Bandit Level 19 → Level 20 풀이

Level Goal

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Helpful Reading Material

• setuid on Wikipedia

---

0. bandit18 암호

IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

 

1. 파일확인

bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
  Example: ./bandit20-do id
bandit19@bandit:~$ ./bandit20-do id
uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)

bandit20의 권한으로 실행이되는 프로그램이다

 

2. bandit20의 권한으로 cat

bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j

bandit19의 cat으로는 접근불가지만 bandit20으로 권한상승을하여 접근가능했다.

 

3. bandit20 비밀번호

GbKksEFF4yrVs6il55v6gwY5aVje5f0j