vulnhub渗透日记18:SpyderSec Challenge

前言

⏰时间:2023.7.30
🗺️靶机地址: https://download.vulnhub.com/spydersec/SpyderSecChallenge.ova
⚠️文中涉及操作均在靶机模拟环境中完成,切勿未经授权用于真实环境。
🙏本人水平有限,如有错误望指正,感谢您的查阅!
🎉欢迎关注🔍点赞👍收藏⭐️留言📝

信息收集

发现主机

┌──(root㉿Erik)-[~]
└─# nmap -sn 192.168.58.1/24         
Starting Nmap 7.94 ( https://nmap.org ) at 2023-07-30 20:48 HKT
Nmap scan report for 192.168.58.1
Host is up (0.00015s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.58.2
Host is up (0.00010s latency).
MAC Address: 00:50:56:EB:56:98 (VMware)
Nmap scan report for 192.168.58.165
Host is up (0.00011s latency).
MAC Address: 00:0C:29:5C:07:F8 (VMware)

本次目标是192.168.58.165
nmap探测端口和服务

┌──(root㉿Erik)-[~]
└─# nmap -A -T4 -v -p- 192.168.58.165
PORT   STATE  SERVICE VERSION
22/tcp closed ssh
80/tcp open   http    Apache httpd
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: 032CC5C2FD1D6AABD91FC08470E0905C
|_http-server-header: Apache
|_http-title: SpyderSec | Challenge
MAC Address: 00:0C:29:5C:07:F8 (VMware)
Device type: general purpose|webcam|storage-misc|WAP|media device|broadband router
Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|5.X (97%), Tandberg embedded (91%), Drobo embedded (90%), HP embedded (89%), Ubiquiti AirOS 5.X (88%), LG embedded (88%)
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/h:drobo:5n cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:5 cpe:/o:ubnt:airos:5.2.6
Aggressive OS guesses: Linux 2.6.32 - 3.13 (97%), Linux 2.6.39 (96%), Linux 2.6.32 - 3.10 (94%), Linux 3.2 - 3.8 (92%), Linux 2.6.22 - 2.6.36 (91%), Linux 3.10 - 4.11 (91%), Tandberg Video Conference System (91%), Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 2.6.32 - 2.6.39 (91%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 49.709 days (since Sun Jun 11 03:49:54 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros

访问80看下
在这里插入图片描述没啥功能点,看下源码

<script>
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7:0:1:2:8:6:3:5:4:0:a:1:2:d:c:b:f:3:9:e',16,16,'6c|65|72|27|75|6d|28|61|74|29|64|62|66|2e|3b|69'.split('|'),0,{}))
</script>

可以使用这个网站去执行,https://matthewfl.com/unPacker.html

在这里插入图片描述
看着向hex编码,解码看下

┌──(root㉿Erik)-[~]
└─# echo '61:6c:65:72:74:28:27:6d:75:6c:64:65:72:2e:66:62:69:27:29:3b'|xxd -r -p
alert('mulder.fbi');     

把网页中的图片down下来分析

┌──(root㉿Erik)-[/home/eric/myfile]
└─# strings Challenge.png 
IHDR
bKGD
        pHYs
iTXtComment
35:31:3a:35:33:3a:34:36:3a:35:37:3a:36:34:3a:35:38:3a:33:35:3a:37:31:3a:36:34:3a:34:35:3a:36:37:3a:36:61:3a:34:65:3a:37:61:3a:34:39:3a:33:35:3a:36:33:3a:33:30:3a:37:38:3a:34:32:3a:34:66:3a:33:32:3a:36:37:3a:33:30:3a:34:61:3a:35:31:3a:33:64:3a:33:64
                                                                                                              
┌──(root㉿Erik)-[/home/eric/myfile]
└─# echo '35:31:3a:35:33:3a:34:36:3a:35:37:3a:36:34:3a:35:38:3a:33:35:3a:37:31:3a:36:34:3a:34:35:3a:36:37:3a:36:61:3a:34:65:3a:37:61:3a:34:39:3a:33:35:3a:36:33:3a:33:30:3a:37:38:3a:34:32:3a:34:66:3a:33:32:3a:36:37:3a:33:30:3a:34:61:3a:35:31:3a:33:64:3a:33:64'|xxd -r -p
51:53:46:57:64:58:35:71:64:45:67:6a:4e:7a:49:35:63:30:78:42:4f:32:67:30:4a:51:3d:3d                                                                                                                 
┌──(root㉿Erik)-[/home/eric/myfile]
└─# echo '51:53:46:57:64:58:35:71:64:45:67:6a:4e:7a:49:35:63:30:78:42:4f:32:67:30:4a:51:3d:3d '|xxd -r -p
QSFWdX5qdEgjNzI5c0xBO2g0JQ==                                                                                                                 
┌──(root㉿Erik)-[/home/eric/myfile]
└─# echo 'QSFWdX5qdEgjNzI5c0xBO2g0JQ=='|base64 -d                                                        
A!Vu~jtH#729sLA;h4%                 

这看着像是密码啊
用burp抓包看看
在这里插入图片描述url解码/v/81JHPbvyEQ8729161jd6aKQ0N4/
结合刚发现的文件mulder.fbi
访问/v/81JHPbvyEQ8729161jd6aKQ0N4/mulder.fbi之后是一段视频
这里需要用到veracrypt
启动输入密码
在这里插入图片描述挂载后拿到flag
在这里插入图片描述

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值