Level00
About
This level requires you to find a Set User ID program that will run as the “flag00” account.
You could also find this by carefully looking in top level directories in /for suspicious looking directories.
Alternatively,look at the find man page.
To access this level,log in as level00 with the password of level00.
登录账号密码都为level00
首先查看下passwd 的绝对路径
查看passwd命令权限
passwd的拥有者是root,且拥有者权限里面本应是x的那一列显示的是s,这说明这个命令具有SUID权限。
(注意:root用户对所有文件都是有rw权限的,对所有目录都是有rwx权限的)通过cat /etc/passwd | grep flag00
查找到flag00的UID和GID。
(注:前一个999为UID,后一个999为GID)
本Level的关键是通过find方法找到程序的完整路径
进入/bin/…/flag00
getflag