1. Competition time
180 minutes, a total of 3 hours
2. Competition stage
Competition stage task stage competition Task competition time score
1. Collect information on the server host in the penetration machine, and submit the port number opened by the server as the Flag value;
2. In Infiltrate the server host in the penetration machine, obtain the server host name in the server host, and submit the host name as the Flag value;
3. Penetrate the server host in the penetration machine, and obtain the server host name in the server host. Obtain the kernel version and submit the kernel version as the Flag value;
4. Infiltrate the server host in the penetration machine, obtain the administrator's password on the server host, and submit the password as the Flag value;
5. Infiltrate the server host in the penetration machine, find the flag file in the root directory of the website on the server host, and submit the content in the file as the Flag value;
6 Infiltrate the server host in the penetration machine, find the flag file in the administrator's home directory on the server host, and submit the content in the file as the Flag value.
3. Contents of Competition Task Book
(1) Topology Diagram
Only the IP address of 1in20230502 can be obtained
1. Collect information on the server host in the penetration machine and submit the port number opened by the server as the Flag value;
FLAG:22/tcp
2. Infiltrate the server host in the penetration machine, obtain the server host name from the server host, and submit the host name as the Flag value;
To be honest, it's just a simple question. If you have never done this or memorized the answer, you can't do it at all. What do you mean, just open port 22. Most people don’t know who I am, so I’ll give you an IP to penetrate (brother question)
PS: You can go in here and turn off the firewall and it will not be disconnected.
There is a knock on the portuser user password123456 and then check the configuration file
cat /etc/knockd.conf
Then blast in and get the account password. The Hydra is used here. Then 2.txtthere is a aaaaca user in this dictionary
Use commandhostnmae
FLAG:WNSLGWDLXN
3. Infiltrate the server host in the penetration machine, obtain the kernel version from the server host, and submit the kernel version as the Flag value;
Use commanduname -a
FLAG:2.6.32-642.el6.x86_64
4. Infiltrate the server host in the penetration machine, obtain the administrator's password from the server host, and submit the password as the Flag value;
This is also very simple. I roughly wrote down the idea because it is really troublesome. Just get the hash value of root and then john blast it.
It was really troublesome to do the questions. After I was convinced, the port was closed after a while, so I had to try again. . . Speechless (can take a snapshot)
This is very unreasonable. I find / -perm -4000 2>/dev/null didn’t find it. bin/bash If I haven’t learned this, I can’t do it at all
I can’t even raise the rights. What should I do? I am nowroot and then I can search (the design is really unreasonable, I am complaining like crazy, I don’t know the reason)
FLAG:lissabon
5. Infiltrate the server host in the penetration machine, find the flag file in the root directory of the website on the server host, and submit the content in the file as the Flag value;
GetrootPassword switch user
cd /
cat flag
FLAG:GBWYBMSHCW
6. Infiltrate the server host in the penetration machine, find the flag file in the administrator's home directory on the server host, and submit the content in the file as the Flag value.
There is an attachment of a picture in the directory of the last question. It should be steganographic and has not been processed. It cannot be opened. I guess it is confused and the opening is garbled.
(It will be added later when it is completed. ).
This ends this article! If you need the environment, you can contact me. A complete and clear analysis can be found in the Tencent documentation. If you want to buy the environment, you can ask me to get the standard flag! ! !
If you need to subscribe to my knowledge planet, you can also send me a private message. You can view all the analyzes with one subscription! ! !
You can see the column description for the planet link! !