By ItsMhaa

Welcome to DevCorp — where mistakes are meant to be reset.

In this easy-to-medium difficulty CTF, you step into the shoes of a security researcher investigating a careless developer’s internal staging machine.

What starts with anonymous FTP access slowly unravels into a multi-step chain of steganography, web exploitation, SSH hijacking, and a SUID binary that resets more than just the website 😏

🔎 Box Information

Name: LaZzyCorp: Lazy Reset
Difficulty: Easy-Medium
Creator: ItsMhaa
OS: Ubuntu 20.04
IP: [Dynamic/Static – e.g., 192.168.1.150]

📖 Story

DevCorp is a startup working on a blog platform. Their junior dev, Arvind, has been testing things on a local server — but in classic lazy fashion, he’s left behind:

• Sensitive developer notes
• A hidden image in FTP
• His personal SSH key
• And worst of all… a reset tool that runs as root 🧨

Your goal?

Pivot from anonymous FTP to full root by chaining together misconfigs, forgotten files, and one poorly secured script.

🧠 Summary

A misconfigured FTP server and a lazy reset tool set the stage for your exploitation path.