Shulou(Shulou.com)06/01 Report--

Idea 1. Nmap scan port 2. WEB first check robots.txt, and then directory burst 3. Pay attention to the hidden content in the file 4. Check the configuration in the program in / etc/ and find the login credential Flag 1

Blast directory and files, find / flag/ directory, access to get the first flag

The 1st flag is: {8734509128730458630012095} Flag 2

Access the exploded directory / admin_area/, to find the second flag and a pair of username and password

Username: adminpassword: 3v1l_H@ck3rThe 2nd flag is: {7412574125871236547895214} Flag 3 respectively use the above login credentials to log in to the WEB application and ssh, and finally log in to WEB and find the upload function upload a sentence * *, serve the kitchen knife, get the third flag and the next prompt The 3rd flag is: {7645110034526579012345670} try to find user technawi password to read the flag.txt file, you can find it in a hidden file;) Flag 4

It took a long time to find the hidden file, and finally found it through a violent search: grep-ri technawi / etc/

The 4th flag is: {7845658974123568974185412} username: technawipassword: 3vilH@ksorFlag 5

Log in to ssh with technawi and open / var/www/html/flag.txt

The 5th flag is: {5473215946785213456975249}

Portal

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.