tryhackme--Injection

tryhackme–Injection

开启环境,用nmap扫描,扫出22,80端口,访问80端口发现一个输入框,可以绕过执行任意命令。

Task 3 Blind Command Injection

Ping the box with 10 packets. What is this command (without IP address)?

; ping -c 10

既然可以执行任意命令我们就反弹一个shell回来

Redirect the box’s Linux Kernel Version to a file on the web server. What is the Linux Kernel Version?

查看内核版本:uname -a

4.15.0-101-

Enter “root” into the input and review the alert. What type of alert do you get?

success

Enter “www-data” into the input and review the alert. What type of alert do you get?

success

Enter your name into the input and review the alert. What type of alert do you get?

error

输入系统中不存在的用户就会报错

Task 4 Active Command Injection

What strange text file is in the website root directory?

drpepper.txt

How many non-root/non-service/non-daemon users are there?


除了用户之外为0

0

What user is this app running as?

www-data

What is the user’s shell set as?

/usr/sbin/nologin

What version of Ubuntu is running?

18.04.4 

Dr Pepper

Task 5 Get The Flag!

Get the flag!

使用find命令寻找flag文件

find / -name *flag*  > 1.txt
cat 1.txt


65fa0513383ee486f89450160f3aa4c4

  转载请注明: XingHe tryhackme--Injection

  目录