Description
Hello Agent.
You’re here on a special mission.
A mission to take down one of the biggest weapons suppliers which is Moriarty Corp.
Enter flag{start} into the webapp to get started!
Notes:
- Web panel is on port 8000 (not in scope. Don’t attack)
- Flags are stored in #_flag.txt format. Flags are entered in flag{} format. They’re usually stored in / directory but can be in different locations.
- To temporarily stop playing, pause the VM. Do not shut it down.
- The webapp starts docker containers in the background when you add flags. Shutting down and rebooting will mess it up.
(the story is bad. sorry for the lack of creativity)
Difficulty: Med-Hard
Tasks involved:
- port scanning
- webapp attacks and bug hunting
- pivoting (meterpreter is highly recommended)
- password guessing/bruteforcing
Virtual Machine: - Format: Virtual Machine (Virtualbox OVA) - Operating System: Linux
Networking: - DHCP Service: Enabled - IP Address Automatically assign
This works better with VirtualBox rather than VMware.
从描述上看,这次我们扮演一个Agent(特工),目标是拿下一个武器供应商( Moriarty Corp)的网站。8000端口用于提交flag,不在攻击范围,通过每一次提交的flag,获取提示信息。
扫描探测
sudo arp-scan -I eth0 -l
二层扫描发现目标靶机IP 10.0.2.18。
扫描开放端口或服务
sudo nmap -p- -sV 10.0.2.18
根据描述,访问8000端口
输入flag{start}开始任务
文件包含
根据提示,访问站点开放的80端口
在网站的链接中发现文件包含漏洞
发现文件包含漏洞,可以尝试远程文件包含获取shell
这里可以用这个在Github上找到的工具 LFISuite,使用起来也很容易,通过这个工具getShell
最低0.47元/天 解锁文章
扫一扫
2516
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
