type
status
date
slug
summary
tags
category
icon
password
Status
Due date
Sep 18, 2023 04:17 AM

Progress

Task1:Besides SSH and HTTP, what other service is hosted on this box?

ftp
notion image

Task2:This service can be configured to allow login with any password for specific username. What is that username?

Anonymous
notion image

Task3:What is the name of the file downloaded over this service?

backup.zip
notion image
notion image

Task4:What script comes with the John The Ripper toolset and generates a hash from a password protected zip archive in a format to allow for cracking attempts?

zip2john
notion image
notion image
發現admin帳號及md5 encoded 密碼:2cb42f8734ea607eefed3b70af13bbd3
發現admin帳號及md5 encoded 密碼:2cb42f8734ea607eefed3b70af13bbd3

Task5:What is the password for the admin user on the website?

qwerty789
notion image
notion image
notion image

Task6:What option can be passed to sqlmap to try to get command execution via the sql injection?

—os-shell
notion image
3個db:information_schema、pg_catalog、public
notion image
notion image
notion image
notion image
取得reverse shell
notion image
notion image

Task7:What program can the postgres user run as root using sudo?

notion image
密碼:P@s5w0rd!
密碼:P@s5w0rd!
notion image

Submit user flag

ec9b13ca4d6229cd5cc1e09980965bf7
ec9b13ca4d6229cd5cc1e09980965bf7

Submit root flag

Reference

md5在线解密破解,md5解密加密
md5在线解密破解,md5解密加密
https://www.cmd5.com/
Online - Reverse Shell Generator
Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs.
Online - Reverse Shell Generator
https://www.revshells.com/
Online - Reverse Shell Generator
相關文章
HTB - Oopsie
HTB - Archetype
HTB - Crocodile
AccessDB ModuleHTB - Oopsie