The second round of Yunnan Cyberspace Security competition in May 2021

2021 year 5 In June, the title of Yunnan Cyberspace Security skill competition was reproduced .

Task a 、SSH Weak password penetration test

Mission environment description ：
ü Server scenario ：Linux
ü Server scenario operating system ：Linux（ Version unknown ）

1. In the local PC Penetration testing platform BT5 Use in zenmap Tool scan server scenario Linux Network segment ( for example ：172.16.101.0/24) Live hosts in range IP Address and designated open 21、22、23 port . And take the string that must be added in the command used by this operation as FLAG Submit （ Ignore ip Address ）;
Direct use nmap scanning
flag=-p21,22,23

2. Via local PC Medium penetration test platform BT5 For the server scenario Linux Conduct system service and version scanning penetration test , And display the operation in the result SSH The service port information corresponding to the service is used as FLAG Submit ;
nmap -sV 192.168.19.75
flag=22/tcp

3. In the local PC Penetration testing platform BT5 Use in MSF The module explodes it , Use search command , The name information of the scanning weak password module is used as FLAG Submit ;
flag=search mssql_login

4. On the basis of the previous question, use the command to call the module , And view the information to be configured （ Use show options command ）, The target address to be configured in the echo will be displayed , Password guessing Dictionary , Threads , The fields of account configuration parameters are used as FLAG Submit （ Separated by commas , example hello,test,…,…）;
flag=rhosts,pass_file,threads,username

5. stay msf Configure the target aircraft in the module IP Address , Use the first two words in the configuration command as FLAG Submit ;
flag=set rhosts

6. stay msf Specify the password dictionary in the module , The dictionary path is /root/2.txt, The user is called test Obtain the password and use the obtained password as FLAG Submit ;
Directly use the dictionary at the game site for blasting , Use set Specify the parameters , direct run Just go .

7. On the basis of the previous question , Use the 6 The obtained password SSH To the target , take test The only suffix in the user's home directory is .bmp The string of the file name of the picture is used as FLAG Submit .
readily solved

Task 2 ： Data analysis ack Data packets

1. From the target server FTP Upload and download attack pcapng Package file , By analyzing the data package attack pcapng, Find the hacker's IP Address , And put the hacker's IP Address as FLAG ( form : [IP Address ]) Submit ; (1 branch )
flag：[192.168.8.126]

2. Continue to view the package file attack.pacapng, Analyze the open port of the target scanned by the hacker , Use the open port of the target as FLAG ( form : [ Port name 1, Port name 2. Port name 3… , Port name n]) From low to high ; (1 branch )
flag：[21]

3. Continue to view the package file attack pacapng, Analyze the version number of the operating system obtained after the hacker's successful intrusion , Take the version number of the operating system as FLAG ( form : [ Operating system version number ]) Submit ; (1 branch )
flag:[ anonymous]

4. Continue to view the package file attack pacapng, Analyze the first command executed by the hacker after successful intrusion , And take the first command executed as FLAG ( form : [ The first - Bar command ]) Submit ; (1 branch )
flag:[admin]

5. Continue to view the package file attack.pacapng, Analyze the second command executed by the hacker after successful intrusion , And execute the second command as FLAG ( form : [ The second order ]) Submit ; (2 branch )
flag:[put one.asp]

6. Continue to view the package file attack pacapng, Analyze the return result of the second command executed by the hacker after successful intrusion , And return the result of the second command as FLAG ( form : [ The second command returns the result ]) Submit ; (2 branch )
flag:[Microsof-1IS/7.5]

7. Continue to view the package file attack .pacapng, Analyze the return result of the third command executed after the hacker's successful intrusion , And return the result of the third command as FLAG ( form : [ The third command returns the result ]) Submit .(2 branch )
flag:[Tomorrow]

Task three ： Comprehensive penetration test

The main content is to use the Trojan horse to raise the right to obtain the host Shell,
General idea ： Login backstage ,msf Generate php Ma rebound to get system permission .

I forgot when I was playing msf Generate php Horse orders ,, Purring

Task 4 ：Web penetration

page 1,,,f12 Take it directly flag
page 2,,, See the login box ,,' Wrong number ,, direct nmap Tuoku ,, Get flag.
page 3,,XFF forge IP Local access ...
page 4,, I can't remember ,,, It's simple

front 4 Little topic ,, It's all foundation ,, It's simple .

Page five ,,,,/file=text.txt,,, The problem didn't work out

Scuffle stage

a Linux

to open up 21 22 23 80 3306 port ...
Sweep it out ,,,21 ——>> VSFTPD234 Smiley loopholes exist ..
2.txt Universal Dictionary （ Relatively more ,, Take it to explode ssh and ftp Should be able to explode ）
password.txt Dictionaries ...

Phase II summary ： Be sure to change the virtual machine configuration , Or you'll get stuck in doubt about life ！！！

Cabbage blog