freeBuf
主站

分类

漏洞 工具 极客 Web安全 系统安全 网络安全 无线安全 设备/客户端安全 数据安全 安全管理 企业安全 工控安全

特色

头条 人物志 活动 视频 观点 招聘 报告 资讯 区块链安全 标准与合规 容器安全 公开课

官方公众号企业安全新浪微博

FreeBuf.COM网络安全行业门户,每日发布专业的安全资讯、技术剖析。

FreeBuf+小程序

FreeBuf+小程序

CTF靶场系列-De-ICE:_S1.110
2019-02-28 23:42:23
所属地 广东省

下载地址

http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso

任务信息

解密客户信息

实战演练

原文再续,书接上文s1.100的系统

信息收集

netdiscover发现IP是192.168.1.110

image.png嗯。。。开了ssh,用上一次获取到的密码登录一下

image.png

登录bbanter失败,看来是密码不对

image.png
那就只能从FTP入手了,使用ftp的anonymous扫描,发现存在anonymous账号

image.png
登录

image.png下载shadow和core文件

image.png查看文件

image.png将core的内容提取出来保存为passwd,然后爆破

root:$1$aQo/FOTu$rriwTq.pGmN3OhFe75yd30:13574:0:::::
aadams:$1$klZ09iws$fQDiqXfQXBErilgdRyogn.:13570:0:99999:7:::
bbanter:$1$1wY0b2Bt$Q6cLev2TG9eH9iIaTuFKy1:13571:0:99999:7:::
ccoffee:$1$6yf/SuEu$EZ1TWxFMHE0pDXCCMQu70/:13574:0:99999:7:::
image.png后来发现root密码不是这个,再找了另外一个字典爆破
#字典
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/darkc0de.txt
image.png
使用root账号进行远程登录,失败
image.png那就只能使用bbanter账号登录,然后再提权
image.png找到加密文件
root@slax:~# find / -iname *.enc
/mnt/live/mnt/hdc/rootcopy/home/ftp/download/opt/cygwin/usr/share/groff/1.18.1/font/devps/text.enc
/mnt/live/mnt/hdc/rootcopy/home/root/.save/customer_account.csv.enc
find: WARNING: Hard link count is wrong for /mnt/live/proc/8564: this may be a bug in your filesystem driver.  Automatically turning on find's -noleaf option.  Earlier results may have failed to include directories that should have been searched.
/mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/IsoLatin1.enc
/mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/IsoLatin2.enc
/mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/IsoLatin9.enc
/mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/PSLatin1.enc
/mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/dc.enc
/mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/dvips.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/big5.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/euc-kr.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-2.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-3.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-4.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-5.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-7.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-8.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-9.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1250.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1252.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-jisx0221.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-unicode.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-cp932.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jdk117.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jisx0221.enc
/mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-unicode.enc
/mnt/live/memory/images/02_core.mo/usr/share/groff/1.19.2/font/devps/text.enc
/mnt/live/memory/changes/home/root/.save/customer_account.csv.enc
/mnt/live/memory/changes/home/ftp/download/opt/cygwin/usr/share/groff/1.18.1/font/devps/text.enc
/usr/share/t1lib/Fonts/enc/IsoLatin1.enc
/usr/share/t1lib/Fonts/enc/IsoLatin2.enc
/usr/share/t1lib/Fonts/enc/IsoLatin9.enc
/usr/share/t1lib/Fonts/enc/PSLatin1.enc
/usr/share/t1lib/Fonts/enc/dc.enc
/usr/share/t1lib/Fonts/enc/dvips.enc
/usr/share/groff/1.19.2/font/devps/text.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/big5.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/euc-kr.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-2.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-3.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-4.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-5.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-7.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-8.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-9.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1250.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1252.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-jisx0221.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-unicode.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-cp932.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jdk117.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jisx0221.enc
/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-unicode.enc
/home/root/.save/customer_account.csv.enc
/home/ftp/download/opt/cygwin/usr/share/groff/1.18.1/font/devps/text.enc

找到openssl的加密方式

image.png

# CTF
本文为 独立观点,未经允许不得转载,授权请联系FreeBuf客服小蜜蜂,微信:freebee2022
被以下专辑收录,发现更多精彩内容
+ 收入我的专辑
+ 加入我的收藏
相关推荐
  • 0 文章数
  • 0 关注者