Broken

最新推荐文章于 2024-08-17 15:17:17 发布
最新推荐文章于 2024-08-17 15:17:17 发布
阅读量677 收藏 6
点赞数 3
分类专栏: Vulnhub 文章标签: 安全 web安全 网络 网络安全 学习
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_44770698/article/details/136211024
版权

信息收集

 nmap -sn 192.168.1.0/24 -oN live.nmap                             
Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-05 10:03 CST
Nmap scan report for 192.168.1.1
Host is up (0.0035s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.1.2
Host is up (0.018s latency).
MAC Address: 00:50:56:FE:B1:6F (VMware)
Nmap scan report for 192.168.1.102
Host is up (0.00046s latency).
MAC Address: 00:0C:29:C7:29:9A (VMware)
Nmap scan report for 192.168.1.254
Host is up (0.00039s latency).
MAC Address: 00:50:56:F4:28:E8 (VMware)
Nmap scan report for 192.168.1.60
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.01 seconds

IP地址为192.168.1.102是新增加的地址;

# nmap -sT --min-rate 10000 -p- 192.168.1.102 -oN port.nmap        
Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-05 10:03 CST
Nmap scan report for 192.168.1.102
Host is up (0.0026s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 00:0C:29:C7:29:9A (VMware)

开放端口22 和 80端口,分别是ssh和http!

# nmap -sT -sC -sV -O -p22,80 192.168.1.102 -oN details.nmap
Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-05 10:03 CST
Nmap scan report for 192.168.1.102
Host is up (0.00048s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 39:5e:bf:8a:49:a3:13:fa:0d:34:b8:db:26:57:79:a7 (RSA)
|   256 20:d7:72:be:30:6a:27:14:e1:e6:c2:16:7a:40:c8:52 (ECDSA)
|_  256 84:a0:9a:59:61:2a:b7:1e:dd:6e:da:3b:91:f9:a0:c6 (ED25519)
80/tcp open  http    Apache httpd 2.4.18
|_http-title: Index of /
| http-ls: Volume /
| SIZE  TIME              FILENAME
| 55K   2019-08-09 01:20  README.md
| 1.1K  2019-08-09 01:21  gallery.html
| 259K  2019-08-09 01:11  img_5terre.jpg
| 114K  2019-08-09 01:11  img_forest.jpg
| 663K  2019-08-09 01:11  img_lights.jpg
| 8.4K  2019-08-09 01:11  img_mountains.jpg
|_
|_http-server-header: Apache/2.4.18 (Ubuntu)
MAC Address: 00:0C:29:C7:29:9A (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Host: 127.0.1.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel

22端口为OpenSSH 7.2p2 操作系统是Ubuntu! 80端口是Apache 2.4.18 存在几个文件!

# nmap -sT --script=vuln -p22,80 192.168.1.102 -oN vuln.nmap
Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-05 10:04 CST
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 192.168.1.102
Host is up (0.00032s latency).

PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
| http-enum: 
|_  /: Root directory w/ listing on 'apache/2.4.18 (ubuntu)'
| http-sql-injection: 
|   Possible sqli for queries:
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DD%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DD%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DD%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://192.168.1.102:80/?C=M%3BO%3DA%27%20OR%20sqlspider
|_    http://192.168.1.102:80/?C=N%3BO%3DA%27%20OR%20sqlspider
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_      http://ha.ckers.org/slowloris/
MAC Address: 00:0C:29:C7:29:9A (VMware)

默认漏洞脚本探测,也没什么好的结果,疑似存在sql注入漏洞!

寻找立足点

访问80端口上的服务,发现了几张图片等信息:

其中html页面,就是展示了下面的四张图片,先看一下README文件,再看思政图片是否存在隐写信息!

README文件中全部都是十六进制的字符,尝试将其转化为字符看一下:

发现是一张图片,利用python脚本将其转化为图片:

import binascii
payload = "FFD8FFE000104A46494600010100000100010000FFFE001F436F6D70726573736564206279206A7065672D7265636F6D7072657373FFDB0084000404040404040404040406060506060807070707080C09090909090C130C0E0C0C0E0C131114100F1014111E171515171E221D1B1D222A25252A34323444445C010404040404040404040406060506060807070707080C09090909090C130C0E0C0C0E0C131114100F1014111E171515171E221D1B1D222A25252A34323444445CFFC2001108010E019D03012200021101031101FFC4001C0001000301010101010000000000000000000405060307020108FFDA0008010100000000FEFE00000000000000000000000000000000000000078C565AEAFC9FD32A3D74000000000029A826F3AF91CF6BD80000000000000000000000000000000000000000000000000794C1B2991733A88D0FAEEFCE6F7CE2DBEFB71D16C7C9AC7D1BCE34B41B2CD6776796D34CA1BAAD9BDBCCAFCE15FEC9E33FD1A0AFA4934541CB5F5367037192B3852A9ECA2DD6831BC2FE8BBC6D5D041F8F99D0FE27582255EB32B3E337341A1000000000000000000000000000000000000000064B03732EB26D0DF206C701A87DE4ED2BB59F594D279FEFF95D5455CE817D597D49533E1C4DC52C0B1F49005560F4F22054DE66E6CFD166ABAFEAFB4B87A0AFCD4FA8D14BFBB3C5C0D8D14E60BD2A3FDC4BACD7EDBDFF005E800000000000000000000000000000000000000003CBAAA6718FECFF00A00000000000C5FECC56EBA580000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003CE69A5709F43AEC5DD7C6D311DE8E65ABBF3FCFBF4C0000000301F69F5337A55DE48AC85C7F709EB1496913B4ED4000000000000000000000000000000000000000000000000000000000007FFC40014010100000000000000000000000000000000FFDA0008010210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003FFFC40014010100000000000000000000000000000000FFDA0008010310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003FFFC4002B1000020301010001040202000701000000040502030601071300141516111217702022232530405080FFDA0008010100011200FF004F17E9FD50D3D6D5B2BD9CEE546C60ABB7FB9868562AE3692DB891734A9BB5B3BB97346A67414CFF00ED356CD8036472FBC3DD31480B7CF41645DA5B5D2B9EAF77A55AFF00D26426A5DD16A46C08EB4023D1AF14F3A752185B9E09F84849638DF41D111347468D5426136D1BE4E1B3FF00E6D1915B44B67285E4F7F65BFE733EB9E76005D0FF0013A074BBB52B05613F52F3E4726926F7DC54ED93921C4EACEE0D6E6CC0CDA9B323E402D92B5D167E5E2B233556FEDAFC503496426D56D9E708FAC644D47B0A97CD888D2D50A7CD14A560BCD8396C48E03160D030908472E4CB0166C2671B40F085E57FB21F87AAE7A1675207E90F835EE01726CE9CB7A4BCAEA5DFB4AE84D79CE34A150CF01EB4B76AD0553556B2169AA64D858B8F4DE25D7879A2C05DCA08661AE84977A7B02A6A893B3150AAD9B7709C321BFACBFB3137B5FC25690D69892F4A96FF00DF58D2D9BA35CB7F20CE7A8BD5834E9BD5CBCA56110EF3C083CE8541258D0F42783EC592C6F4523A70F525ADAA657AE9EB12DCE5C6463446FCB19A6574E774C7B272FD0374F4AF39650095FC7F964C5CB944AD006B26716F21C2BD4742CD3D183884E1A2AA9AE83821B6DBBDD24D421AE7AB754D576EC84F6180EF351D46F2D52DC964315A258851B8DFBFDBF9B80CF9CD7DEDE27669F902105EF742E315E9FB750D24BE9448D9540005E95A018EDC3D59B8DA96C5765591F44546CDF5EE31B9B664C2B6E3B43D63EAC562C7BE88E534C9FE560F9C585D74A5F44F4535B875F12AC27921B5F3E84DBDF512EA872E340111A28573C2A1ADDB5191E8571417CA09003327E771EACECB5AA7A8D3FDB31F9F3923EAA7D21ADF6C12D7991BBA6EBD25374423D6E429117875160CB41CDE8EF62B709E8826CCD76AE3D552316D425F64D67A43D27802F5C862C8D228D29B2B4CF54D3FEC403658B604E7CC41972435CC3D3EE4FA7599D6CB1553224F0574A2E7D6DBF117A110A932BA4F44B1B135D10F4A7503195076506AA80346AB3D75C57A317D665A25282A25B47437A61A1DF49D483A8BD734CB0C303F0656AFB737D20F8B7E23579AACA327A9BB3F57D20F664EFF004A022AA2B794B13CF003FAD06F49CCB6D84380D85D6B44413E45EEC99DBE47AFDA2C984330110B62C3BCBDEE8D62DDE7E3754E8BE058464E05B906C9AC74B40A169348F4219410C1DD1275BD5B8355EA656AF8472E1C166522C76F5FEB3437E53F2920E6B9E3EB4B2F27A466EDA9F165B8DAD77C356DC0AC387A46B4043BF8B4631E19D2F417E6CCD5B164B58E0A85E4FC55B0D1F04322BF75B8B922B2ED75FC917673145CE7FF0011C84433409B4765B744B5821C2D311BCF520F4A2A3B6956D4A9A35674C73793865F95534685C1810C24430C463E60ACB34E3A0FDC8B125D0EF383653CD4A14081AECB63D2C36BA23815799F1F1E78B50AB50C9B4CDEE3AB413A0FF3D5579061E2B5660B3B5DC9D5469FE3E94F1D9093D0BF852C96D001FC879A29FCFCB42435644CE677E42C13BE468AC586AA39D382C69A2BD009D1510823E73A58D977DD3210112DAC8F3206C532482E95E0605BF928954E87161B90F3220ADD8A9B101902C0201F355429A03525AB439A0EEFF3769A679E203ABD50E448BFB57C50E6DF419E56B1A0AE6BD1691EB8B8D4C6A6813A1F3A44FBAE27718707D6C80842C78579F947277089DFA0E8D8AC64ACA5B70E761D31FB24BB99CC9A9AAD1ED1F9C82EE41ADED7855DDF944A46FB753E72A123529BD2CD95BF241CD750E2F99AE574ADA93E85DAD80CA57A823BAFC8AAD884BC26D6110A826341F0ED5E6B9EA3ADFB020EFECC3482E8ACFA33CF555A518C8668C816573B93AA8C8F9565FED6025D236EABAA5A2DBBE91A4213F0AE95A26ADEDBBFA73E459814894A1CB189367652239163CA7CAB3D4413D70358FF000B81CE034FD31F305659A71D07EE45892E8779C198795A877F7F176F9DB1A085EC97D3573CE16F55365D7BA6B710C1C06EAC61FE315B4D775D4681CD4D64EEC750685794A7BE71238FDE576F035944ED5BE76A169E335FCAB328BA5E92F656A5C5D288FF009C17ADB8BE3794452A58E3C62D8B87033B6AB98B1A57553BFF00414F0C7E931961A75A3BDA9844F2CCF2A05B8CC47D1EA9F3891290F4B4DA566175CED3E87E5BEA35786403F43794271E00ADEBD777674226B245413F3A4758030B41675240AF8C7A21A079F9692E2FAA3D0746204434319C8173E559A7B999658CBCE88FF9835BD4498B6265AB6DFB9BA9FB32F84F39563A150F48FC7CCA5CAC45E37F7FF51665BB1374DE92B8B23E4155340A80E10F6B85416A2DBD2AF994AB3D7BDE0B7FA5BD00F6A234C80F4D4AD8A714DB76BBAB31BA1E9065B29251322D9A9032BF5C1CF034D31864641E9E0BEEB3A83D5C671351F302240625C304B79A1FADB1BE0534820BA7C26ACB741021E8ED277C118F9A1A7A2FCF129E429FBE7277906A776A554006A1AF793A8653E86F020E9EB54F025780D972064D729AD3F4AA9CBA251D418629A78A27D57EC2FE6A22E27851E354B210D6C6237A3C2E3A0A2A4FDFC9CF4D04D11DDEFEE4FB1132B15617FD5809385827A3FDD0D9823F0DFD7F30D9DAEFE2BF617F3511713C28F1AA59086B63123D39AC18154AFC9544054E8C6CFC0837DB680F8185780A036D2937893565BD067AD74304992F3F11240ADDCCFEFA1F78C6497F0DFCB5E6A7A8BED85F6912517BD68A81F997249B788EC369A544B3A43CCBA95C47DF54372F75EBEF4954B9D25028A95938ED03722467A3123313E704109E7C17E1A029821F463DAB0454959AA845CDDBB952211E86D58A0CB4D8AA23E02B8D52D1FDF59A7D529DAA756800A18516E6DB1F70647AE5935653F4F9BE96A56E740D0B5B2EF4B3A960E25DCE55D44B348BD05E7A0F664EFF004A022AA2B794B13CF003FA7DE87D447E8D4CD3FCAC028A892DA42F4ABEDB9599767615246C7B25EB0DCF6EBF3C56386FC5FC1F9DCA7743FD8FF4A60233BEA0F2F0BD353A7033533557B5AF72EEA50052A67D34A6612EAD6ED1E91E6DE73AA6B5C2862EEFCDC48FAE6DB633F25DF6BE612DA1BAAEE9B81715FA3B2CD2270D361592688A5E416B435E6C19A2C68DA53F3FCA8C9FDA4480C5F466ED7F14221CEAD62CCB00C633FAB7D83EE5495A2439DE9A99767817ECED9FA51B06CC698E72A9270B4E0676C37FF10B965A295AC2A33BE5DD0DD5DA6425E349640F412748FAEA399F233BFC34C326636BDB8824C8CDB12A49BF9A1C5A4D217696DBE79FC894D4F3A8BF3F8315D305A6B1F1B7F0D08DA0C3BC9919A874884D76EADA5D31A99DD79BE7888D3EE61DB4AA653B10CF956A7156097F1E6784704B2B74526D75994C2CE1E5D7E1B41F3D1F9215B525F27E709EE63237F24CA215AC846D7AB499B05127BD2096DF31AD24F23B2E79921E2A8A7FBB3FE0E647F53FECAF212E7A51FB32165C250124A1307F5A1C30DA62A533DF3782FB642CC8574F99280D800741C3595209ECCF0C1E79921E2A8A7FBB3FE0E647F53FED5F9EA5ABB3EC4A37FE77E2BEEFD7F8D57537F4E52F5C2C3E44B4BA45ADCD02ADBB0775125DB796BD7816FD1582425EA89D891227A610A26AECA6AF1F415D148E73C7468D5A2B90729979AD37D811F7EC7457360CCE934322FC673F6ABA5445F3C80F588E81E7D1BE78A096D7B19326301086833721581824EBFF005EF84833BF866ECDB0DF57E53AD320B737A36A51575325D79061B9D00C77468AEB6FE154A9315C613F2341D5B428A9B36A17F52028D850B3CE2E2F41AD62ECC6142EBF582B719725C5D288FF009C17ADB8BE3794452A5DE4EDD0FA564DF5EAEDA02CE8A64F8603E6E98262295F7EC6F0422CD3015999F3A5D983D531A1CB6324B52C920553DC43E3B61FD005AD28536EA95BEB2E4F8A19319DB8278DBF1BF3177D4A41C02D132D9CC94D9B1BC14852EBC29D7815B1CCEB327264C26ADFC9B4AC811E6D9C2665C4F9945865B59B5240E657B5E717E746D1B9A3A17298D0C29F2B56272BBD7681D04CFF0093FEE5917E4F9CBC6FC7065B15CAED52226340BF089ACE33E4C82E3C3B46068ACE345373297F353A600F3ECCB1BF8101B02B4DB66CCB27844EA9721FEA41E7AFD8BBD9FE275D621091B2E2A1296DBED865DD6B7A7AE11A2E459B48C98F0BF654C0EAEFCEF60B7E01DE088EDFA51ED8A1BBD1D55552DED2616C830E3FE616B04F926E665D6811D02EFC88BDAE5D9C213EC3B1ECA3CEF63FFCE6FE7E216D59B959A37692E691AE2CAB2FCD33A501A35B1B0DA057284345743F4F1C57653705EB61292CD81E5AE5B861951177D9BE6F1592B0CB6B54679D056A051981B48EC35C0A68269D4B5556AB84523984D824B94C69A3FF00D9CE3D378975E1E68B01772821986BA1267EC5D5E862D799BEDC6D003F35883A9F533F1B1166FD1A91BF8169249A87DFE880D0EA283D5D4623A3680A1A8AA7D4F9DD6FEAE52E5B09DB632AA8857EC2FE6A22E27851E354B210D6C634EF8E34F697839AF9F36B0C9086B1D17AA3FA720E0EFC2C531C6638FD122BDA7AADB9BA9FD1A444200C00B5442982EF5D9BAE2A112285CC1895A0251D9F4A761634C615AA8A8EC481E0C63602BFD7AB2C56F550B5698D4660A801EAD56EF46994083D8978ADE1322BB3826D8EC1169C859A92E45003DB5886F6EF616E02EBD934C4C68AFB8E33562C6FF4B7A01ED4469901E9A95B14E29B6D7EA1CFDA2CCB5E0AFA6DBA4CEA1FEBCE356D74875BF7A4D9316591CB33AABEFA7B0AD435D55B929CB33456C3A2967FA5B85161CADA65288BCA08430AC553E8ED0966BD733CB502517688BCED977FEFB1F305659A71D07EE45892E8779C18EF2ECD1766FAF9DE7465AD138219CD479AA8D296F8821CB6120E80A023E89E054F683E17303ED999A15FA0BAC1BCA54844AC2697EEB94AD38D3021B9E64878AA29FEECFF0083991FD4FF00B57E70AE9657194B76D0088222512ABBE468AC586AA39D382C69A2BD009D758350DCD70D2F28CA8C3EB55C8DB46328E1080D3DE356262962430AAF27CE145F9E2731634691557F1B7CD4DBE5AB2EB5A186E91DDE71F15F3992EBCDEDBC30A4232B1A9B4FDE409FACCE02223266D9BA45544881E54C68CEF99366F7100E9467602A8E388CCFF0D30C998DAF6E20932336C4A926FE51E54A03256DD4E81D72B5C69C58632AC02C4147C2A9BB4A2CE2B46AFE6EF96239D4CC0BDAB8B531703E3053CF3759295E5B374D98B0B4D5054CDE61535448C5FDC99FDE9D1DDA18F3FDDBFFC40035100002020202010402020003050900000002030104111200051314212231324115230633703443505262202425304251618082FFDA0008010100133F00FF0047AAF4D6ADA9005D5577E09B590619F29917CE796FB34D1B4E9B8ADCA28D6D27D4362064A4321C84AFFD82BFF87A2FC066073ECDF9E78173D491D7492A0C1E3E30853861E1381931E074EB6F4BE13A359E7EBAECD59F08ECD3932278C88F3D661D16AD9294260885CC1244DE22452705C1B030D97527DA3501D605088AFC55E404F7CCC8FF00C3A487FACBD1AE9613F1F68D1513EF9F7E5472466E57A11229F311A8880E20A726A902E1187849D67AF8EB4C2635CF8BC7EF8CE76E5E628C6952220224ABC60125B78C326C923C0F2B4D21AEFC555D321833AE4F0835AA20B56700D5E859769C0429C5909646B2A02D44E06487331CB2D495645CEC49B2D6868A13CE1C62304523113C663673223DCA7103FEA4A6B7525E02A675E160926D332D30E9CEF253C1B03E7FFC29F6582275814222109448C1EF9991E51ED55D8341206004ABA0B01F4EF8F28FC3251C9EDD3FC899DB089070521122F041169244625C1BF2D715AEB3D44E4D5E21805B62A9E0B69E2ED8DD918AE0A920701A4044C7CE131F944F2DDB0AB5C155FAE55D619354822008DF1112265253CB9DDD755CCB5B2B35D34009CD825636F79089E557C19157AFD147653E70347FFA8D0E27338FA1F755FF0029D8AF4FC72697FF0050C25D8787B0EE3C45B9B4B345EF24064A56AC1C124A0879DC7661D7A24A87607542B8382BF8E5C711F003D7DBECB9D5510EC6EC23D0597E8A54A2D67E6A1CC884F2AF4EA67767D7875AEB410FA3E95B2B711847D260B4E775402A3C1F69F15AD4BEB82EBE62B1E75C8049172E53A81668F61D6D32B4B30F02960692819C898F0EB00DA1B95AB4BC6EDA0786424BD892AFAD3DCB9DE7F8717D7D55BD289306019F5B560CC4BE836E0A8206C12289BD360331915BE205A3AFFF0023CD03E361F66C819ED8DBDC563C1BF29490F4FDB0545B0DD35C8C4C4720231183F622E5EED554EE4A2F84B457491225365C011921C8F059AE1B42BFA914C0E273E50139CE7DB5E79C19E37761DAFA16D0D8C31F6A60CB79FC897A219AF506F13FD4F837F1F8CC7FDD676E44ACCA3B1EA3B14529017140FB6D24225EC3CEA3B40ED2A12ADEF0187082F0C195141863977B00AC20AE9FB2F47A6535E73B6F1A7C79EB012C6D8FF125B3AE06E29AC73121238C09F17DDA9B7BCD702261AAA9E3822AC265A6E7207FBD3963B3FF00BF24A89488B2D532489001C46E1A9189715D99336B7D87A7C92C650195AA2CFDCE33C7DD9420C6BD10BCCB0D60A99211107AC0C09667857B366BD9EEEF3AA194E8B20311D38DBD285FF4F5B1D893CCA1472238C8EBC4F6AB7F610DA30C293B34C4728532125205B4F18E155557F22E7A8DCC35A4D8B5878F2C39DF942DABB3ABE4ACA325B92DD6058191CE0879DFF4EAEB6DABB0AE1909ACA2AB57CE91CE4F20423CEF7A65F587515A4CD73462A5222969810E3071C8A75A28453B641249430421FE5003F8991CC1171B5800EDD3A3DA36BA6953830D0E00203CEDFB18E52FF0E2D9D5422A762D425656E3AD6440681833977210A188AFD5F64DA4754871A9313002799F7212E4009792B7A1B2ED325138F9AC6731CF4C8F7B1DA76E55AC9FB07FBC546BFF006C487C441789527271319928F0C6BC6104C31BDAC3E1C0DC07B847AA2D623975AA24D54063510F1AC08E6222220DB2458E20EB4283B0AFA61D1BA48CB30BC48191070DD5CA9A5DD858B02160741DF634BBE88F03B70DD5CA3AD53D4B9B2AAC40BF7C9AE3E4727CAA69F2D7B0CA8148C570D5984A8D61EE2625C1B2A33B515B795B4DAD51B20C48F3812809FD8F1D35FD39DA2EBBF8B36140A84BFB138D860B5CC71EE44950EBDFAEEAAE42A8CCCE83936EE5F1E148F8C57449A412318CC14F9E76E25B58C2C876560ECB4180E4B06304C9812081381E509AE4D590566548128B6A7810E8D9FB1E5934F92CD98A47D788B454B0015828FD8404780DF1822E5781D6D56918825BA6404A673F90E797595A1B52ADE0D1D15C50952E0CFDB264245CA86B08B555A12024C8303CB53B4F8CF8F5F54BC2ECAA5526055E9A8B7189F8F146229B0060403E719199295430B49898C6D3CC07887C4667BC6077D8B7C4E4B1888C471C6994A03BAB4172C0AF5589E3CA191DC8B19E557204AED6EB86413E62251489E26726AD0B95C84488D591902DA0BE0C029038FD8CF2581F0B15AC0DA1507C3D932C19291FBC9172B9A65B5EC1D40A460B16ACC2566A0F71312E31D1B3E3B5B016EC3CC84627CE4D0DA087111CEC0D3F015C620402BAD211F7EF38D8B8C3091D3B9B8379D9C047B898E03FF61E4B15925FF872C159AD25F0F72323C33883AD0A0EC2BE98746E9232CC2F1206441CB2E44FA44F643A3BC4C15430A71EC3E523C70CABC5A0BD48502B68402857F7584A46431C83AF369769D586A335824CAA56603EE12131CF3A5A66EEA6D15CAD6889CA3997030CBFE8289C48F2C1AA7C96ECD1F4070500B08D34F7811C60B92D57A2536D911B26355C348763991033211E526AC2551D79B4D7A89818941798A0C4E0867844A1B4C3EC4645AD8D005625EFED80C72D4D25154ADD80403A52356BA4372818F918971443A59AAFC654F8919D844860C718C171AF4CF5EA249F9141ECA87129651915932438B35C5A45ABD64ECB840B4C788FCA412051390E02FAA34436ED82B2D0826D336E926738F9F14C01B497DEB4DB4E802D31A179C978C7E1C54061B859AF466E253AFCF3F1C4E63EF9235762F42F97C1CE138D9B9D4F118C7E3033FE91C000CAD6DEB90F21CC63393399C973AFEE937CF4416875AC9283543E331EC3B8F15DA4B70BEE180949A86503B9011FF60CE31FA99E00AE098FAD66AAD7832C6B386C8FDC0F28F7E87F5BE1BE64B1365D305C2FC52052D1D64A23EB3CA9D80DBA6BB752BFAA09536003CAA72E0B053AE2631C65B00081EFAE3AB299B7820C4A4604CE0A4B85D890D31F4D506F13E6C7837D7C66388F1E769E597C1C259D631C992221098228F16DAF26F893E6F5C952BC8095D6481A458F1022F87EF03C8B52E6D89EBEC36B1990F8C616324BF8FB973F97C97A0D7735CFF47B3FEB41FC4BF651C97FDD73ADEBA2E674FC7D3FCB5FF9BE19E5EECA28B2CFA861010D103590583540E4C7719E7A8CF8BF898B33BFE1F2F27A6FAFD679FCBE4BD06BB9AE7FA3D9FF005A0FE25FB28E1F63E261D8B7517656CF1F84B0A8F2C09FBE79D9F76146A04F556A6A10A6C315969B4A32B8D078FB3A3457DA0B654A1440164F2AF964B9EA3FDCC57F5BEAF3A7E3E0F9EBF5B7C73CEB3B74F64DC0B613356C682209B1B90C62088796BBF527ACF19AA59E52B2C50B3DA634D21533B7177426CAECF576135FFA0890E518C11FC64A307059E4DCD5E36ED9A950615FC73049063C408A4E27837BCAEF3F544FC91ABC43020C8AE589DB9A01FF005DAEC50860E0E263DC0E63962C0D45C9D57D61164BA14D3CC0B0844623139E36E781C9AD752562010B859C39A0B09228920E45EFEE9676035FC6E0478BDC04AD08964F89ED56FEC21B461852766988E50A6424A40B69E79F5FE47F9577A55E2749D3474489FE581C1722EEEF6BE883999723C710A068D73D0A0CB9E7DFC1EE88F06358DFFCFF00CF937BC6E8B56CD406CF078A63C2BF2E33BE48B83DC01DD97D0061E6E550591574B7C25A9E4B949A32043D9BD419CB95388213C98447B7D09F1560CD501D5D97A448F64C7C83C5EC38C1F21EA79D683A087031615EB56DC0DAD80FACC4970AD4CA6A4D8380227BC16722B5672C3809C711DD09D0F4B59B09124595A4FC84E22F84480FEF6E3ADFA77A6B5C513F44AA00E1AD058491449073D74F989DD802096D04F8B121056060B27FF96471A8CAEA854C2B588918905C4FBCCCE78475071D73A030B110408C12E432278DBFE6CF00C2204FA968B55A646702521F3CF00E0026BDD62D865ED1B4306531A944F1E757CB59B44F754AD60814FDFDEC1325C97246CAAD80801B1262A8D3CB01828FA8CE071C4900A83F81B0566B88C484E0648F07CEBEDD34DBAF2DA3148FC03743C2C590AC608193FB9289E2DE2D7A43B57398430D98212600BB1B7058AF44EBD5203C4F3C84B3312A12911380921CE38D2193DAFD83B2CC62223104D981E7917BFA2D34DFF0C79B8E72CE6E1899115BD14450380C009160E78B6266A38AA9C3027FB1666B9CC7BF88C73C2623D325BDA8B45F8C2A0C872F221D8A75E7917BFA2D34DFF0C79B9261FED356BAEB087E1FE5C8AA331CAA75E5A41DAD8F54E4CC392C0D20FDC3DB71E3DBE4825F5F2D903CCC6D265E69DC8A673C86C457D0FEDD11119F36BF0DF3F8F1ECAE01FC7B34D571084AF5254841018E0F3F733C6B2A1B83289AF202B947804240BEE020B3C8757232A7DCB45EE41931253222610405F9F018AF44EBF574F1BCB212CCC4A84B51380921CCC708C3E6FECFCFE5166023203EA4B5C702461AE7D17859199C8E3046BC17B704861729B8C530CA62633BC4A631C535301D952A212B5859D9533132252244A90928E2DA89A973D1D5ADE073634260E8D57E30439D792D57A2536D911B26355C348763991033211E1397A5C759808528560525309C49E4E23058D78E354D3A962FC18B8D5A8432730D381833281829C72E3124B4D29359884429612441E288822C9722FD42EB08A9C28D8D95606C8BCE55A78FDD5FFAF84D57A2532E111B31AAE1A43B1CC8819C88F1C49F388F58E16D751C82C60807481FADA478449DEAC76E466F1AE50BFADDA443BEFC792CAAB9F350298C30602248005704239FCFDF80F5CDDC27F183230206463DA60C660BF7CAE7586CDA1EC0C5AE160CA6551920891900191E546AE1176853890525DE40338C0948C9010910F04C3DAD50F06801F0F654FA61CC72A12C7E5660605FF303FED4EB95FEBDE7313C79048A616A15C8AB511C41C8EE59CFCA67FD25AD4EB5897BC2B2DE6DB53640E74CBB5105C84E238B7FA414134ACC593AD12B61B48FC59103288881E1F6AB0EC8ACDAD0618AA5AC91A04DB0247B715DAADDD8797AF161C95AA82194299092902D8B9D877535ABF8C8564B479CABE9EA9BE4F8ACB11C998998CFEBDB31FF000FEB1E905DC95042C4CE1CA6C8320220775481638B60E555698B4572A93129DF0F9C916795DAA1A8FB20021B9E572D8DA0076013812FDC73CA98A6965D922648E170C28C9CC8819908FEA38865731B550170AC3C5E960EF231F9840971C624BACB4A8530B4E220B59D769DA667699FFEE7CF6E9FE44CED84483829089178208B4922312E45BC4D4FE0CFC0D1DFC7F3937604387DF286C10B5C4B90A692541D862C6208F3003EF8192E7A814BEB45FAD5616009154F9421AEC9911C4FBF11DC26CDD12A0247B5AACB19F003446483E653FA288E7F2F92F41AEE6B9FE8F67FD683F897ECA39EB042C2CD75E2C1B46B1060921B40CCEFB67E878BB2374F4AA2BC8BC0D4020E1F384EB931E7F26335583DBB0D6927D8628213012A2F2FB140C47B67957B686F5E0C4D12EC3CCBB40A9F22A423F41982E0D95E26C75EE6218B1737C61AC9AA7065AF3ABEDC6ED17B7B59D559B50A0D34C1797E138E0342F04250E55713AC530B8327B1EB05F92075DB251C63AB59207B28BFB0D9075AAD3F605A237130CCEFC5F65E526A104A8141FF0048E8E986E4FEC478AED25B85F70C04A4D43281DC808FFB06718FD4CF2BF6E9B57C0A8011C1D9AC013091688C907C8A7F451C6C2A4C5FD885827111A8170445A0FEA0788BA0765C749B2811620C02170F28FEB9132FFAB1CAFD8CB6BB53DE5B2A6A643CD213120605B8E9C576336246ED7432CC1804A437418AF1B4C89417EBFE0083AD0A0EC2BE98746E9232CC2F1206441C06862B869207357213A4B26763CE725CA6C400346B6DE23D8D466241279C094097EE3846A822B9D7C2202302103005E98778E6F5BC29F5F0C8B0AC7872627E5FB39238FD173C8BDFD169A6FF00863CDC072C6958B2288AFE56440793DC463608380298CC8F1EE44950EBDFAEEAAE42A8CCCE83936EE5F1E24C04AB37A9731F5DC9C8CE0E09B3B6D912E5B6276636C563A92262A5800AC419381081F7E0B551E53ED6CCDA232F87DA8CA615FAC4E0B3C3656162ECF58D96D6B098040881AF38D623428FB1E774F2C5D4DD35B4C2595847D3981A40946A0C06BEC3CAF7AEF6044663E36B9CFB3A4135818093F1EF8FB29E5CEC295A688586AE74A67583DD4A157B31C10C3E0184409F52D16AB4C8CE04A43E79E6F5BC29FE42190F5FF939313F2CFB9C91C7E8B82C5793D3F4A452A8CF8F196C1C8B7936442A569EC0E4DC4AF180B33B4CC86E45019F8F2D1D78748F4EFF005359184A9610A8399CE073399E6E189B4E41D7209F87F95027FEB77FFFC40014110100000000000000000000000000000080FFDA0008010201013F005D7FFFC40014110100000000000000000000000000000080FFDA0008010301013F005D7FFFD9"
# payload为十六进制字符串,如:“ffd8ffe111e0457869...”;经过如下代码转换,可将pic存储为图片形式并可以正常打开
f=open("D:\Python\CTF\pic.jpg","ab") # filepath为你要存储的图片的全路径
pic = binascii.a2b_hex(payload.encode())
f.write(pic)
f.close()

最终转化出来的图片信息如上! 发现了一个用户为bob,然后就是说这个应用已经坏掉了,整个架构设施都broken了,让我们修复好~

之后下载了四张图片,看一下他们的信息:

全部都是JPEG格式,查看一下exiftool:

大概接了一下图,发现了一个Little CMS,后面查阅了一下资料,发现这也不是什么内容管理系统,而是色彩管理引擎的一种而已;做一下目录扫描吧:

没得到什么信息,同时对首页进行了参数的FUZZ,也没有什么结果!回到了上面的那个图上,将上面的信息拿下来做一个ssh爆破:

最终拿到了一个凭据:

最终通过这组凭据,建立了初始的立足点~

提权

查看当前用户具有的sudo权限:

发现了两个命令,一个是timedatectl,另一个是reboot!可以利用timedatectl命令进行提权!

sudo /usr/bin/timedatectl list-timezones

之后输入!/bin/bash即可提权!

提权成功了,但是没找到flag在哪里~

Y4y17
关注
  • 3
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
WARNING:Retrying(Retry(total=2)) after connection broken by ‘ProxyError(‘Cannot connect to proxy解决方案
weixin_43178406的博客
06-15 6万+
本文主要介绍了WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProxyError('Cannot connect to proxy.'解决方案,希望能对使用Python pip的同学们有所帮助。 文章目录 1. 问题描述 2. 解决方案
HTB Intuition
qq_58869808的博客
05-04 1638
HTB intuition
Broken Pipe的解决方案
2301_79779756的博客
05-04 2309
Broken Pipe” 是一个常见的网络编程错误,特别是在使用像 TCP 这样的流协议时。这个错误通常表示在数据传输过程中,客户端或服务器的一方在另一方尝试写入数据时关闭了连接。
Broken pipe
weixin_42164207的博客
02-13 7309
叙述     想必或多或少在Java的服务器都会遇到过这种异常,如下图          由于Java偏上层,日常开发接触系统底层的机会偏少,要搞清楚什么原因导致的这种异常,肯定是先要百度google一番。 网络解释云里雾里     百度+google下,巴拉巴拉还不少介绍这个错误的文章。欣喜地翻了一篇又一篇,但好像我依旧不明白具体什么原因导致的,云里雾里啊。好吧,举两个例子:     例子一...
java broken pipe_如何解决:Broken pipe
weixin_39964528的博客
02-16 1604
我做了一个登录拦截,拦截器如下:package com.product.website.interceptor;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.log4j.Logger;import org.springframe...
springboot+netty实现mqtt协议的broken
11-09
标题"springboot+netty实现mqtt协议的broken"可能意味着这个项目旨在解决Spring Boot与Netty集成时可能出现的问题,或者是一个关于如何处理MQTT连接中断的教程。在实际应用中,MQTT连接可能会因为各种原因断开,例如...
Broken Dream
05-25
Broken Dream
Linux安全与高级应用(十三)深入解析Linux中的rsync远程同步:原理、配置与应用
洛秋的博客
08-13 986
1.1 rsync的基本原理rsync(Remote Sync)是一种用于本地或远程的文件同步工具。与传统的文件拷贝工具不同,rsync的核心优势在于其增量同步的特性,即只传输源和目标之间不同的文件部分,极大地减少了数据传输量。rsync支持通过SSH或直接使用rsync协议进行数据同步,这使得它在跨网络的大数据备份中表现尤为出色。1.2 rsync的优势增量备份:只同步差异文件或文件的变化部分,大幅减少网络传输量和时间。安全性:通过SSH加密通道进行传输,保障数据的安全。灵活性。
安全:企业上云后不可忽视的安全挑战与解决方案
A526847的博客
08-14 499
企业上云是数字化转型的必然趋势,但云安全风险也如影随形。企业必须正视云安全挑战,采取切实有效的措施来保障云安全。通过数据加密、访问控制、安全审计、备份与恢复、灾备管理、选择可信的云服务供应商和加强内部安全管理等手段,企业可以构建完善的云安全体系,确保云服务的可靠性和安全性。在未来的数字化转型中,云安全将成为企业不可或缺的重要保障。
什么是网络安全态势感知
m0_66268916的博客
08-13 392
德迅云安全 态势感知采用先进大数据架构,通过采集系统的网络安全数据信息,对所有安全数据进行统一处理分析,实现对网络攻击行为、安全威胁事件、日志、流量等网络安全问题的发现和告警,打造安全可监控、威胁可感知、事件可控制的安全能力。态势感知是一种基于环境的、动态、整体地洞悉安全风险的能力,是以安全大数据为基础,从全局视角提升对安全威胁的发现识别、理解分析、响应处置能力的一种方式、最终是为了决策与行动,是安全能力的落地。通过列表、搜索、详情等方式对告警进行展示,支持告警溯源和攻击链分析,让每一次攻击都无处可藏。
Ghidra:开源软件逆向工程框架
网络研究观
08-14 457
Ghidra 是一种尖端的开源软件逆向工程 (SRE) 框架,是美国国家安全局 (NSA) 研究局的产品。
【ARM 芯片 安全与攻击 6.1 -- PAC 与 BTI 的区别】
最新发布
CodingCos的博客
08-17 67
是在 ARMv8.3-A 架构中引入的一种硬件安全特性。PAC 通过对指针生成和验证加密签名,确保指针的完整性和实性,从而防止代码重用攻击(如 ROP 和 JOP)。是在 ARMv8.5-A 架构中引入的一种硬件安全特性。BTI 旨在防止间接分支目标被滥用,从而防御控制流篡改攻击(如 ROP 和 JOP)。目的PAC旨在保护指针的完整性,防止指针被篡改。BTI旨在保护代码的控制流完整性,防止非法跳转到未授权的代码位置。工作原理PAC通过生成和验证指针的签名(PAC)来确保指针的有效性。BTI。
等保2.0时代,企业如何平衡安全与发展
waitaikong_的博客
08-14 298
此外,等保2.0还强化了安全管理的要求,企业需要建立完善的安全管理体系,包括安全策略、管理制度、人员培训、应急预案等,以确保安全保护措施的有效实施。等保2.0(网络安全等级保护2.0)是中国网络安全领域的重要标准,它在原有等保1.0的基础上进行了全面升级,以适应云计算、大数据、物联网、移动互联网等新兴技术的安全保护需求。等保2.0的实施促使企业加强网络安全管理和技术防范措施,这不仅有助于提升企业的网络安全防护水平,降低安全风险,还能提高企业的竞争力和信誉度。
企业如何组建安全稳定的跨国通信网络
TIANGEKUAJING的博客
08-13 293
当企业在海外设有分公司时,如何建立一个安全且稳定的跨国通信网络是一个关键问题。为了确保跨国通信的安全和稳定性,可以考虑以下几种方案。
BurpSuite
Fab1an的博客
08-13 1065
如果只能用一个Web渗透工具,我选BurpSuite。
大型、复杂、逼安全服和安全帽检测:SFCHD数据集和SCALE方法
I‘m Frank Lee
08-13 702
智能升级工地安全:SFCHD数据集与SCALE模块介绍
深入理解HTTPS协议:CA证书的安全机制
无敌岩雀的博客
08-13 741
本文探讨了CA(证书颁发机构)证书在HTTPS加密通信中的重要作用及其工作机制。HTTPS通过结合对称加密和非对称加密技术来确保数据传输的安全性。非对称加密用于安全地交换对称密钥,而对称加密则用于实际的数据加密。CA证书在这一过程中扮演了关键角色,它通过数字签名验证公钥的实性,从而确认通信双方的身份,防止中间人攻击。文章还讨论了预下载的CA证书如何提高验证效率,避免了每次通信时重新下载证书带来的延迟,确保了通信的顺畅与安全。对CA证书和HTTPS的深入分析 。
broken pipe
07-28
回答: Broken Pipe是指一台机器正在尝试从管道读取数据或向管道写入数据,而管道另一端的机器已经死亡或终止。\[2\]当服务器一次运行在相对大量的用户请求上时,不仅是Broken Pipe,任何异常似乎都会造成问题。\[1\]...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Y4y17

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值