简介
该Linux系统有8个问题,全部解决后获得flag。可通过ssh可连接该系统,有sudo权限。
思路
webshell入侵应急响应流程:
1. 用户命令日志
2. 异常进程,端口,计划任务及相关文件
3. webshell文件
详细过程
通过ssh进入系统
ssh -p 31786 [email protected]
whoami
#user
查看任务进度
sudo /root/solveme
#[sudo] password for user:
#Issue 1 is partially remediated
#Issue 2 is not remediated
#Issue 3 is not remediated
#Issue 4 is not remediated
#Issue 5 is not remediated
#Issue 6 is not remediated
#Issue 7 is not remediated
#Issue 8 is not remediated
bash日志和配置
ls -al
vi .bashrc
发现配置cat命令的alias存在异常,将其注释,并删除异常目录。
rm -rf /dev/tcp/172.17.0.1