type
status
date
slug
summary
tags
category
icon
password
Catagory
Materials
Retired
Retired
Due date
Jan 16, 2024 05:33 AM
Status
Belong in
Progress
Task1:With what kind of tool can intercept web traffic?
proxy
Task2:What is the path to the directory on the webserver that returns a login page?
/cdn-cgi/login
Task3:What can be modified in Firefox to get access to the upload page?
點選【Login as Guest】
Task4:What is the access ID of the admin user?
34322
前面可以看到改id參數就可以查看user,故寫個bash產生1-100數字
使用burp →把擷取到的request 【send to Intruder】→ Attack type選擇【Sniper】→ payloads type【Simple list】→ Start Attack →
Task5:On uploading a file, what directory does that file appear in on the server?
/uploads
Task6:What is the file that contains the password that is shared with the robert user?
Task7:What executible is run with the option "-group bugtracker" to identify all files owned by the bugtracker group?
find
Task8:Regardless of which user starts running the bugtracker executable, what's user privileges will use to run?
root
Task9:What SUID stands for?
Task10:What is the name of the executable being called in an insecure manner?
cat
提權
Submit user flag
f2c74ee8db7983851ab2a96a44eb7981
Submit root flag
af13b0bee69f8a877c3faf667f7beacf
Reference
- 作者:ji3g4gp
- 連結:https://gpblog.vercel.app//article/HTB-Oopsie
- 著作權:本文採用 CC BY-NC-SA 4.0 許可協議,轉載請註明出處。