9 Completed rooms Badges Created rooms Yearly activity Tickets Mr Robot CTF Based on the Mr. Robot show, can you root this box? medium FreeChallenge Kali Machine Access your own Kali Machine easy PremiumWalkthrough Vulnversity Learn about active recon, web app attacks and privilege escalation. ...
Mr Robot CTF Based on the Mr. Robot show, can you root this box? medium Nax Identify the critical security flaw in the most powerful and trusted network monitoring software on the market, that allows an user authenticated execute remote code execution. medium OWASP Top 10 Learn about and exp...
Nmap done: 1 IP address (1 host up) scanned in 15.12 seconds 目录爆破 ┌──(root💀kali)-[~/dirsearch] └─# python3 dirsearch.py -u http://10.10.106.99 -e* -t 100 -w /usr/share/wordlists/Web-Content/directory-list-lowercase-2.3-medium.txt _|. _ _ _ _ _ _|_ v0.3.8 (...
21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory listing: TIMEOUT | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:10.13.42.109 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session time...
最后需要提权,这里是sudo的一个CVE漏洞,代号为CVE-2019-14287,利用方法如下 shell sudo -u \#$((0xffffffff)) /bin/bash 得到root.txt 总结 练习了CTF中Web和misc一些简单做法 做CTF重要的是脑洞和一些经验 sudo这个版本的提权还没有深刻的了解,后续进行研究 总结 __EOF__...
┌──(root💀kali)-[~/tryhackme/boilerctf] └─# cat .info.txt Whfg jnagrq gb frr vs lbh svaq vg. Yby. Erzrzore: Rahzrengvba vf gur xrl! 没发现key,怀疑是凯撒加密,一个个测试,偏移位是:13 解密后的明文是: Just wanted to see if you find it. Lol. Remember: Enumeration is the...
securityroadmappenetration-testingweb-securitypentestinformation-securityburpsuiteowasp-top-10tryhackmeportswigger UpdatedAug 25, 2023 Python edoardottt/tryhackme-ctf Sponsor Star223 Code Issues Pull requests TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions. ...
这里吐槽一下只有CTF风格的靶机才会这么沙雕把这么重要的信息放在网站上让你去找,当然有些不小心的程序员也会在注释泄露一些敏感信息,但是一般来说比较少。我说这些主要是想说,如果一台靶机声称自己是CTF风格的,要多些注意这些技巧。 登录进去以后,是一个命令控制面板,试了一下可以执行一些简单命令 ...
┌──(root💀kali)-[~/tryhackme/boilerctf] └─# cat .info.txt Whfg jnagrq gb frr vs lbh svaq vg. Yby.Erzrzore:Rahzrengvba vf gur xrl! 没发现key,怀疑是凯撒加密,一个个测试,偏移位是:13 解密后的明文是: Just wanted to see if you find it. Lol. Remember: Enumeration is the ke...
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelService detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.30 seconds 经典CTF,一个ssh一个http ...