Network Security Skills Contest—[Linux Operating System Penetration Elevation] Analysis (Super Detailed)

Linux operating system penetration and privilege escalation

Task environment description:

• Server scenario: Server2202 (closed link)
• Username: hacker Password: 123456

1. Use an infiltration machine to collect server information, and submit the SSH service port number in the server as a flag;

I use qemu virtualization to start the target machine here, as shown in the figure below

 

Arp-scan -l host discovery

 

Perform port information service detection

FLAG：2220

2. Use an infiltration machine to collect server information, and submit the host name in the server as a flag;

FLAG：hacker

3. Use an infiltration machine to collect server information, and submit the system kernel version in the server as a flag;

FLAG：2.6.24-26-server

4. Use an infiltration machine to elevate the server administrator's rights, and submit the text content in the root directory of the server as a flag;

 

# is Nmap 's interactive mode command line tool, which allows users to use Nmap tools interactively in the command line interface . This mode provides various options and commands for users to understand the Nmap tool more deeply , and can control the behavior of the scan by typing commands and options nmap --interactive

# ！shcommand will re-run the last sh command. After pressing enter on the command line !sh, it will search through the history of commands you have entered before and find the most recent command, such as sh as a command line argument. Then, the command will be repeated automatically

 

FLAG: XxudlOkC

5. Use an infiltration machine to elevate the server administrator's rights, and submit the root password in the server as a flag;

Here we can import the username of /etc/passwd into pass.txt, then use the scp command to transfer this file from the target machine, and then use the Kali Linux john tool to crack the root password

 

scp -P2220 [email protected]:/home/hacker/pass.txt /root/pass.txt

 

 

 

FLAG：87654321

6. Use an infiltration machine to elevate the server administrator's rights, and submit the image content in the root directory of the server as a flag.

 

Still use scp to transfer it out (! Note that ssh remote is disabled in the target machine, so we ssh into the hacker user and then switch to the root user to modify the configuration file)

 

 

change no to yes

 

transfer successful

turn around

FLAG：PS8ltpLc