447 1 分钟

# 0x01 信息收集 这个进去一看明显就是一个文件上传 ==、 ​ 通过 docker 文件可以知道使用的是 ghostscript-9.23 这个有一个 RCE 漏洞 ​ # Payload 上传图片的时候把这个替换进去 %!PS-Adobe-3.0 EPSF-3.0%%BoundingBox: -0 -0 100 100userdict /setpagedevice undefsavelegal{ null restore } stopped { pop } if{ legal }...
5.8k 5 分钟

# 0x01 信息收集 下载他提供的文件,压缩包密码是 hackthebox 发现是一个 docker 文件 ​ ┌──(root💀kali)-[~/桌面/web_weather_app]└─# ls -al总用量 24drwxr-xr-x 4 root root 4096 1月 28 2021 .drwxr-xr-x 3 root root 4096 4月 29 21:31 ..-rwxr-xr-x 1 root root 107 1月 27 2021 build-docker.shdrwxr-xr-x 6 root root 4096 1月 28 2021...
1.8k 2 分钟

# 信息收集 题目提示:Who is lucky enough to be included in the phonebook? ​ 主页又给出了用户名,那么我们可以尝试万能密码进去 ​ 用通配符 * 进来了 ==、 ​ 然后开始不明所以,搜索随便搜了一下,出现了一堆人名,但除了 Reese 以外都不能用通配符登录,全程没有 flag 的迹象 ​ 查过资料发现那个通配符的具体字符串就是 flag,验证方法就是使用 HTB{*} 做密码,发现也能登陆进去,也就是说我们需要爆破密码 ==、 ​ # 构造攻击 爆破脚本 # -*- coding: utf-8...
1.8k 2 分钟

# Task 1 Q:What does the acronym SQL stand for? ​ A:Structured Query Language ​ # Task 2 Q:What is one of the most common type of SQL vulnerabilities? ​ A:SQL injection ​ # Task 3 Q:What does PII stand for? ​ A:personally identifiable information ​ # Task 4 Q:What does the OWASP Top 10 list name the...
7k 6 分钟

# 资料 smbclient impacket github-winPEAS# Task 1 # Task 1​ Q:Which TCP port is hosting a database server? ​ ┌──(root💀kali)-[~/桌面]└─# nmap -sV -Pn 10.129.233.35Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-06 11:29 CSTNmap scan report for 10.129.233.35Host is up (0.44s latency).Not shown: 996...
3.1k 3 分钟

# Task 1 Q:What nmap scanning switch employs the use of default scripts during a scan? ​ A: -sC ​ # Task 2 Q:What service version is found to be running on port 21? ​ ┌──(root💀kali)-[~]└─# nmap -sV -Pn -p21 10.129.1.15 Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 15:47 CSTNmap scan report...
1.8k 2 分钟

# Task 1 ​ Q:What does the 3-letter acronym FTP stand for? A:File Transfer Protocol ​ # Task 2 Q:What communication model does FTP use, architecturally speaking? A:client-server model ​ # Task 3 Q:What is the name of one popular GUI FTP program? ​ A:FileZilla ​ # Task 4 Q:Which port is the FTP...
2.3k 2 分钟

# Task 1 Q:What does the acronym VM stand for? A:virtual machine ​ # Task 2 Q:What tool do we use to interact with the operating system in order to start our VPN connection? ​ A:terminal ​ # Task 3 ​ Q:What service do we use to form our VPN connection? ​ A:openvpn ​ # Task 4 Q:What is the abreviated...
2.4k 2 分钟

# Task 1 Q:What does the 3-letter acronym SMB stand for? ​ A:Server Message Block ​ # Task 2 Q:What port does SMB use to operate at? ​ A:445 ​ # Task 3 Q:What network communication model does SMB use, architecturally speaking? ​ A:Client-Server Model ​ # Task 4 Q:What is the service name for port...
4.1k 4 分钟

# Task 1 ​ Q:With what kind of tool can intercept web traffic? A:proxy ​ # Task 2 Q:What is the path to the directory on the webserver that returns a login page? ​ F12 检查元素发现有一行 <script src="/cdn-cgi/login/script.js"></script> 这不就找到后台了? ​ 根据提示也可以使用...