知识点
docker各种命令使用&git使用、回滚&vim的.swp文件
题目描述
triple history
docker pull impakho/trihistory:latest
Write up
预备知识
在开始正式解题前,最好能知道docker各种命令使用&git使用
信息收集&正式解题
首先拉取镜像
docker pull impakho/trihistory:latest
docker run impakho/trihistory:latest
docker exec
进入容器内部
docker exec -it <容器ID> /bin/bash
find
命令模糊搜索flag文件名以此收集有无flag信息
find ./ -name flag*
然而flag显示被移除,那么我们现在有两个思路,一个是查看docker的操作历史,另一个是数据恢复,考虑数据恢复太麻烦,先试docker历史信息寻找蛛丝马迹
再启个shell,或退出docker shell,但仍在后台运行docker Ctrl + d
or exit
然后使用docker history
命令
docker history --no-trunc=true impakho/trihistory:latest
输出非常迷惑,而且还是我后来用了-H模式
IMAGE CREATED CREATED BY SIZE COMMENT
sha256:f8f0608cd1a4334c15aa7f37598f5aa1ba7aca9556897a1d119a2e8432424238 3 months ago /bin/sh -c #(nop) ENTRYPOINT ["/start.sh"] 0B
<missing> 3 months ago /bin/sh -c #(nop) WORKDIR / 0B
<missing> 3 months ago /bin/sh -c chmod +x /start.sh && rm -rf /root/* 32B
<missing> 3 months ago /bin/sh -c /bin/sh /root/history/init.sh 28.3kB
<missing> 3 months ago /bin/sh -c #(nop) COPY dir:10842f89fba0ff8cdfd2969f21e2f35efa6b9006ef2c8384db167b9892829977 in /root/history/ 58.4kB
<missing> 3 months ago /bin/sh -c #(nop) COPY file:4e890e335b2de11108429b029b2d46b7798246b31303d9d9396a95e8398272cc in / 32B
<missing> 3 months ago /bin/sh -c apt-get install nginx -y 60.3MB
<missing> 3 months ago /bin/sh -c echo 'deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse' > /etc/apt/sources.list && echo 'deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse' >> /etc/apt/sources.list && echo 'deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse' >> /etc/apt/sources.list && echo 'deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse' >> /etc/apt/sources.list && apt-get update -y && apt-get dist-upgrade -y 33.6MB
<missing> 3 months ago /bin/sh -c #(nop) EXPOSE 80 0B
<missing> 4 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 4 months ago /bin/sh -c mkdir -p /