当前位置:网站首页>Network security of secondary vocational group 2021 Jiangsu provincial competition 5 sets of topics environment + analysis of all necessary private messages I
Network security of secondary vocational group 2021 Jiangsu provincial competition 5 sets of topics environment + analysis of all necessary private messages I
2022-07-05 10:43:00 【ruihack】
2021 The title of Jiangsu provincial competition 5 Set the topic environment all the private messages I need , If you have any questions, welcome to discuss with bloggers
Task a : Attack log analysis
pit 1. Port does not count as port
2. Orders are not orders
3. Or tell you through the topic ?
1. From the target server FTP Upload and download attack.pcapng Package file , By analyzing the data package attack.pcapng, Find the hacker's IP Address , And put the hacker's IP Address as FLAG( form :[IP Address ]) Submit ;(1 branch )
192.168.10.106
2. Continue to view the package file attack.pacapng, Analyze the open port of the target scanned by the hacker , Use the open port of the target as FLAG( form :[ Port name 1, Port name 2, Port name 3…, Port name n]) From low to high ;(1 branch )
21/22/23/80/139/445/3306/8080/15629/37113/42838/44500/54351/56436
3. Continue to view the package file attack.pacapng, Analyze the version number of the operating system obtained after the hacker's successful intrusion , Take the version number of the operating system as FLAG( form :[ Operating system version number ]) Submit ;(1 branch )
Linux localhost.localdomain 2.6.32-504.el6.i686
4. Continue to view the package file attack.pacapng, Analyze the first command executed by the hacker after successful intrusion , And take the first command executed as FLAG( form :[ The first order ]) Submit ;(1 branch )
id
5. Continue to view the package file attack.pacapng, Analyze the second command executed by the hacker after successful intrusion , And execute the second command as FLAG( form :[ The second order ]) Submit ;(2 branch )
uname -a
6. Continue to view the package file attack.pacapng, Analyze the return result of the second command executed by the hacker after successful intrusion , And return the result of the second command as FLAG( form :[ The second command returns the result ]) Submit ;(2 branch )
Linux localhost.localdomain 2.6.32-504.el6.i686 #1 SMP Wed Oct 15 03:02:07 UTC 2014 i686 i686 i386 GNU/Linux
7. Continue to view the package file attack.pacapng, Analyze the return result of the third command executed after the hacker's successful intrusion , And return the result of the third command as FLAG( form :[ The third command returns the result ]) Submit .(2 branch )
/
Task 2 : System vulnerability exploitation and right raising
1. Use nmap Scanning target system , Take the open port number of the target aircraft in the order from small to large FLAG( form :[ port 1, port 2…, port n]) Submit ;(1 branch )
21,22,80
2. Access the target system through the above port , Log in with a weak password , Use the correct user name and password as FLAG( form :[ user name , password ]) Submit ;(1 branch )
3. utilize Kali The penetration machine generates a rebound Trojan horse , Take the first word of the fourth line prompted after the execution of the generated Trojan command as FLAG( form :[ word ]) Submit ;(1 branch )
4. Modify the above Trojan file and upload it to the target system , Use MSF Turn on monitoring , Take the user name of the current permission obtained as FLAG( form :[ user name ]) Submit ;(1 branch )
5. Check the system kernel version information , Take the system kernel version number as FLAG( form :[ Version number ]) Submit ;(1 branch )
6. stay Kali Find the exploitable source code in the attacker , Take the file name of the found vulnerability source code as FLAG( form :[ file name ]) Submit ;(1 branch )
7. The target obtained by using the above vulnerability source code /root The only one in the world .txt The file name of the file is FLAG( form :[ file name ]) Submit ;(1 branch )(2 branch )
8. After using the above vulnerability source code, the target will be obtained /root The only one in the world .txt The contents of the document are used as FLAG( form :[ The contents of the document ]) Submit .(2 branch )
Task three : Code audit
1. In infiltration machine Kali Linux Access the target server Web page , Register your account and log in , Find the existence XSS Execute the vulnerable page , Will exist in this page XSS The object name of the execution vulnerability is as FLAG Submit ;(2 branch )
2. structure Cookie rebound JS Script , Will be JS The objects and methods used in the code act as FLAG( form : object . Method ) Submit ;(2 branch )
3. In infiltration machine Kali Linux Restart in Web service , Use the restart command as FLAG Submit ;(2 branch )
Use the original... In the target server XSS Vulnerability calls the above JS Script , In infiltration machine Kali Linux In the open 3333 Port listening , Use the command to open port listening as FLAG Submit ;(2 branch )
4. In infiltration machine Kali Linux In the open 3333 Port listening , Take the first word in the first line of the response received after opening the port listening as FLAG Submit ;(2 branch )
5. In infiltration machine Kali Linux In the open 3333 Port listening , Take the last word in the fifth line of the response received after opening the port listening as FLAG Submit .(2 branch )
Task 4 :Web Safety penetration test
1. Access... Through a browser http:// Target server IP/1, Perform a penetration test on the page , find flag Format :flag{Xxxx123}, The contents in parentheses are used as flag Value and submit ;(2 branch )
2. Access... Through a browser http:// Target server IP/2, Perform a penetration test on the page , find flag Format :flag{Xxxx123}, The contents in parentheses are used as flag Value and submit ;(2 branch )
3. Access... Through a browser http:// Target server IP/3, Perform a penetration test on the page , find flag Format :flag{Xxxx123}, The contents in parentheses are used as flag Value and submit ;(2 branch )
4. Access... Through a browser http:// Target server IP/4, Perform a penetration test on the page , find flag Format :flag{Xxxx123}, The contents in parentheses are used as flag Value and submit ;(3 branch )
5. Access... Through a browser http:// Target server IP/5, Perform a penetration test on the page , find flag Format :flag{Xxxx123}, The contents in parentheses are used as flag Value and submit .(3 branch )
Task five :Linux Operating system penetration test
1. Through the infiltration machine Kali Perform system service and version scanning penetration test on the target server , And display the operation in the result 21 The service version information string corresponding to the port is used as Flag Value submission ;(1 branch )
2. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /var/www The only suffix in the directory is .bmp The file name of the file is used as Flag Value submission ;(1 branch )
3. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /var/www The only suffix in the directory is .bmp The English words in the picture file are used as Flag Value submission ;(1 branch )
4. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /home/guest The only suffix in the directory is .pdf The file name of the file is used as Flag Value submission ;(1 branch )
5. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /home/guest The only suffix in the directory is .pdf The contents of the document are used as Flag Value submission ;(2 branch )
6. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /var/vsftpd The only suffix in the directory is .docx The file name of the file is used as Flag Value submission ;(1 branch )
7. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /var/vsftpd The only suffix in the directory is .docx The contents of the document are used as Flag Value submission ;(2 branch )
8. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /root The only suffix in the directory is .txt The file name of the file is used as Flag Value submission ;(1 branch )
9. Through the infiltration machine Kali Conduct penetration test on the target server , Put the scene /root The only suffix in the directory is .txt The contents of the document are used as Flag Value submission .(2 branch )
Task six : Port scanning Python Penetration test
1. From the target server FTP Upload and download PortScan.py, edit Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F1 character string , Take this string as Flag Value submission ;(1 branch )
2. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F2 character string , Take this string as Flag Value submission ;(1 branch )
3. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F3 character string , Take this string as Flag Value submission ;(1 branch )
4. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F4 character string , Take this string as Flag Value submission ;(1 branch )
5. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F5 character string , Take this string as Flag Value submission ;(1 branch )
6. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F6 character string , Take this string as Flag Value submission ;(1 branch )
7. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F7 character string , Take this string as Flag Value submission ;(1 branch )
8. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F8 character string , Take this string as Flag Value submission ;(1 branch )
9. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F9 character string , Take this string as Flag Value submission ;(1 branch )
边栏推荐
猜你喜欢
[dark horse morning post] Luo Yonghao responded to ridicule Oriental selection; Dong Qing's husband Mi Chunlei was executed for more than 700million; Geely officially acquired Meizu; Huawei releases M
基于昇腾AI丨以萨技术推出视频图像全目标结构化解决方案,达到业界领先水平
How to write high-quality code?
How to plan the career of a programmer?
5G NR系统架构
SAP UI5 ObjectPageLayout 控件使用方法分享
How does redis implement multiple zones?
风控模型启用前的最后一道工序,80%的童鞋在这都踩坑
"Everyday Mathematics" serial 58: February 27
【Vite】1371- 手把手开发 Vite 插件
随机推荐
Idea create a new sprintboot project
2021年山东省赛题库题目抓包
沟通的艺术III:看人之间 之倾听
DOM//
中职组网络安全C模块全漏洞脚本讲解包含4个漏洞的脚本
Glide Mastery
Crawler (9) - scrape framework (1) | scrape asynchronous web crawler framework
C语言活期储蓄账户管理系统
Ad20 make logo
SQL Server monitoring statistics blocking script information
How to write high-quality code?
脚手架开发进阶
WorkManager学习一
双向RNN与堆叠的双向RNN
爬虫(9) - Scrapy框架(1) | Scrapy 异步网络爬虫框架
基于昇腾AI丨以萨技术推出视频图像全目标结构化解决方案,达到业界领先水平
Workmanager Learning one
App各大应用商店/应用市场网址汇总
C#实现获取DevExpress中GridView表格进行过滤或排序后的数据
NAS and San