVar1 = std::__cxx11::basic_string<>::compare(local_48);if (iVar1 !=0) { pbVar2 = std::operator<<((basic_ostream *)std::cout,"Access denied! This incident will be reported !"); std::basic_ostream<>::operator<<((basic_ostream<>*)pbVar2,std::endl<>); }else { pbVar2 = std::operator<<((basic_ostream *)std::cout,"Access granted! Here is creds !"); std::basic_ostream<>::operator<<((basic_ostream<>*)pbVar2,std::endl<>);system("cat /home/deploy/creds.txt"); }<<snipped>>
it's checking the input with word Sample
iVar1 = std::__cxx11::basic_string<>::compare(local_48);if (iVar1 !=0) { pbVar2 = std::operator<<((basic_ostream *)std::cout,"Access denied! This incident will be reported !"); std::basic_ostream<>::operator<<((basic_ostream<>*)pbVar2,std::endl<>);