UltraTech
文章目录
Task1 Deploy the machine
Deploy the machine
Task2 It’s enumeration time!
1.Which software is using the port 8081?
Node.js
2.Which other non-standard port is used?
31331
3.Which software using this port?
Apache
4.Which GNU/Linux distribution seems to be used?
Ubuntu
5.The software using the port 8080 is a REST api, how many of its routes are used by the web application?
2
Task3 Let the fun begin
1.There is a database lying around, what is its filename?
utech.db.sqlite
http://ip:8081/ping页面访问无法正常访问,缺少参数运行,在URL添加ip参数即可正常运行;
尝试在ip参数中写入命令,访问http://ip:8081/ping?ip=ls -la
,发现数据库文件utech.db.sqlite
2.What is the first user’s password hash?
f357a0c52799563c7c7b76c1e7543a32
运行http://ip:8081/ping?ip=cat utech.db.sqlite
,发现root用户及admin用户hash
3.What is the password associated with this hash?
n100906
Task4 The root of all evil
What are the first 9 characters of the root user’s private SSH key?
MIIEogIBA
r00t用户属于docker组成员,可以利用docker提权