当前位置:网站首页>SSH key disclosure (module B competition topic) -- Application Service Vulnerability scanning and utilization
SSH key disclosure (module B competition topic) -- Application Service Vulnerability scanning and utilization
2022-06-30 00:13:00 【Shandong Wangan vegetable chicken】
There are problems, environment and analysis , I want a private letter , Not in vain !
Application Service Vulnerability scanning and utilization
1、 Use command nmap Detect the service version information of the target aircraft , Use the parameters you need as FLAG Submit ;
flag:sV
2、 Access the target system through the above port and detect hidden pages , Sensitive files that will be found 、 The directory name is used as FLAG( form :[ Sensitive files or directories 1, Sensitive files or directories 2…, Sensitive files or directories n]) Submit ;
flag:[ssh,robots,txt]
3、 Download the available private key and authentication keyword files through the above sensitive files or directories , Use the private key file name and the authentication keyword file name as FLAG( form :[ Private key filename , Authentication keyword file name ]) Submit ;
flag:[id_rsa,authorized_keys]
4、 Find the user name used to log in to the target server in the authentication keyword file , Use the user name as FLAG Submit ;
边栏推荐
- 代码分析平台 SonarQube 实战
- [rust weekly library] Tokei - a utility for statistics of code lines and other information
- Solr basic operation 11
- FPGA Development (1) -- serial port communication
- I wonder if I can open an account today? In addition, is it safe to open an account online now?
- [advanced C language] file operation (I)
- 手机开户后多久才能通过?另外,手机开户安全么?
- Rotating colored clover
- Label Troubleshooting: unable to open the marked image
- Fine grained identification, classification, retrieval data set collation
猜你喜欢
基于zfoo开发项目的一些规范
QT learning 05 introduction to QT creator project
爬虫入门实战:斗鱼弹幕数据抓取,附送11节入门笔记
Three postures of anti CSRF blasting
There is no web-based development for the reward platform. Which is suitable for native development or mixed development?
Code analysis platform sonarqube actual combat
项目一:部署 LAMP ecshop电商平台
Siemens low code platform connects MySQL through database connector to realize addition, deletion, modification and query
New CorelDRAW technical suite2022 latest detailed function introduction
![[advanced C language] string and memory function (II)](/img/1a/14ff6a078419e407845d60485be60e.png)
[advanced C language] string and memory function (II)
随机推荐
What is flush software? Is it safe to open an account online?
How to view the CPU cores and threads in win11? Win11 view the tutorial of how many cores and threads the CPU is
New titanium cloud service won the "2022 love analysis · panoramic report of it operation and maintenance manufacturers" cloud management platform CMP representative manufacturer
How to realize the spelling correction function in search engine
modelsim的TCL脚本的define incdir命令解析
What is IGMP? What is the difference between IGMP and ICMP?
Embedded development: Hardware in the loop testing
500 error occurred after importing skins folder into solo blog skin
Buffer flow exercise
Solr基础操作12
Gradle serialization 7- configuration signature
Zhongkang holdings opens the offering: it plans to raise HK $395million net, and it is expected to be listed on July 12
漫画安全HIDS、EDR、NDR、XDR
Solr basic operations 9
MySQL functions and constraints
旋转彩色三叶草
[advanced C language] file operation (I)
label问题排查:打不开标注好的图像
Will the flush SQL CDC parallelism affect the order? Generally, only 1 can be set for data synchronization.
AI首席架构师9-胡晓光 《飞桨模型库与行业应用》