Technology Sharing

Secondary Vocational Network Security B Module Penetration Test server2380

2024-07-12

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

  1. Use nmap scan to add parameter -sV

Flag:2.4.38

  1. Add parameter -A or the scan will not be complete (for these two questions, you can directly add -sV -A)

Flag: 4.3.11-Ubuntu

  1. According to the nmap scan, the system is an Ubuntu system. The Ubuntu operating system contains a user account named "ubuntu" by default in some versions. This is to facilitate the initialization and remote access of the cloud server instance. Usually, the "ubuntu" user has sudo privileges, which means it can perform system management tasks with superuser privileges.

Then we create a simple dictionary of user and passwd to retrieve the password (this step can be omitted)

 

Log in uname -a

Flag:4.4.0-142-generic

  1. Check the directory of the ubuntu user and you will see a flag.bmp file. The bmp file is a picture, so use the command to download the file. Use the command because of permission reasons. I created a folder in /etc/123 and copied the flag.bmp file there.

 scp [email protected]:/etc/123/flag.bmp /root/

scp username@target machine ip/:image path local storage path

Open the image

Flag:eurvhnpmvzvbsmdwpm

  1. Directly perform sudo privilege escalation to view flag

Flag:flag

Environmental Contact Home

Personal profile

I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages ​​such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.

my contact information

Mail