Privilege Escalation (特權提升)

# Privilege Escalation (特權提升) ###### tags: `HTB ACADEMY GETTING STARTED` ``` 題目1. SSH to 46.101.23.188 with user "user1" and password "password1" SSH into the server above with the provided credentials, and use the '-p xxxxxx' to specify the port shown above. Once you login, try to find a way to move to 'user2', to get the flag in '/home/user2/flag.txt'. //需要使用user1 連線進去並且打開user2的文件 ``` ![](https://i.imgur.com/ffcmrxC.png) sudo -u user2/bin/bash 取得user2的使用權 ``` 題目2. Once you gain access to 'user2', try to find a way to escalate your privileges to root, to get the flag in '/root/flag.txt'. 取得root權限並打開root/flag.txt ``` ## SSH KEYS 路徑：/home/user/.ssh/id_rsa 或是 /root/.ssh/id_rsa 1.嘗試使用user1讀取/root/.ssh/id_rsa 但是發現權限不足 (必須使用user2才能讀取) ![](https://i.imgur.com/Nj9Qy2Y.png) 2.將權限升級成user2 ``` sudo -u user2/bin/bash ``` 3.將id_rsa內容先複製下來到本機並且要創立成一個檔案，權限修改成600(chmod 600 sshkey) ![](https://i.imgur.com/fcsVELX.jpg) 4.到本機嘗試使用root + 剛剛取得的ssh key進行登入 ``` ssh root@ip.ip.ip.ip -p 端口 -i ssh (要填入實際路徑) ``` ![](https://i.imgur.com/KAKk2Zf.png) 5.成功取得flag! ![](https://i.imgur.com/ZoMUtqX.png)