Level 6
目录Level Goal
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
Solution
还是要满足一堆条件,继续用find工具:
bandit6@bandit:~$ find --help
Usage: find [-H] [-L] [-P] [-Olevel] [-D debugopts] [path...] [expression]
default path is the current directory; default expression is -print
expression may consist of: operators, options, tests, and actions:
operators (decreasing precedence; -and is implicit where no others are given):
( EXPR ) ! EXPR -not EXPR EXPR1 -a EXPR2 EXPR1 -and EXPR2
EXPR1 -o EXPR2 EXPR1 -or EXPR2 EXPR1 , EXPR2
positional options (always true): -daystart -follow -regextype
normal options (always true, specified before other expressions):
-depth --help -maxdepth LEVELS -mindepth LEVELS -mount -noleaf
--version -xdev -ignore_readdir_race -noignore_readdir_race
tests (N can be +N or -N or N): -amin N -anewer FILE -atime N -cmin N
-cnewer FILE -ctime N -empty -false -fstype TYPE -gid N -group NAME
-ilname PATTERN -iname PATTERN -inum N -iwholename PATTERN -iregex PATTERN
-links N -lname PATTERN -mmin N -mtime N -name PATTERN -newer FILE
-nouser -nogroup -path PATTERN -perm [-/]MODE -regex PATTERN
-readable -writable -executable
-wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N
-used N -user NAME -xtype [bcdpfls] -context CONTEXT
actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print
-fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit
-exec COMMAND ; -exec COMMAND {} + -ok COMMAND ;
-execdir COMMAND ; -execdir COMMAND {} + -okdir COMMAND ;
Valid arguments for -D:
exec, opt, rates, search, stat, time, tree, all, help
Use '-D help' for a description of the options, or see find(1)
Please see also the documentation at https://www.gnu.org/software/findutils/.
You can report (and track progress on fixing) bugs in the "find"
program via the GNU findutils bug-reporting page at
https://savannah.gnu.org/bugs/?group=findutils or, if
you have no web access, by sending email to <[email protected]>.
可以看到选项中有user group size可以用,直接搜:
注意这里find后面加 / 表示从根目录开始找,因为题目没说具体在哪,直接在当前目录搜是搜不到的
bandit6@bandit:~$ find / -size 33c -group bandit6 -user bandit7
find: ‘/var/tmp/shujaa29’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-systemd-logind.service-Wzjvn1’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-systemd-resolved.service-v5X1ik’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-ModemManager.service-ki24KZ’: Permission denied
find: ‘/var/tmp/repo/README’: Permission denied
find: ‘/var/tmp/repo/.git’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-chrony.service-YGqlJV’: Permission denied
find: ‘/var/snap/lxd/common/lxd’: Permission denied
find: ‘/var/lib/amazon’: Permission denied
find: ‘/var/lib/chrony’: Permission denied
find: ‘/var/lib/private’: Permission denied
find: ‘/var/lib/udisks2’: Permission denied
find: ‘/var/lib/snapd/void’: Permission denied
find: ‘/var/lib/snapd/cookie’: Permission denied
find: ‘/var/lib/ubuntu-advantage/private’: Permission denied
find: ‘/var/lib/update-notifier/package-data-downloads/partial’: Permission denied
find: ‘/var/lib/apt/lists/partial’: Permission denied
/var/lib/dpkg/info/bandit7.password
find: ‘/var/lib/polkit-1’: Permission denied
find: ‘/var/cache/pollinate’: Permission denied
find: ‘/var/cache/private’: Permission denied
find: ‘/var/cache/ldconfig’: Permission denied
find: ‘/var/cache/apt/archives/partial’: Permission denied
find: ‘/var/cache/apparmor/c47eabf7.0’: Permission denied
find: ‘/var/cache/apparmor/e10c1cf9.0’: Permission denied
find: ‘/var/log/amazon’: Permission denied
find: ‘/var/log/chrony’: Permission denied
find: ‘/var/log/private’: Permission denied
find: ‘/var/log/unattended-upgrades’: Permission denied
find: ‘/var/spool/cron/crontabs’: Permission denied
find: ‘/var/spool/rsyslog’: Permission denied
find: ‘/var/spool/bandit24’: Permission denied
find: ‘/tmp’: Permission denied
find: ‘/boot/efi’: Permission denied
find: ‘/proc/tty/driver’: Permission denied
find: ‘/proc/1081484/task/1081484/fd/6’: No such file or directory
find: ‘/proc/1081484/task/1081484/fdinfo/6’: No such file or directory
find: ‘/proc/1081484/fd/5’: No such file or directory
find: ‘/proc/1081484/fdinfo/5’: No such file or directory
find: ‘/run/chrony’: Permission denied
find: ‘/run/udisks2’: Permission denied
find: ‘/run/user/11018’: Permission denied
find: ‘/run/user/11026’: Permission denied
find: ‘/run/user/11011’: Permission denied
find: ‘/run/user/11031’: Permission denied
find: ‘/run/user/11019’: Permission denied
find: ‘/run/user/11015’: Permission denied
find: ‘/run/user/11010’: Permission denied
find: ‘/run/user/11028’: Permission denied
find: ‘/run/user/11003’: Permission denied
find: ‘/run/user/11020’: Permission denied
find: ‘/run/user/11007’: Permission denied
find: ‘/run/user/11014’: Permission denied
find: ‘/run/user/11032’: Permission denied
find: ‘/run/user/8003’: Permission denied
find: ‘/run/user/11009’: Permission denied
find: ‘/run/user/11002’: Permission denied
find: ‘/run/user/11008’: Permission denied
find: ‘/run/user/11004’: Permission denied
find: ‘/run/user/11023’: Permission denied
find: ‘/run/user/11013’: Permission denied
find: ‘/run/user/11012’: Permission denied
find: ‘/run/user/11025’: Permission denied
find: ‘/run/user/11006/systemd/inaccessible/dir’: Permission denied
find: ‘/run/user/11005’: Permission denied
find: ‘/run/user/11017’: Permission denied
find: ‘/run/user/11000’: Permission denied
find: ‘/run/user/11016’: Permission denied
find: ‘/run/user/11001’: Permission denied
find: ‘/run/sudo’: Permission denied
find: ‘/run/screen/S-bandit24’: Permission denied
find: ‘/run/screen/S-bandit23’: Permission denied
find: ‘/run/screen/S-bandit20’: Permission denied
find: ‘/run/cryptsetup’: Permission denied
find: ‘/run/lvm’: Permission denied
find: ‘/run/credentials/systemd-sysusers.service’: Permission denied
find: ‘/run/systemd/propagate’: Permission denied
find: ‘/run/systemd/unit-root’: Permission denied
find: ‘/run/systemd/inaccessible/dir’: Permission denied
find: ‘/run/lock/lvm’: Permission denied
find: ‘/snap/core20/1587/etc/ssl/private’: Permission denied
find: ‘/snap/core20/1587/root’: Permission denied
find: ‘/snap/core20/1587/var/cache/ldconfig’: Permission denied
find: ‘/snap/core20/1587/var/cache/private’: Permission denied
find: ‘/snap/core20/1587/var/lib/private’: Permission denied
find: ‘/snap/core20/1587/var/lib/snapd/void’: Permission denied
find: ‘/snap/core18/2538/etc/ssl/private’: Permission denied
find: ‘/snap/core18/2538/root’: Permission denied
find: ‘/snap/core18/2538/var/cache/ldconfig’: Permission denied
find: ‘/snap/core18/2538/var/lib/private’: Permission denied
find: ‘/dev/shm/eic-hostkey-vBCXkIBp’: Permission denied
find: ‘/sys/kernel/tracing’: Permission denied
find: ‘/sys/kernel/debug’: Permission denied
find: ‘/sys/fs/pstore’: Permission denied
find: ‘/sys/fs/bpf’: Permission denied
find: ‘/home/bandit30-git’: Permission denied
find: ‘/home/bandit31-git’: Permission denied
find: ‘/home/bandit5/inhere’: Permission denied
find: ‘/home/ubuntu’: Permission denied
find: ‘/home/bandit29-git’: Permission denied
find: ‘/home/bandit28-git’: Permission denied
find: ‘/home/bandit27-git’: Permission denied
find: ‘/etc/sudoers.d’: Permission denied
find: ‘/etc/multipath’: Permission denied
find: ‘/etc/ssl/private’: Permission denied
find: ‘/etc/polkit-1/localauthority’: Permission denied
find: ‘/root’: Permission denied
find: ‘/lost+found’: Permission denied
这里报了一堆权限不够,直接过滤掉:
bandit6@bandit:~$ find / -size 33c -group bandit6 -user bandit7 2> /dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
搞定~~
标签:Wargames,run,Permission,Bandit,user,Level6,denied,var,find From: https://www.cnblogs.com/dyhaohaoxuexi/p/16933923.html