本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/res
Difficulty: Easy
端口扫描1nmap -p- -sC -sV -T4 10.10.253.248
12345678Nmap scan report for 10.10.253.248Host is up (0.19s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION80/tcp open http Apache httpd 2.4.18 ((Ubuntu))|_http-server-header: Apache/2.4.18 (Ubuntu)|_http-title: Apache2 Ubuntu Default Page: It works6379/tcp open redis Redis key-value store 6.0.7
访问80端口是
查看源代码,我们看不到任何隐藏的内容。我使用 Dirsearch 运行目录扫描,看 ...
MISC你说爱我?尊嘟假嘟
总共三种状态「你说爱我」「尊嘟」「假嘟」,考虑是 Ook!。至于那个对应哪个,情况不多,稍微试一下就知道了(其实不论是什么字符,Ook! 第一行都是 Ook.,所以「你说爱我」对应 Ook. 很容易知道)
你说爱我->Ook.
尊嘟->Ook!
假嘟->Ook?
不过替换完之后会有些没对齐,用脚本弄一下
123456import reinput_string = "Ook. Ook.Ook. Ook. Ook. ......."output_string = re.sub(r'(?<! )O', ' O', input_string)print(output_string)
https://ctf.bugku.com/tool/brainfuck
https://www.splitbrain.org/services/ook
解密得到
ild3l4pXejwPcCwJsPAOq7sJczdRdTsJcCEUsP1Z
ISCTF{9832h-s92hw-23u7w-2j8s ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/dogcat
Difficulty: Medium
12345678910111213141516┌──(root㉿kali)-[~]└─# nmap -p- -sC -sV -T4 10.10.93.198 Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-12-09 20:22 ESTNmap scan report for 10.10.93.198Host is up (0.32s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 2048 24:31:19:2a:b1:97:1a:04:4e:2c:36:ac:84:0a:75:87 ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/startup
Difficulty: Easy
We are Spice Hut, a new startup company that just made it big! We offer a variety of spices and club sandwiches (in case you get hungry), but that is not why you are here. To be truthful, we aren’t sure if our developers know what they are doing and our security concerns are rising. We ask that you perform a thorough penetration test and try to own root. Good luck!
Nmap1nmap -p- -sC -sV -T4 10.10.47.1
1234567891011121314 ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/blog
Difficulty: Medium
Billy Joel made a blog on his home computer and has started working on it. It’s going to be so awesome!
Enumerate this box and find the 2 flags that are hiding on it! Billy has some weird things going on his laptop. Can you maneuver around and get what you need? Or will you fall down the rabbit hole…
In order to get the blog to work with AWS, you’ll need to add blog.thm to your /etc/hosts file.
Credit to Sq00ky f ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/tomghost
Difficulty: Easy
1nmap -p- -sC -sV -T4 10.10.175.81
可以看到啊8080端口
网上搜索到相关漏洞
https://www.exploit-db.com/exploits/49039
1234567891011121314151617181920212223242526272829303132333435363738394041[*] Running module against 10.10.175.81Status Code: 200Accept-Ranges: bytesETag: W/"1261-1583902632000"Last-Modified: Wed, 11 Mar 2020 04:57:12 GMTContent-Type: application/xmlContent-Length: 1261<?xml version="1.0" encoding=& ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/cyborgt8
Difficulty: Easy
1nmap -p- -sC -sV -T4 10.10.167.166
检查一下发现80端口只是默认的Apache2,这意味着该站点尚未完全配置
为了更深入的挖掘
我们采用gobuster
1gobuster dir --url http://10.10.167.166/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
发现了一个/admin和/etc
访问/etc
123/etc/squid/passwdmusic_archive:$apr1$BpZ.Q.1m$F0qqPwHSOG50URuOVQTTn.
12345678/etc/squid/squid.confauth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwdauth_param basic ch ...
0x01 清理缓存文件快捷键:Windows+R打开运行,然后输入%temp%
缓存文件可以直接清理
0x02 磁盘清理在我的电脑中,选中C盘,右键–>属性
点击磁盘清理
Win11:
0x03 不建议移动桌面在我的电脑中,选中桌面,右键–>属性,在位置选项中,可以修改桌面的位置至C盘以外的盘符,这样虽然桌面文件不在占用C盘空间。
但很容易出现各种错误!!!
比如桌面文件夹存储位置改成D盘之后,所有D盘的文件都显示在桌面上
0x04 不要随便修改虚拟内存
在C盘可以看到两个较大的被隐藏的系统文件
hiberfil.sys 页面文件(虚拟内存也就是营销号通常让你修改的虚拟内存
Win+Q
许多营销号会让你修改虚拟内存以增大C盘容量,但却没告诉你虚拟内存的重要性!!
打开任务管理器,点击性能,查看内存
我的物理内存有32GB,但提交大小是33.9GB
提交大小=物理内存+页面文件(虚拟内存)
这就代表无论物理内存多大,都会首先占用虚以内存,其次才会占用物理内存
盲目减少虚拟内存会导致游戏打不开等现象!!
hiberfil.sys 休眠文件简单来说就是, ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/attacktivedirectory
Difficulty: Medium
1nmap -p- -sC -sV -T4 10.10.245.159
Task 3 Welcome to Attacktive DirectoryWhat tool will allow us to enumerate port 139/445?
enum4linux
What is the NetBIOS-Domain Name of the machine?
THM-AD
What invalid TLD do people commonly use for their Active Directory Domain?
.local
The next step, enumerating the two ports used by AD *139* and *445* with enum4linux the flag -a stands for all simple enumeration ...
本文相关的TryHackMe实验房间链接:https://tryhackme.com/room/easyctf
Difficulty: Easy
端口扫描1nmap -p- -sC -sV -T4 10.10.246.59
From our results, we can see ports 21 (FTP), 80 (HTTP), and 2222 (SSH) are open.
First, let’s just browse to the IP and see what we get
We find it is the default Apache2 page, not much more to go off of here.
1gobuster dir --url http://10.10.246.59/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Using the medium wordlist we supplied, gobuster was able to find there ...