freebuf
本文来源:
下载地址
后来发现root密码不是这个,再找了另外一个字典爆破
使用root账号进行远程登录,失败
那就只能使用bbanter账号登录,然后再提权
找到加密文件
下载地址
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
任务信息
解密客户信息
实战演练
原文再续,书接上文s1.100的系统
信息收集
netdiscover发现IP是192.168.1.110
嗯。。。开了ssh,用上一次获取到的密码登录一下
登录bbanter失败,看来是密码不对
那就只能从FTP入手了,使用ftp的anonymous扫描,发现存在anonymous账号
登录
下载shadow和core文件
查看文件
将core的内容提取出来保存为passwd,然后爆破
root:$1$aQo/FOTu$rriwTq.pGmN3OhFe75yd30:13574:0::::: aadams:$1$klZ09iws$fQDiqXfQXBErilgdRyogn.:13570:0:99999:7::: bbanter:$1$1wY0b2Bt$Q6cLev2TG9eH9iIaTuFKy1:13571:0:99999:7::: ccoffee:$1$6yf/SuEu$EZ1TWxFMHE0pDXCCMQu70/:13574:0:99999:7:::
后来发现root密码不是这个,再找了另外一个字典爆破#字典 https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/darkc0de.txt
使用root账号进行远程登录,失败
那就只能使用bbanter账号登录,然后再提权找到加密文件root@slax:~# find / -iname *.enc /mnt/live/mnt/hdc/rootcopy/home/ftp/download/opt/cygwin/usr/share/groff/1.18.1/font/devps/text.enc /mnt/live/mnt/hdc/rootcopy/home/root/.save/customer_account.csv.enc find: WARNING: Hard link count is wrong for /mnt/live/proc/8564: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched. /mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/IsoLatin1.enc /mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/IsoLatin2.enc /mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/IsoLatin9.enc /mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/PSLatin1.enc /mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/dc.enc /mnt/live/memory/images/05_common.mo/usr/share/t1lib/Fonts/enc/dvips.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/big5.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/euc-kr.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-2.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-3.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-4.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-5.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-7.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-8.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-9.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1250.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1252.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-jisx0221.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-unicode.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-cp932.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jdk117.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jisx0221.enc /mnt/live/memory/images/02_core.mo/usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-unicode.enc /mnt/live/memory/images/02_core.mo/usr/share/groff/1.19.2/font/devps/text.enc /mnt/live/memory/changes/home/root/.save/customer_account.csv.enc /mnt/live/memory/changes/home/ftp/download/opt/cygwin/usr/share/groff/1.18.1/font/devps/text.enc /usr/share/t1lib/Fonts/enc/IsoLatin1.enc /usr/share/t1lib/Fonts/enc/IsoLatin2.enc /usr/share/t1lib/Fonts/enc/IsoLatin9.enc /usr/share/t1lib/Fonts/enc/PSLatin1.enc /usr/share/t1lib/Fonts/enc/dc.enc /usr/share/t1lib/Fonts/enc/dvips.enc /usr/share/groff/1.19.2/font/devps/text.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/big5.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/euc-kr.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-2.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-3.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-4.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-5.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-7.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-8.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/iso-8859-9.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1250.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/windows-1252.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-jisx0221.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-euc-jp-unicode.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-cp932.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jdk117.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-jisx0221.enc /usr/lib/perl5/site_perl/5.8.8/i486-linux/XML/Parser/Encodings/x-sjis-unicode.enc /home/root/.save/customer_account.csv.enc /home/ftp/download/opt/cygwin/usr/share/groff/1.18.1/font/devps/text.enc
找到openssl的加密方式
转载请注明来自网盾网络安全培训,本文标题:《CTF靶场系列-De-ICE:_S1.110》
标签:CTF
