2021 Fujian Vocational College skills competition (secondary vocational group) network security competition assignment

B modular

Environment requires private bloggers

Task a ： Attack log analysis

Mission environment description ：

• Server scenario ：PYsystem0031
• Server scenario operating system ： Unknown
• Server scenario FTP user name :anonymous password ： empty

1. From the target server FTP Upload and download attack.pcapng Package file , By analyzing the data package attack.pcapng, Find the hacker's IP Address , And put the hacker's IP Address as FLAG（ form ：[IP Address ]） Submit ;（1 branch ）
2. Continue to view the package file attack.pacapng, Analyze the open port of the target scanned by the hacker , Use the open port of the target as FLAG（ form ：[ Port name 1, Port name 2, Port name 3…, Port name n]） From low to high ;（1 branch ）
3. Continue to view the package file attack.pacapng, Analyze the version number of the operating system obtained after the hacker's successful intrusion , Take the version number of the operating system as FLAG（ form ：[ Operating system version number ]） Submit ;（1 branch ）
4. Continue to view the package file attack.pacapng, Analyze the first command executed by the hacker after successful intrusion , And take the first command executed as FLAG（ form ：[ The first order ]） Submit ;（1 branch ）
5. Continue to view the package file attack.pacapng, Analyze the second command executed by the hacker after successful intrusion , And execute the second command as FLAG（ form ：[ The second order ]） Submit ;（2 branch ）
6. Continue to view the package file attack.pacapng, Analyze the return result of the second command executed by the hacker after successful intrusion , And return the result of the second command as FLAG（ form ：[ The second command returns the result ]） Submit ;（2 branch ）
7. Continue to view the package file attack.pacapng, Analyze the return result of the third command executed after the hacker's successful intrusion , And return the result of the third command as FLAG（ form ：[ The third command returns the result ]） Submit .（2 branch ）

Task 2 ： System vulnerability exploitation and right raising

Mission environment description ：

• Server scenario ：PYsystem0033
• Server scenario operating system ：Ubuntu
• Server scenario user name : Unknown password ： Unknown

1. Use nmap Scanning target system , Take the open port number of the target aircraft in the order from small to large FLAG（ form ：[ port 1, port 2…, port n]） Submit ;（1 branch ）
2. Access the target system through the above port , Log in with a weak password , Use the correct user name and password as FLAG（ form ：[ user name , password ]） Submit ;（1 branch ）
3. utilize Kali The penetration machine generates a rebound Trojan horse , Take the first word of the fourth line prompted after the execution of the generated Trojan command as FLAG（ form ：[ word ]） Submit ;（1 branch ）
4. Modify the above Trojan file and upload it to the target system , Use MSF Turn on monitoring , Take the user name of the current permission obtained as FLAG（ form ：[ user name ]） Submit ;（1 branch ）
5. Check the system kernel version information , Take the system kernel version number as FLAG（ form ：[ Version number ]） Submit ;（1 branch ）
6. stay Kali Find the exploitable source code in the attacker , Take the file name of the found vulnerability source code as FLAG（ form ：[ file name ]） Submit ;（1 branch ）
7. The target obtained by using the above vulnerability source code /root The only one in the world .txt The file name of the file is FLAG（ form ：[ file name ]） Submit ;（1 branch ）（2 branch ）
8. After using the above vulnerability source code, the target will be obtained /root The only one in the world .txt The contents of the document are used as FLAG（ form ：[ The contents of the document ]） Submit .（2 branch ）

Task 4 ：Web Safety penetration test

Mission environment description ：

• Server scenario ：PYsystem0043
• Server scenario operating system ： Unknown
• Server scenario user name : Unknown password ： Unknown

1. Access... Through a browser http:// Target server IP/1, Perform a penetration test on the page , find flag Format ：flag｛Xxxx123｝, The contents in parentheses are used as flag Value and submit ;（2 branch ）

2. Access... Through a browser http:// Target server IP/2, Perform a penetration test on the page , find flag Format ：flag｛Xxxx123｝, The contents in parentheses are used as flag Value and submit ;（2 branch ）

3. Access... Through a browser http:// Target server IP/3, Perform a penetration test on the page , find flag Format ：flag｛Xxxx123｝, The contents in parentheses are used as flag Value and submit ;（2 branch ）

4. Access... Through a browser http:// Target server IP/4, Perform a penetration test on the page , find flag Format ：flag｛Xxxx123｝, The contents in parentheses are used as flag Value and submit ;（3 branch ）

5. Access... Through a browser http:// Target server IP/5, Perform a penetration test on the page , find flag Format ：flag｛Xxxx123｝, The contents in parentheses are used as flag Value and submit .（3 branch ）

Task six ： Port scanning Python Penetration test

Mission environment description ：

• Server scenario ：PYsystem0041
• Server scenario operating system ： Unknown
• Server scenario FTP user name :anonymous password ： empty

1. From the target server FTP Upload and download PortScan.py, edit Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F1 character string , Take this string as Flag Value submission ;（1 branch ）

2. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F2 character string , Take this string as Flag Value submission ;（1 branch ）

3. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F3 character string , Take this string as Flag Value submission ;（1 branch ）

4. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F4 character string , Take this string as Flag Value submission ;（2 branch ）

5. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F5 character string , Take this string as Flag Value submission ;（2 branch ）

6. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F6 character string , Take this string as Flag Value submission ;（2 branch ） 

7. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F7 character string , Take this string as Flag Value submission ;（2 branch ）

8. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F8 character string , Take this string as Flag Value submission ;（2 branch ）

9. continue editing Python Program PortScan.py, Implementation is based on TCP Full open port scanning , Fill in the blanks in this document F9 character string , Take this string as Flag Value submission .（1 branch ）

s