Finder's Fee

Warmups

The name and description of the challenge is a pretty big giveaway as to what you have to do to get the flag. Once we log onto the server using ssh, we can use the ls command to list the files/directories present in /home. user does not have permissions to read the contents of finder's home directory.

Checking /bin, we see that it links to /usr/bin. Listing out the files, the find binary stands out as it has it's SGID bit set. This allows us to run the find command as though we were in the finder group.

We can use the find command to list out the files present in finder's home directory, something that we did not have the permission to do previously.

We can specify the -exec flag to execute a command based on the result of the search. The command we will be using in this case is cat to print out the flag.