2023 network security penetration interview questions, this one is enough

Others 2023-05-07 19:40:16 views: null

random question bank code

Save the following code as a 1.py file, run it, and do the corresponding questions according to the random numbers

#!/usr/bin/python
# -*- coding:utf-8 -*-

import random

I=["I1","I2"] # SQL XSS PHP JavaScript HTML
II=["II1","II2"] # Python
III=["III1","III2"] # Liunx
IV=["IV1","IV2"] # PHP MySQL
V=["V1","V2"] # CTF
VI=["VI1","VI2"] # CTF

result=[]

i = random.sample(I,1)
result.append(i)

ii = random.sample(II,1)
result.append(ii)

iii = random.sample(III,1)
result.append(iii)

iv = random.sample(IV,1)
result.append(iv)

v = random.sample(V,1)
result.append(v)

vi = random.sample(VI,1)
result.append(v)

print result

Points to note

  1. Read the question carefully, use the relevant virtual environment, and indicate the task name of the question to be done
  2. Run the script, you will get the number of six tasks, answer the questions according to the number, each task does not interfere with each other
  3. Submit relevant FLAG strings or Wireup or related screenshots as required
  4. At least 3 screenshots for each task, you only need to capture key steps, if the title requires screenshots, you cannot omit
  5. CTF questions are supplemented by Wireup submission, and Wireup only needs to write out the key steps
  6. Please create a new document for the answer, write it in the document and submit it
  7. The time is controlled within 6 hours
  8. Virtual environment => [Ubuntu - server.7z]

mission statement

[I1: SQL Injection Vulnerability Detection]

Virtual environment: Ubuntu-server

The system builds PHP + MySQL environment; account: root; password: root

Test points: PHP code review; MD5 password cracking; sorting row SQL injection vulnerability detection

  1. Restore the snapshot of the virtual machine environment to WEB, log in to the system, and use the find command to find the absolute path of the login.php file, and submit the absolute path as a FLAG1 string (form: FLAG1=login.php file absolute path).

Answer: FLAG1=/var/www/html/login.php

  1. Read the login.php file, find out which PHP file the variable will be submitted to, and use the absolute path of the file to submit the data as F1; find the variables F2, F3, and F4 in the login.php file that will be submitted. Submit the FLAG2 string (form: FLAG2=F1;F2;F3;F4).

答案:FLAG2=/var/www/html/check.php;username;password;submit

  1. Read the PHP files related to the login.php file, and find the connected MySQL database name F1, database account number F2, database password F3, and data table F4 for storing user information. Submit the FLAG3 string (form: FLAG3=F1;F2;F3;F4).

Answer: FLAG3=czjt;root;root;users

  1. Use the account number and password of the previous question to enter the database, and find the account number F1 that is allowed to log in to the WEB vulnerability system and the decrypted password F2. After MD5 decryption, you can access md5.php. Submit the FLAG4 string (form: FLAG4=F1;F2).

Answer: FLAG4=admin;@dmin

  1. Click SQL Injection to enter the SQL injection test page, and perform SQL injection tests on the page, so that the data is sorted in reverse order by the age field. Submit the FLAG5 string (form: FLAG5=?order=payload) (tip: the payload must contain the keywords of the SQL query statement in forward or reverse order, and the field name must contain backticks; supplemented by screenshots).

Answer: FLAG5=?order=age` desc%23

  1. Continue to perform SQL injection tests on its pages, so that its data is first arranged in reverse order with the name field as the primary field, and then in positive order with the age field as the secondary field. Submit the FLAG6 string (form: FLAG6=?order=payload) (tip: the payload must contain SQL query keywords in forward and reverse order, and the field name must contain backticks; prove it with a screenshot).

Answer: FLAG6=?order=name desc, age` asc%23

[I2: XSS Attack and Protection]

Virtual environment: Ubuntu-server

Account: root; Password: root

Test points: DOM type XSS attack; PHP security configuration; HttpOnly setting; PHP, JavaScript code writing

  1. Restore the snapshot of the virtual machine environment to WEB, log in to login.php with account admin and password @dmin, click DOM Based XSS to enter the DOM-based XSS detection page, and use payload1 to make the browser execute a pop-up event, and the content of the pop-up window is XSS. Submit the FLAG1 string (form: FLAG1=xss.php#payload1) (tip: supplemented by screenshots).

答案: FLAG1=xss.php#%3cscript%3ealert(%27xss%27)%3c%2fscript%3e

  1. Continue to detect DOM-type XSS, use payload2 to get the current cookie information. Submit the FLAG2 string (form: FLAG2=xss.php#payload2).

答案: FLAG2=xss.php#%3cscript%3ealert(document.cookie)%3c%2fscript%3e

  1. Visit the phpinfo.php page, obtain the absolute path F1 of php.ini, configure the global HttpOnly in php.ini, and set the configuration item of this line as F2. Submit the FLAG3 string (form: FLAG3=F1;F2).

Answer: FLAG3=/etc/php/7.0/apache2/php.ini;session.cookie_httponly = true

  1. Find the PHP page that sets the cookie in /var/www/html, set the absolute path of the page as F1, modify the HttpOnly attribute of the cookie setting, so that it will no longer be obtained by the JavaScript script, and set the PHP code on the line where the cookie attribute is modified as F2, after modification, clear the cookie information stored in the browser, and use payload2 to obtain the cookie information again, if it can be obtained, then F3=TRUE, if not, then F3=FALSE. Submit the FLAG4 string (form: FLAG4=F1;F2;F3) (tip: supplemented by screenshots).

答案: FLAG4=/var/www/html/check.php;setcookie(“uname”,$uname,time()+3600,NULL,NULL,NULL,true);;FALSE

  1. Remove all comments from the xss.php page to improve the code so that it can resist DOM-type XSS attacks. Submit the FALG5 string. (Form: FLAG5=F1,F2).

Answer: FLAG5=safeStr;name

  1. Remove all comments from the xss.php page to improve the code so that it can resist DOM-type XSS attacks. Submit the FALG6 string. (Form: FLAG6=F3,F4).

Answer: FLAG6=str;replace

  1. Use payload1 again to carry out DOM-type XSS attack, if JavaScript can be executed, then FLAG7=TRUE will pop up, if JavaScript cannot be executed, then FLAG7=FALSE. . Submit the FALG6 string. (Form: FLAG7=TRUE or FALSE) (tip: supplemented by screenshots).

Answer: FLAG7=FALSE
 

[II1: Local operating system login password blasting]

Virtual environment: Ubuntu-server; self-prepared virtual environment: kali

The system builds a Python environment; account: root; password: unknown

Test points: Python code review and improvement; liunx password complexity configuration; use Python to blast user login passwords

  1. Restore the snapshot of the virtual machine environment to the operating system password blasting. There is a code named liunx_passwd.py in the root home directory. The function of the code is to blast the root password in the current operating system. Use the command F1 (tip: do not express permission in digital form) to add execution permission to the file, set F2 (tip: express permission in digital form) as the permission of the file after executing F1, and look for root in the /etc/shadow file Encrypted password F3 (tip: the character string between the first one, the last one and the last one). Submit the FLAG1 string (form: FLAG1=F1;F2;f3).

Answer: FLAG1=chmod +x ./liunx_passwd.py;755;66Hr1Yyz9f$

  1. Improve the code of liunx_passwd.py, and use password.lst in the root directory to crack the password dictionary. Submit the FLAG2 string. (Form: FLAG2=F1;F2).

Answer: FLAG2=”/etc/shadow”;”/password.lst”

  1. Improve the code of liunx_passwd.py, and use password.lst in the root directory to crack the password dictionary. Submit the FLAG3 string. (Form: FLAG3=F3;F4).

Answer: FLAG3=passwords;passwd

  1. Improve the code of liunx_passwd.py, and use password.lst in the root directory to crack the password dictionary. Submit the FLAG4 string. (Form: FLAG3=F5;F6;F7).

答案: FLAG4=username;rootpassword;password

  1. Execute the liunx_passwd.py code, and submit the last line returned as FLAG5. (Form: FLAG5=the last line returned) (tip: supplemented by screenshots).

答案: FLAG5=I find it, root password is p@ssw0rd

  1. Modify the password complexity in the /etc/pam.d/system-auth file, with at least 3 different characters, a minimum password length of 8, and a minimum of 1 uppercase letter. Submit this line with the above setting as FLAG6. (Form: FLAG6=The content of the line set).

答案: FLAG6=password requisite pam_cracklib.so difok=3 minlen=8 ucredit=-1

  1. Reset the password according to the password complexity requirements, execute the liunx_passwd.py code again, and submit the last line returned by the result as FLAG7. (Form: FLAG7=the last line returned) (tip: supplemented by screenshots).

Answer: FLAG7=serching is failed

[II2: Python encoding and transcoding]

Virtual environment: Ubuntu-server;

The system builds a Python environment; account: root;

Test points: Python code writing basics; Python coding, Python transcoding

  1. Restore the snapshot of the virtual machine environment to Python, write Python code, and realize functions: URL encoding and transcoding, base64 encoding and transcoding, and submit python code.
  2. Write Python code to realize the function: convert the IP address into a hexadecimal number, convert the IP address from the host byte sequence to the network sequence, convert the network sequence back to the host byte sequence, and submit the python code.
  3. Write Python code to realize the function: MD5 encryption (requires four cases of 32-bit case and 16-bit case), submit python code.

Answer: This task does not provide an answer, please Baidu

【III1: Liunx Service Security Configuration】

Virtual environment: Ubuntu-server; self-prepared virtual environment: kali

The system builds SSH service, Apache service, FTP service; account: root; password: root

Test points: Simple security configuration of SSH service, Apache service, FTP service under Ubuntu

  1. Restore the snapshot of the virtual machine environment to the service security configuration, use the find command to search the SSH service main configuration file F1, the Apache service main configuration file F2, the FTP service main configuration file F3, and submit the absolute path of the service configuration file as the FLAG1 string ( Form: FLAG1=F1;F2;F3).

答案: FLAG1=/etc/ssh/sshd_config;/etc/apache2/apache2.conf;/etc/vsftpd.conf

  1. Configure the SSH service to prohibit the root user from logging in. Set the configuration of this line as F1, use kali to perform the SSH login test, and set the last line of the login result as F2. Submit the FLAG2 string. (Form: FLAG2=F1;F2) (tip: supplemented by screenshots).

答案: FLAG2=PermitRootLogin no;Permission denied, please try again.

  1. Create a user user, set the command to create a user as F1, configure only the user user to log in to SSH, set the configuration of this line as F2, use kali for SSH login test, set the first line after entering the password after login as F3. Submit the FLAG3 string. (Form: FLAG3=F1;F2;F3).

答案: FLAG3=addusser user;AllowUsers user;user@ubuntu:~$

  1. Get the Apache version number F1, configure Apache service security so that it no longer displays the version number information, set the configuration of this line as F2, set the absolute path of the configuration file as F3, and set the text returned by the 404 page as F4(tip : F4 for screenshot). Submit the FLAG4 string. (Form: FLAG4=F1;F2;F3;F4).

Answer: FLAG4=2.4.18;ServerSignature Off;/etc/apache2/conf-available/security.conf;The screenshot shall prevail

  1. Create a directory /home/www, modify the Apache default website directory to /home/www, set the configuration of this line as F1, and set the absolute path of the configuration file as F2. Submit the FLAG5 string. (Form: FLAG5=F1;F2).

Answer: FLAG5=DocumentRoot /home/www;/etc/apache2/sites-available/000-default.conf

  1. Use an anonymous user to log in to the FTP service, set the first line after entering the password after logging in at this time to be F1, configure the configuration to prohibit anonymous users from logging in, set the configuration of this line to F2, and use the anonymous user to log in to the FTP service again, set The display result of the first line after entering the password is F3. Submit the FLAG6 string. (Form: FLAG6=F1;F2;F3) (tip: supplemented by screenshots).

答案: FLAG6=230 Login successful.;anonymous_enable=NO;530 Login incorrect.
 

【III2: Liunx Basic Commands and Basic Reinforcement】

Virtual environment: Ubuntu-server;

Test point: the use of basic commands in Liunx

  1. Restore the snapshot of the virtual machine environment to the initial state, create a test user test, set the command to create a user as F1, create a test user group as testGroup, set the command to create a user group as F2, set the subgroup of the test user as testGroup, set modify The user attribute command is F3. Submit the FLAG1 string. (Form: FLAG1=F1;F2;F3).

答案: FLAG1=addusser test;groupadd testGroup;usermod -G testGroup test

  1. Configure the test user to switch to the root user without a password. Set the absolute path of the configuration file to F1, set the configuration item in this line to F2, switch to the test user, and command F3 to enable the test user to switch to the root user without a password. Submit the FLAG2 string (form: FLAG2=F1;F2;F3) (tip: supplemented by screenshots).

Answer: FLAG2=test ALL=(ALL:ALL) ALL;/etc/sudoers;sudo su or sudo -s

  1. Configure ordinary users not to use su to switch to the root user, set the absolute path of the configuration file to F1, and set the configuration item of this line to F2. Submit the FLAG3 string. (Form: FLAG3=F1;F2).

答案: FLAG3=/etc/pam.d/su;auth required pam_wheel.so

  1. There is a file in the root directory that is specially used to store BASH historical operation commands. Set the absolute path of this file as F1, and the commands F2 and F3 can make this file no longer save BASH historical operations. Submit the FLAG4 string. (Form: FLAG4=F1,F2,F3).

答案: FLAG4=/root/.bash_history;rm /root/.bash_history;ln -s /dev/null /root/.bash_history

  1. The command F1 can check the current network status, the command F2 can check the current process, and the command F3 can check the current network card information. Submit the FLAG5 string. (Form: FLAG5=F1,F2,F3).

Answer: FLAG5=netstat -tulnp;ps -au;ifconfig

  1. The command F1 can keep /etc/passwd from being deleted or changed, and the command F2 can check the current special permissions of /etc/passwd, create a user at will, and set its error message as F3 (tip: F3 is a screenshot). Submit the FLAG6 string. (Form: FLAG5=F1, F2, F3) (tip: supplemented by screenshots).

Answer: FLAG6=chattr +i /etc/passwd; lsattr /etc/passwd; The actual screenshot shall prevail

[IV1: PHP + MySQL service security configuration]

Virtual environment: Ubuntu-server; self-prepared virtual environment: kali

The system builds PHP + MySQL environment; account: root; password: root

Test points: PHP security configuration; MySQL security configuration; MySQL local file reading

  1. Restore the snapshot of the virtual machine environment to the PHP + MySQL service security configuration, visit the phpinfo.php file in the website, obtain the PHP version number F1, and obtain the absolute path of php.ini F2. Submit the FLAG1 string. (Form: FLAG1=F1;F2).

Answer: FLAG1=7.0.22;/etc/php/7.0/apache2/php.ini

  1. Modify the php.ini file, open the safe mode of php, set this configuration item as F1, set the main directory of the execution program in safe mode as /var/www/html, and set this configuration item as F2. Submit the FLAG2 string. (Form: FLAG2=F1;F2).

答案: FLAG2=safe_mode = on;safe_mode_exec_dir = /var/www/html

  1. Modify the php.ini file, disable the functions system, passthru, exec, shell_exec, popen, phpinfo, and submit this configuration item as FLAG3. (Form: FLAG3=disable function configuration item).

答案: FLAG3=disable_functions = system,passthru,exec,shell_exec,popen,phpinfo

  1. To close the leakage of PHP version information in the http header, set this configuration item as F1, configure to place SQL injection, and set this configuration item as F2. Submit the FLAG4 string. (Form: FLAG4=F1;F2).

答案: FLAG4=expose_php = Off;magic_quotes_gpc = On

  1. Connect to the local MySQL database, the account and password are both root, execute the SQL query language to obtain the MySQL version number information, set the query statement as F1, and set the MySQL version number information as F2. Submit the FLAG5 string. (Form: FLAG5=F1;F2) (tip: supplemented by screenshots).

Answer: FLAG5=select version();;5.7.19-0ubuntu0.16.04.1

  1. There is a file user.txt in the root home directory, there is a database named czjt in the MySQL database, and there is a data table named users in the database czjt, find a way to use the relevant SQL query command of load data local infile to load user.txt The text content is imported into the data table. Submit the SQL query command as FLAG6. (Form: FLAG6=SQL read file command).

答案: FLAG6=load data local infile ‘/root/user.txt’ into table czjt.users fields terminated by ‘,’;

  1. Forbid MySQL to access the local file, set the configuration item of this line as F1, read the local file again, set the behavior of ERROR as F2 (F2 is a screenshot), and set the absolute path of the configuration file as F3. Submit the FLAG7 string. (Form: FLAG7=F1;F2;F3).

[IV2: MySQL basic operation and basic reinforcement]

Virtual environment: Ubuntu-server; self-prepared virtual environment: kali

Account: root; Password: root

Test points: SQL query statement; MySQL hardening

  1. Restore the snapshot of the virtual machine environment to the PHP + MySQL service security configuration, connect to the local MySQL database, set the connection command to F1, the account password is root, execute the SQL query language to obtain the version number information of MySQL, set the query statement to F2, set MySQL The version number information is F3. Submit the FLAG1 string. (Form: FLAG1=F1;F2;F3).

Answer: FLAG1=mysql -p;`select version();;5.7.19-0ubuntu0.16.04.1

  1. The SQL statement FLAG2 can change the root password to p@ssw0rd. Submit the FLAG2 string. (Form: FLAG2=SQL statement to modify root password).

答案: FLAG2=update mysql.user set password=password(‘p@ssw0rd’) where user=’root’;

  1. SQL statement F1 can get all the current databases, SQL statement F2 can switch the database to czjt, SQL statement F3 can check which tables are in czjt, and SQL statement F4 can check all data in the users table. (Form: FLAG3=F1;F2;F3;F4).

答案: FLAG3=show databases;;use czjt;;show tables;;select from users; 或者 select from czjt.users;

  1. Use the find command to search the main MySQL configuration file and submit the FLAG4 string. (Form: FLAG4=absolute path to the main MySQL configuration file).

Answer: FLAG4=/etc/mysql/my.cnf

  1. Use kali to remotely connect to the MySQL database, set the connection command to F1 (F1 is a screenshot), configure the MySQL service to prohibit remote connections, set this configuration item to F2, and connect remotely again, and set the error message to F3 (F3 is a screenshot). (Form: FLAG5=F1, F2, F3) (tip: supplemented by screenshots).

Answer: FLAG5=The actual screenshot shall prevail;skip-networking;The actual screenshot shall prevail

  1. There is a file in the system that is specially used to store MySQL historical operation commands. Let the absolute path of this file be F1, and commands F2 and F3 can make this file no longer save MySQL historical operation commands. Submit the FLAG6 string. (Form: FLAG6=F1,F2,F3).

答案: FLAG6=/root/.mysql_history;rm /root/.mysql_history;ln -s /dev/null /root/.mysql_history

[V1: Cryptography, Steganography]

Virtual environment: Ubuntu-server; self-prepared virtual environment: kali

Account: root; Password: root

Test points: cryptography, steganography This task is submitted to Wireup

[V2: Security miscellaneous, programming]

Virtual environment: Ubuntu-server; self-prepared virtual environment: kali

Account: root; Password: root

Test points: Security miscellaneous, python programming This task is submitted to Wireup

[VI1: Website Comprehensive Penetration]

Test points: SQL injection; use of a kitchen knife; access to shell; brute force cracking of HASH value

This task submits Wireup

Due to the space, all the interview questions are not displayed one by one. If you have a small partner who needs the PDF version of this interview question, you can scan the code below to find me. I have sorted it out. I hope it can help you receive your favorite offer!

Guess you like

Origin blog.csdn.net/yinjiyufei/article/details/130368025
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com