tryhackme--Injection
- Task 3 Blind Command Injection
- Ping the box with 10 packets. What is this command (without IP address)?
- Redirect the box's Linux Kernel Version to a file on the web server. What is the Linux Kernel Version?
- Enter "root" into the input and review the alert. What type of alert do you get?
- Enter "www-data" into the input and review the alert. What type of alert do you get?
- Enter your name into the input and review the alert. What type of alert do you get?
- Task 4 Active Command Injection
- Task 5 Get The Flag!
- ps:
开启环境,用nmap扫描,扫出22,80端口,访问80端口发现一个输入框,可以绕过执行任意命令。
Task 3 Blind Command Injection
Ping the box with 10 packets. What is this command (without IP address)?
; ping -c 10
既然可以执行任意命令我们就反弹一个shell回来
Redirect the box’s Linux Kernel Version to a file on the web server. What is the Linux Kernel Version?
查看内核版本:uname -a
4.15.0-101-
Enter “root” into the input and review the alert. What type of alert do you get?
success
Enter “www-data” into the input and review the alert. What type of alert do you get?
success
Enter your name into the input and review the alert. What type of alert do you get?
error
输入系统中不存在的用户就会报错
Task 4 Active Command Injection
What strange text file is in the website root directory?
drpepper.txt
How many non-root/non-service/non-daemon users are there?
除了用户之外为0
0
What user is this app running as?
www-data
What is the user’s shell set as?
/usr/sbin/nologin
What version of Ubuntu is running?
18.04.4
Print out the MOTD. What favorite beverage is shown?
Dr Pepper
Task 5 Get The Flag!
Get the flag!
使用find命令寻找flag文件
find / -name *flag* > 1.txt
cat 1.txt
65fa0513383ee486f89450160f3aa4c4
ps:
个人站点博客:XingHe,欢迎来踩~