首页 > 其他分享 >Wargames-Bandit-Level6

Wargames-Bandit-Level6

时间:2022-11-28 22:57:52浏览次数:64  
标签:Wargames run Permission Bandit user Level6 denied var find

Level 6

目录

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

Solution

还是要满足一堆条件,继续用find工具:

bandit6@bandit:~$ find --help
Usage: find [-H] [-L] [-P] [-Olevel] [-D debugopts] [path...] [expression]

default path is the current directory; default expression is -print
expression may consist of: operators, options, tests, and actions:
operators (decreasing precedence; -and is implicit where no others are given):
      ( EXPR )   ! EXPR   -not EXPR   EXPR1 -a EXPR2   EXPR1 -and EXPR2
      EXPR1 -o EXPR2   EXPR1 -or EXPR2   EXPR1 , EXPR2
positional options (always true): -daystart -follow -regextype

normal options (always true, specified before other expressions):
      -depth --help -maxdepth LEVELS -mindepth LEVELS -mount -noleaf
      --version -xdev -ignore_readdir_race -noignore_readdir_race
tests (N can be +N or -N or N): -amin N -anewer FILE -atime N -cmin N
      -cnewer FILE -ctime N -empty -false -fstype TYPE -gid N -group NAME
      -ilname PATTERN -iname PATTERN -inum N -iwholename PATTERN -iregex PATTERN
      -links N -lname PATTERN -mmin N -mtime N -name PATTERN -newer FILE
      -nouser -nogroup -path PATTERN -perm [-/]MODE -regex PATTERN
      -readable -writable -executable
      -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N
      -used N -user NAME -xtype [bcdpfls]      -context CONTEXT

actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print 
      -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit
      -exec COMMAND ; -exec COMMAND {} + -ok COMMAND ;
      -execdir COMMAND ; -execdir COMMAND {} + -okdir COMMAND ;

Valid arguments for -D:
exec, opt, rates, search, stat, time, tree, all, help
Use '-D help' for a description of the options, or see find(1)

Please see also the documentation at https://www.gnu.org/software/findutils/.
You can report (and track progress on fixing) bugs in the "find"
program via the GNU findutils bug-reporting page at
https://savannah.gnu.org/bugs/?group=findutils or, if
you have no web access, by sending email to <[email protected]>.

可以看到选项中有user group size可以用,直接搜:

注意这里find后面加 / 表示从根目录开始找,因为题目没说具体在哪,直接在当前目录搜是搜不到的

bandit6@bandit:~$ find / -size 33c -group bandit6 -user bandit7
find: ‘/var/tmp/shujaa29’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-systemd-logind.service-Wzjvn1’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-systemd-resolved.service-v5X1ik’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-ModemManager.service-ki24KZ’: Permission denied
find: ‘/var/tmp/repo/README’: Permission denied
find: ‘/var/tmp/repo/.git’: Permission denied
find: ‘/var/tmp/systemd-private-9d5a994a101b4b4c9abddf9b9e8e2542-chrony.service-YGqlJV’: Permission denied
find: ‘/var/snap/lxd/common/lxd’: Permission denied
find: ‘/var/lib/amazon’: Permission denied
find: ‘/var/lib/chrony’: Permission denied
find: ‘/var/lib/private’: Permission denied
find: ‘/var/lib/udisks2’: Permission denied
find: ‘/var/lib/snapd/void’: Permission denied
find: ‘/var/lib/snapd/cookie’: Permission denied
find: ‘/var/lib/ubuntu-advantage/private’: Permission denied
find: ‘/var/lib/update-notifier/package-data-downloads/partial’: Permission denied
find: ‘/var/lib/apt/lists/partial’: Permission denied
/var/lib/dpkg/info/bandit7.password
find: ‘/var/lib/polkit-1’: Permission denied
find: ‘/var/cache/pollinate’: Permission denied
find: ‘/var/cache/private’: Permission denied
find: ‘/var/cache/ldconfig’: Permission denied
find: ‘/var/cache/apt/archives/partial’: Permission denied
find: ‘/var/cache/apparmor/c47eabf7.0’: Permission denied
find: ‘/var/cache/apparmor/e10c1cf9.0’: Permission denied
find: ‘/var/log/amazon’: Permission denied
find: ‘/var/log/chrony’: Permission denied
find: ‘/var/log/private’: Permission denied
find: ‘/var/log/unattended-upgrades’: Permission denied
find: ‘/var/spool/cron/crontabs’: Permission denied
find: ‘/var/spool/rsyslog’: Permission denied
find: ‘/var/spool/bandit24’: Permission denied
find: ‘/tmp’: Permission denied
find: ‘/boot/efi’: Permission denied
find: ‘/proc/tty/driver’: Permission denied
find: ‘/proc/1081484/task/1081484/fd/6’: No such file or directory
find: ‘/proc/1081484/task/1081484/fdinfo/6’: No such file or directory
find: ‘/proc/1081484/fd/5’: No such file or directory
find: ‘/proc/1081484/fdinfo/5’: No such file or directory
find: ‘/run/chrony’: Permission denied
find: ‘/run/udisks2’: Permission denied
find: ‘/run/user/11018’: Permission denied
find: ‘/run/user/11026’: Permission denied
find: ‘/run/user/11011’: Permission denied
find: ‘/run/user/11031’: Permission denied
find: ‘/run/user/11019’: Permission denied
find: ‘/run/user/11015’: Permission denied
find: ‘/run/user/11010’: Permission denied
find: ‘/run/user/11028’: Permission denied
find: ‘/run/user/11003’: Permission denied
find: ‘/run/user/11020’: Permission denied
find: ‘/run/user/11007’: Permission denied
find: ‘/run/user/11014’: Permission denied
find: ‘/run/user/11032’: Permission denied
find: ‘/run/user/8003’: Permission denied
find: ‘/run/user/11009’: Permission denied
find: ‘/run/user/11002’: Permission denied
find: ‘/run/user/11008’: Permission denied
find: ‘/run/user/11004’: Permission denied
find: ‘/run/user/11023’: Permission denied
find: ‘/run/user/11013’: Permission denied
find: ‘/run/user/11012’: Permission denied
find: ‘/run/user/11025’: Permission denied
find: ‘/run/user/11006/systemd/inaccessible/dir’: Permission denied
find: ‘/run/user/11005’: Permission denied
find: ‘/run/user/11017’: Permission denied
find: ‘/run/user/11000’: Permission denied
find: ‘/run/user/11016’: Permission denied
find: ‘/run/user/11001’: Permission denied
find: ‘/run/sudo’: Permission denied
find: ‘/run/screen/S-bandit24’: Permission denied
find: ‘/run/screen/S-bandit23’: Permission denied
find: ‘/run/screen/S-bandit20’: Permission denied
find: ‘/run/cryptsetup’: Permission denied
find: ‘/run/lvm’: Permission denied
find: ‘/run/credentials/systemd-sysusers.service’: Permission denied
find: ‘/run/systemd/propagate’: Permission denied
find: ‘/run/systemd/unit-root’: Permission denied
find: ‘/run/systemd/inaccessible/dir’: Permission denied
find: ‘/run/lock/lvm’: Permission denied
find: ‘/snap/core20/1587/etc/ssl/private’: Permission denied
find: ‘/snap/core20/1587/root’: Permission denied
find: ‘/snap/core20/1587/var/cache/ldconfig’: Permission denied
find: ‘/snap/core20/1587/var/cache/private’: Permission denied
find: ‘/snap/core20/1587/var/lib/private’: Permission denied
find: ‘/snap/core20/1587/var/lib/snapd/void’: Permission denied
find: ‘/snap/core18/2538/etc/ssl/private’: Permission denied
find: ‘/snap/core18/2538/root’: Permission denied
find: ‘/snap/core18/2538/var/cache/ldconfig’: Permission denied
find: ‘/snap/core18/2538/var/lib/private’: Permission denied
find: ‘/dev/shm/eic-hostkey-vBCXkIBp’: Permission denied
find: ‘/sys/kernel/tracing’: Permission denied
find: ‘/sys/kernel/debug’: Permission denied
find: ‘/sys/fs/pstore’: Permission denied
find: ‘/sys/fs/bpf’: Permission denied
find: ‘/home/bandit30-git’: Permission denied
find: ‘/home/bandit31-git’: Permission denied
find: ‘/home/bandit5/inhere’: Permission denied
find: ‘/home/ubuntu’: Permission denied
find: ‘/home/bandit29-git’: Permission denied
find: ‘/home/bandit28-git’: Permission denied
find: ‘/home/bandit27-git’: Permission denied
find: ‘/etc/sudoers.d’: Permission denied
find: ‘/etc/multipath’: Permission denied
find: ‘/etc/ssl/private’: Permission denied
find: ‘/etc/polkit-1/localauthority’: Permission denied
find: ‘/root’: Permission denied
find: ‘/lost+found’: Permission denied

这里报了一堆权限不够,直接过滤掉:

bandit6@bandit:~$ find / -size 33c -group bandit6 -user bandit7 2> /dev/null 
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S

搞定~~

标签:Wargames,run,Permission,Bandit,user,Level6,denied,var,find
From: https://www.cnblogs.com/dyhaohaoxuexi/p/16933923.html

相关文章

  • Wargames-Bandit-Level10
    Level10目录Level10LevelGoalSolutionLevelGoalThepasswordforthenextlevelisstoredinthefiledata.txt,whichcontainsbase64encodeddataSolution......
  • Wargames-Bandit-Level0
    Level0目录Level0LevelGoalSolution毕业好久了...重拾一下博客今天开始学习Wargames,尽量不用翻译,顺便练习一下英语~~Bandit第一关非常入门:LevelGoalThegoalof......
  • Wargames-Bandit-Level2
    Level2目录Level2LevelGoalSolutionLevelGoalThepasswordforthenextlevelisstoredinafilecalledspacesinthisfilenamelocatedinthehomedirecto......
  • Wargames-Bandit-Level1
    Level1目录Level1LevelGoalSolutionLevelGoalThepasswordforthenextlevelisstoredinafilecalled-locatedinthehomedirectorySolution说是home下......
  • Wargames-Bandit-Level3
    Level3目录Level3LevelGoalSolutionLevelGoalThepasswordforthenextlevelisstoredinahiddenfileintheinheredirectory.Solution说是在inhere文件......
  • Wargames-Bandit-Level4
    Level4目录Level4LevelGoalSolutionLevelGoalThepasswordforthenextlevelisstoredintheonlyhuman-readablefileintheinheredirectory.Tip:ifyou......
  • 创新数学思维 Level6
    前言微信小程序——创新数学思维,关卡6。题目两个圆环,半径分别是1和2,小圆贴着大圆“内部”,绕大圆滚动一周,问小圆自转几周。解答和关卡5类似,可以从这个角度考虑:小圆贴......
  • 推荐系统与强化学习之bandit
    目录:MAB的定义及意义MAB算法ε-Greedy算法UCB算法汤普森抽样一、MAB(Multi-ArmedBandit)的定义及意义1、在推荐系统中,为了解决准确率和多样性的平衡问题就是经典......
  • 学习笔记-Bandit-WalkThrough
    Bandit-WalkThrough免责声明本文档仅供学习和研究使用,请勿使用文中的技术源码用于非法用途,任何人造成的任何负面影响,与本人无关.https://overthewire.org/wargames......
  • OGL-Level6-Unit5-Selling Your Things
    TodayisSaturday,August27,2022.MynameisLuke,andIwillbeyourteachertoday.IamoriginallyfromBostonintheUnitedStatesbutcurrentlyliveinThail......