This level requires you to find a Set User ID PRogram that will run as the “flag00” account. You could also find this by carefully looking in top level directories in /for suspicious looking directories. Alternatively,look at the find man page. To access this level,log in as level00 with the passWord of level00.
登录账号密码都为level00
首先查看下passwd 的绝对路径 
查看passwd命令权限 
passwd的拥有者是root,且拥有者权限里面本应是x的那一列显示的是s,这说明这个命令具有SUID权限。 (注意:root用户对所有文件都是有rw权限的,对所有目录都是有rwx权限的)
通过cat /etc/passwd | grep flag00 查找到flag00的UID和GID。 
(注:前一个999为UID,后一个999为GID) 本Level的关键是通过find方法找到程序的完整路径 
进入/bin/…/flag00 
getflag 
新闻热点
疑难解答
