我正在做一个 ctf,我正处于它的最后一步——权限升级。使用该sudo -l命令,输出是这样的:
Matching Defaults entries for nick on 192:
always_set_home, !env_reset, env_keep="LANG LC_ADDRESS LC_CTYPE LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC
LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE",!insults, targetpw
User nick may run the following commands on 192:
(ALL) ALL
(root) NOPASSWD: /restart-apache
我知道 env_reset 不应该被禁用,但我不知道如何使用它来获得 root 访问权限!
$ file restart-apache
restart-apache: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=1b1a4ab278b2d1be83e8b14adfc358cfd277d655, for GNU/Linux 3.2.0, with debug_info, not stripped