2024FIC 第四届全国网络空间取证竞赛—线上赛(服务器部分)

b3nguang 2024-07-14 13:37:01 阅读 75

因为使用仿真软件会破坏 esxi 镜像引导,因此学会手动挂载是必要的

关掉杀软等会占用磁盘的软件

FTK(一定要是图标是放大镜的版本)挂载镜像,有几块挂几块,一次性挂挂好,务必 可读可写(不一定 FTK,看自己习惯什么挂载软件就用什么挂载)

image-20240430134541641

管理员模式打开 vmware,cpu 和内存给大点,先挂系统盘,再挂数据盘

image-20240430135204337

成功启动

image-20240430135526615

手动绕密(exsi7 及以下)

手动加一块 iso 镜像

image-20240430155557356

打开电源时进入固件,选第二个

image-20240430155307393

进入试用模式

image-20240430155656207

image-20240430160017746

<code>cp state.tgz /tmp

cd /tmp

tar xzf state.tgz

tar xzf local.tgz

cd etc

cp shadow shadow.bak

nano shadow #shadow咋改你懂得

cd ..

tar czf local.tgz etc

tar czf state.tgz local.tgz

cp /tmp/state.tgz /media/ubuntu/586C-10CC2

空密码登录

image-20240430161120204

esxi 服务器的 esxi 版本为?

挂起来就好

请分析 ESXi 服务器,该系统的安装日期为:

image-20240505175812614

请分析 ESXi 服务器数据存储“datastore”的 UUID 是?

image-20240505175855933

ESXI 服务器的原 IP 地址?

仿起来就好

EXSI 服务器中共创建了几个虚拟机?

image-20240505175937552

网站服务器绑定的 IP 地址为?

image-20240505180055399

image-20240505180111759

image-20240505180941123

fscan 开扫就完事了

rocketchat 手动绕个密

开机启动,选择(core),按++e++键

如果是 CentOS,则修改 <code>ro 为 rw init=/sysroot/bin/sh;如果是 Ubuntu,则修改 rorw single init=/bin/bash

按++ctrl+x++,进入 shell 界面,再输入

chroot /sysroot

输入下面的命令修改密码,需要输入两次来确认密码

passwd

关闭 SELinux(可选)

编辑 SELinux 的 config 文件

sudo vi /etc/selinux/config

找到 SELINUX=enforcingSELINUX=permissive 字段,按++i++进入编辑模式,将参数 SELINUX=enforcingSELINUX=permissive 修改为 SELINUX=disabled,并保存++colon+w+q++

重启

reboot

网站服务器的登录密码为?

fscan 扫出来了

网站服务器所使用的管理面板登陆入口地址对应的端口号为:

www 执行 bt 14

[root@localhost ~]# bt 14

===============================================

正在执行(14)...

===============================================

curl: (28) Resolving timed out after 4519 milliseconds

curl: (28) Resolving timed out after 4519 milliseconds

curl: (28) Resolving timed out after 4517 milliseconds

==================================================================

BT-Panel default info!

==================================================================

获取外网IP失败,请使用服务器公网IP+端口访问面板

外网面板地址: https://服务器公网IP:14131/adec8c75

内网面板地址: https://192.168.8.89:14131/adec8c75

username: j9oehwoa

password: ********

Warning:

If you cannot access the panel,

release the following port (8888|888|80|443|20|21) in the security group

注意:初始密码仅在首次登录面板前能正确获取,其它时间请通过 bt 5 命令修改密码

==================================================================

网站服务器的 web 目录是?

www 执行

[root@localhost ~]# ls /

bin boot dev etc home lib lib64 media mnt opt patch proc root run sbin srv sys tmp usr var webapp webapp.zip www

[root@localhost ~]# ls /webapp

dist group luck-prize qz 7.11 ruoyi-admin.jar0826 ruoyi-admin.jar0904 ruoyi-admin.jar 7.26 ruoyi-admin.jar8.16 test

dist0826 index.html nohup.out restart.sh ruoyi-admin.jar0827 ruoyi-admin.jar0907 ruoyi-admin.jar8.14 ruoyi-admin.jarbak

dist0906 kill.sh profile ruoyi-admin.jar ruoyi-admin.jar0828 ruoyi-admin.jar0915 ruoyi-admin.jar8.15 ruoyi-admin.pid

down logs qz ruoyi-admin.jar0818 ruoyi-admin.jar08281 ruoyi-admin.jar 7.19 ruoyi-admin.jar8.151 start.sh

/www/server/nginx/conf/nginx.conf 查看 nginx 反证

user www www;

worker_processes auto;

error_log /www/wwwlogs/nginx_error.log crit;

pid /www/server/nginx/logs/nginx.pid;

worker_rlimit_nofile 51200;

stream {

log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';

access_log /www/wwwlogs/tcp-access.log tcp_format;

error_log /www/wwwlogs/tcp-error.log;

include /www/server/panel/vhost/nginx/tcp/*.conf;

}

events

{

use epoll;

worker_connections 51200;

multi_accept on;

}

http

{

include mime.types;

#include luawaf.conf;

include proxy.conf;

lua_package_path "/www/server/nginx/lib/lua/?.lua;;";

default_type application/octet-stream;

server_names_hash_bucket_size 512;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 50m;

sendfile on;

tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 256k;

fastcgi_intercept_errors on;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.1;

gzip_comp_level 2;

gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;

gzip_vary on;

gzip_proxied expired no-cache no-store private auth;

gzip_disable "MSIE [1-6]\.";

limit_conn_zone $binary_remote_addr zone=perip:10m;

limit_conn_zone $server_name zone=perserver:10m;

server_tokens off;

access_log off;

server

{

listen 80;

server_name adminjmhw.sdxfwl.top;

index index.html;

root /webapp/dist;

#解决页面刷新404问题

try_files $uri $uri/ /index.html;

location /prod-api/ {

proxy_pass http://127.0.0.1:8080/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

server

{

listen 80;

server_name groupadmin.sdxfwl.top;

index index.html;

root /webapp/group;

#解决页面刷新404问题

try_files $uri $uri/ /index.html;

location /prod-api/ {

proxy_pass http://127.0.0.1:8080/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

server

{

listen 80;

server_name zihoutaijmhw.sdxfwl.top;

index index.html;

root /webapp/qz;

#解决页面刷新404问题

try_files $uri $uri/ /index.html;

location /prod-api/ {

proxy_pass http://127.0.0.1:8080/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

server

{

listen 80;

server_name apijmhw.sdxfwl.top;

location / {

proxy_pass http://127.0.0.1:8080/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

#抽奖页面

location /luck-prize{

#解决页面刷新404问题

try_files $uri $uri/ /luck-prize/index.html;

index index.html;

alias /webapp/luck-prize;

}

location /download{

try_files $uri $uri/ /down/index.html;

index index.html;

alias /webapp/down;

}

location /app{

try_files $uri $uri/ /app/app.apk;

alias /webapp/app;

}

}

server

{

listen 80;

server_name xiazai.sdxfwl.top;

location / {

root /webapp/down;

try_files $uri $uri/ /down/index.html;

index index.html;

}

#抽奖页面

location /index{

#解决页面刷新404问题

try_files $uri $uri/ /www/server/nginx/guanwang/index.html;

index index.html;

}

location /app{

alias /webapp/app;

try_files $uri $uri/ /app/app.apk;

}

}

server

{

listen 8888;

#抽奖页面

location /{

root /www/server/nginx/guanwang;

index index.html;

}

}

server

{

listen 888;

server_name phpmyadmin;

index index.html index.htm index.php;

root /www/server/phpmyadmin;

location ~ /tmp/ {

return 403;

}

#error_page 404 /404.html;

include enable-php.conf;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

location ~ /\.

{

deny all;

}

access_log /www/wwwlogs/access.log;

}

include /www/server/panel/vhost/nginx/*.conf;

}

网站配置中 Redis 的连接超时时间为多少秒

[root@localhost tmp]# cat BOOT-INF/classes/application.yml

# 项目相关配置

ruoyi:

# 名称

name: 集美好物

# 版本

version: 3.8.2

# 版权年份

copyrightYear: 2022

# 实例演示开关

demoEnabled: true

# 文件路径 示例( Windows配置D:/ruoyi/uploadPath,Linux配置 /home/ruoyi/uploadPath)

profile: /webapp/profile

# 域名链接

domainUrl: http://apijmhw.sdxfwl.top

# domainUrl: https://287h06775m.picp.vip

# 获取ip地址开关

addressEnabled: false

# 验证码类型 math 数组计算 char 字符验证

captchaType: math

# 开发环境配置

server:

# 服务器的HTTP端口,默认为8080

port: 8080

servlet:

# 应用的访问路径

context-path: /

tomcat:

# tomcat的URI编码

uri-encoding: UTF-8

# 连接数满后的排队数,默认为100

accept-count: 1000

threads:

# tomcat最大线程数,默认为200

max: 800

# Tomcat启动初始化的线程数,默认值10

min-spare: 100

# 日志配置

logging:

level:

com.ruoyi: debug

org.springframework: warn

# 腾讯云

tencent:

cloud:

im:

sdkAppId: 1400814018

key: 388ab0a1f2ab6413e97932fe0afef716ba4b1f989fa5470925891853ea0dfc98

#阿里云人脸识别

aliyun-face:

regionId: cn-hangzhou

accessKey: LTAI5tM8RJiEEuJnHfT8uVaa

secret: 19THhUjxRFhaeWlUJhIG5uV16hyFID

# Spring配置

spring:

# 资源信息

messages:

# 国际化资源文件路径

basename: i18n/messages

profiles:

active: druid

# 文件上传

servlet:

multipart:

# 单个文件大小

max-file-size: 10MB

# 设置总上传的文件大小

max-request-size: 20MB

# 服务模块

devtools:

restart:

# 热部署开关

enabled: true

# redis 配置

redis:

# 地址

host: localhost

# 端口,默认为6379

port: 6379

# 数据库索引

database: 3

# 密码

password:

# 连接超时时间

timeout: 10s

lettuce:

pool:

# 连接池中的最小空闲连接

min-idle: 0

# 连接池中的最大空闲连接

max-idle: 8

# 连接池的最大数据库连接数

max-active: 8

# #连接池最大阻塞等待时间(使用负值表示没有限制)

max-wait: -1ms

# token配置

token:

# 令牌自定义标识

header: Authorization

# 令牌密钥

secret: abcdefghijklmnopqrstuvwxyz

# 令牌有效期(默认30分钟)

expireTime: 1440

# MyBatis配置

mybatis:

# 搜索指定包别名

typeAliasesPackage: com.ruoyi.**.domain

# 配置mapper的扫描,找到所有的mapper.xml映射文件

mapperLocations: classpath*:mapper/**/*Mapper.xml

# 加载全局的配置文件

configLocation: classpath:mybatis/mybatis-config.xml

# PageHelper分页插件

pagehelper:

helperDialect: mysql

# 超出页数返回最后一页

reasonable: false

supportMethodsArguments: true

params: count=countSql

# Swagger配置

swagger:

# 是否开启swagger

enabled: true

# 请求前缀

pathMapping: /

# 防止XSS攻击

xss:

# 过滤开关

enabled: true

# 排除链接(多个用逗号分隔)

excludes: /system/notice

# 匹配链接

urlPatterns: /system/*,/monitor/*,/tool/*

# 加密

security:

publicKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrhYO3r2h87IITw/H3ZMYJbBOip0WWjkez2dGcqkXWmBLcovAkZ5bqY0WMWmODlTuW2fFk7nZRTytbOgmfd9rCx5Ehx4du2VhTXnhI4VtpNC6q+NRt075MnBiIFqBW7UEMRpc1rDcSVWRZVhL8VY47B35gRiAzslxMrtZuIm75M1P4DWt57QCy6D1Kvsbvk5IvevMDZflTV6DwjABqrKXV5OmGetbehb5D7Ap5jWcQVE845lrKf4dCCi+hX9ebYCsxQOg6/jLH2Qo2FKZ3BECh1SfjUfuhjleP0obi/egvPYHubxR4u2RJ/hdUX68umXh7/AbT7mjD+GqLunf1xD8wIDAQAB

privateKey: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCyuFg7evaHzsghPD8fdkxglsE6KnRZaOR7PZ0ZyqRdaYEtyi8CRnlupjRYxaY4OVO5bZ8WTudlFPK1s6CZ932sLHkSHHh27ZWFNeeEjhW2k0Lqr41G3TvkycGIgWoFbtQQxGlzWsNxJVZFlWEvxVjjsHfmBGIDOyXEyu1m4ibvkzU/gNa3ntALLoPUq+xu+Tki968wNl+VNXoPCMAGqspdXk6YZ61t6FvkPsCnmNZxBUTzjmWsp/h0IKL6Ff15tgKzFA6Dr+MsfZCjYUpncEQKHVJ+NR+6GOV4/ShuL96C89ge5vFHi7ZEn+F1Rfry6ZeHv8BtPuaMP4aou6d/XEPzAgMBAAECggEBAKvXswbmMbvdqPLEAhHXZpMNAZhTD/KUd/TEBpWxEh+7fXkwyciPSN2KtBSTX0L6ZDWMYQZLMhUwcjsiD49buBvf2z394BrCUR13+jergtc9e38680WrHZbcI9mEThQRP5krshU3tWrKssxPWNZdFB5CJNcnabKfoa46TNC7LSL3NNkofKrH9kdi1J5GnDR3c3+nuflPy4aM9iqMtPlp+J+kBcRq/9DXoZrBZouu/4QJ7241iGofKVu8HjhfBNUyXWDI9JKu5t291unXYJ13vgGmNkzced+6TK1quPA9pQIOktw0a2daVepnLeoJ0jJBQcdEHf8d8ounb/Z9LdXnl/kCgYEA6JB8lp16fnjMTeQpgLw9R2Eq9jfTZx1jZqIOQJ6dLuX0YOW+l64eZwhd8dEfPkK+2AptWqX87OnRs/5iR607oWuWnyvmlziN2emx+Y9BAKbGhP7E2F/pZ0kLQQ11FxkNwwndJjwnBH/9O4n9CAFJimDZ8lwhxYZDIVhs89v91v0CgYEAxLrTMz9IcT7zfI/egxohgOluylRLRke+IlQ66TPF0oPnRqthouoYHh3HySAjdsyBKd/Vi/CCQFZWrUg15quHuRoxBHOD4t+AybX3aFKK18ILNBJ7ioZ6gHFxgqXPewb4SGWWv4MNT/4IzIx6mJ4Lh4Z3BdxRQ8adWsN80Gmlka8CgYBtb2ghG7ODheZllMLu4CVZzGCCAh0JfavDpOheAgVnBzBq1FFOYNHPnAFRBB3Wl2Pkl2uD523QMerK7x5iKiNQPydeeTMF38foTe7Ax2dIHjJ2bMhGJUPYpWeVUfbSSqjOKXsWPeICXRPVi4Y02R447oBAapg9sYMvUsPaMKAPJQKBgQCXGWdd1R0u3crlwRqGV2ukN6aAgH3QXQoME+Wrd7hZGDZqcPdsyZ/8gaMRNz4F4MzT/Ldn5DImeCnarbu4j8aOxS8g3BhQCJpCUyDTX5KEZOV1+TwqCV/Nh1RHpFLXi2LnOB+wuFdhORxI/xyqW7k/PmfseGtyQvpY3AzhhkNEwQKBgQCmXBf7PrI7gi+PCrtSgQEbm84bda6Y9b24095KLDA22VtabYmF7VwvzJxoHUKtpd2nrcQT/1eZkbLaEsoVP0wFKtvIiTzQZ3VPOHuJiLctAcrQ4hKVI/6nu2r+yRCCar9gcrqB3TLZb+oyR+nPmcBSok78zdeUpFseYaGgbGouwg==

#支付宝

alipay:

pid: 2088441384291084

appId: 2021003181631188

privateKey: MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUB6gxWCkmKJkYulS2hnKMN0FG8OWFwpYie6ytLVnbZZdejY95sg42wFIhTdu6ItQDm417BogazyKfMneSfUGuzpuhwByJr7dBcmuoD3YIEYsGJehLsIqRaLYIeqd42s71sdtTHfviml38tk174SsIEwK21XlM2uBC8YRrQqOYj7nFVcKlEAF0kDISuyBtyQY7Kp5CXM6yW8HJACO1RXocbb6o5IgaXoBn3osr3JScjrbL53jr6Ha7TvQIz7slCiatkxNiFQZy13sMRcZrbUzifg0uZJnTFIA/zFSmD9bifVHAhZ5qBln6Q7Ts0ADpoj14acz18IT+epfLHE0QjFZrAgMBAAECggEBAI0+1JKakj7zSJmqdwhopCI4JOonTB9BM1ahYLS0w2leUeoRD4UYUlOy5oN9JGTpEqecljFgdoa1efDnY7RYcMsMo6yrF9e5ELEukf0Q36YcWaqs0gSqBIU9ZhZb7viZesk9xEeob8XS482XfCKMK2hjkalOqFHEdSTjUz1I1UapMNdNgQyKy5LhhTfOFu2Gozl0UuiH7pmzSQpTTPSDmXJbsvrW5H/KM7UZU0vxdB+7Osib0c9CvaMNqIri/uNBkCIATUEQQgunCqAQDhj5CN2VWw058/TZh1qPG8rrxutrP9hg4m9KUXBE3mfzKXADmef/x/jEhGsxo1UCI3mov2ECgYEA+7x7wGn8JEnTrgt61WCB2I2jTrXl+MGpq2DK3+3HynjB8aRP7kjToNUB4rqy4mAZ2z+GWIFtD8oml5Qf470Sx/4chB6QjR23g3RYSrG0hfFtWjdZYIQrL9PX0jwJ8I04sNTcYosfwGsZiTxxHl9G44lbA6ngTBqGwIVx5oHeRoMCgYEA158CO2bzfswoxZnQYohZYwmanLLy8P9tFBZZFbbzsEjbsy3Tr+K+HSKxo51WBp7UqBzG3ELQ+/n+G/mG9ett20f3GPvUe/vEO55KrlLdZDE8pmzFQCQD4DNX+u0Ln6ryxltihh3ZhPZXdVg9qhnKP0eOMbo6kzesx+HAEfrLa/kCgYAQK9F/UM+jvSJeAdrILkTpFmAxRDobusUdf0BJFktJVGyRC08fLYp6wHQ4jmnDZQ0EKpaExPuukfvcrOVHifPU6RwH2LbMeeY6CZVKZxQDrripnPie3J6xmdg5ZyX0T/4eTe5CXlGR2M9xI3LY0qIJJ9+y4ozIFsQlRe1FM36F5QKBgQCyZ2VAYxlbM28UuAScUjarZBniR4oNbzoAYdFJzztoA5CMe4FoSRKGJtuWBatVBPvtMQo02q/xnNHssZRCS4503eGMcWlJQHIH5hviiruVl8uX4+18+Y+fZLwJ6TIx5Q7Eon4te+srQWvxspYq9PXLT9hOOskWX/180MPL3JeNeQKBgGlIaT9Mru3EJ1q0537JIuq/58LN2RL//QIwjp/m7nXrLz0r7XLMzyKCcw2QNCLnl+Su83YLllEdaLXo/CkKYY5x7RbMPHLzI9+v844H2uhON6Up1VHcc94BM3UghNpmoUbqRdv9rsIckTwRNwtgGkVGvFziPVrPARVkb3v1eMk9

#alipay:

# pid: 2088541582026142

# appId: 2021003174680109

# privateKey: MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNNk8fLV5gnxsWN3G8bwzW3H+BnuXgXckMEO/Qr3vJ2LrgRRxvO8bPrJmr57tPgoQwpbTn3wJv/af/9QSuqaboje5lFSX0NkBBppf+hjfn1vmlSO9kIHgyAkfstRmPkM8SJIoCT9gM0nYwge9FVUAJgegMxETLLLkg4F3RSIE3X6QmI7Fl+k/ww3Q8Qw+3mKRvGIf+FTacBLs/xKMsP8QV9M9PV10Jt8lh0nvW6QDY2FHt6Yzyy1atbHfopyrfU77CptJsGyOlxMD+5O2rK+K47fEWm2+wWwN89lh2qxZ7cl7vcTMoensDrjZpETPu9iVSP0e0Xl3wi7eR2hY5U903AgMBAAECggEAL1QmPW+OQ8SOT7pr3eTS1j82nSOTqwKWWtURKlU+vJfiydTGsRTdToplStOATN8yM7IUHiI+AqxC8fKFqO7x0tLhN6j//uoAOeP9TDOSc0MOgsNmivY+InKKOhqukYD5cRrCRbQ6hQKJRbjCAYCe61JtvXwKzb072UxF9v2855MaAASzxsO0RBhYwPsaaXG1Kq+2hBvQ0RlRuur3rJXQ3eWlfk9XpL5pLrWCNvEWQ40TB436R60DFBkEG95M6tXmnNLiYFGV37UsztH0qUw+PFCoBMt+T72+kg+l1DM1dVgyNYPWolFjZJxPyzi+SzdsxVSaBA1FDa9V1OTjZV/vWQKBgQD/3LcuiAYB/I/5g6azrhDzKjBusoFNPU+xpfIz5ub+xyTGZ54ZhFhNSeSgXlNoIVcfa+1bCvMSLvkIie1uaB3E8QivioU1uNEyu7jCapr+P1xIkw6Um1ZLx5lNfyigYqn6KaYWiIpMkAUje7ulNGr9YN4l3XAIO2kdW5rHCA9AlQKBgQDNUpvRt4iRoweMPsUNUpOWtJ+5b5RwGpFsGfRDrt8sdTvMEaDOyn3AiHrBiHuhAUrsAY2ZrvL20eFM+SpaTC1unqnRu8QykMfIQQ83PTsmNtKjoOBI5X4mOXeIrKpJGm53ecwOyOQcQv0xN9AwNHn7eJATPvO8YRrjK/0Dg6j3mwKBgAkvsoAAMD8IA19RA741xLQGUsDWtd/BEMhvDdghNS/2lHJvK/T8lHMJ8SR03ofBkrA1HsuDBCEmAJj24shxAoicotQyo/++x/wLU2Hfk/sG6VhNt1tMjHeiDfYDV8ESacnqjuUGN/jxvs18Vstiq2i3fqJbZfdVsrt0G4WD25BVAoGBAIyOQJ0QRy1rrX8UeVDldqN0guMuvy7/AQ4/tjefPqfwmT7Z0nu9othqlZ5nEDrn56IobgcG/Mx6YQGQkK2/+FoBw78QCv+SnTE5WHE4OYWvggMB3ogIkpMYQ/wMN4ZT0ct4VXjJjV7LfQh0bNCTG+5KWlbSgYgz8XQSaOI+/yyBAoGBAJ+ahhO8U54bM0m8vci2UTAHV7kliLlkK7RU9piRZzh1muOSZkef+XL6WICefJ91gtnv0UmEElbMYwgyxdsJK5VnVUgZVY8V4QBC4NpF0M5e1rt95LUAjQYqnHvqGboRhuUh7OxLzSyFZIBA1qZeXuyX3Mij8Rzc2593ONbaLCNt

网站普通用户密码中使用的盐值为

这里手撕或者重构网站都可以,我一开始选择手撕,感觉 ruoyi 框架开源的好手撕一点,重构写在文末

image-20240505214842180

image-20240505214851717

网站管理员用户密码的加密算法名称是什么

<code>data 执行

[root@localhost ~]# docker inspect 9b | grep -i pass

"MYSQL_ROOT_PASSWORD=my-secret-pw",

image-20240505215439388

bcrypt,一眼顶针

网站超级管理员用户账号创建的时间是?

image-20240505215525518

重构进入网站之后,用户管理下的用户列表页面默认有多少页数据

这个只能重构

该网站的系统接口文档版本号为

搜 <code>SwaggerConfig

image-20240505215951153

image-20240505220057572

image-20240505220124029

该网站获取订单列表的接口

还是搜索关键字

image-20240505220147633

受害人卢某的用户 ID

image-20240505220256650

image-20240505220325041

受害人卢某一共充值了多少钱

image-20240505220349091

网站设置的单次抽奖价格为多少元

image-20240505220406829

网站显示的总余额数是

只能重构

网站数据库的 root 密码

<code>docker inspect 能看,cmd5 也可以跑,不过付费

image-20240505220452801

数据库服务器的操作系统版本是

<code>[root@localhost ~]# cat /etc/*release

CentOS Linux release 7.9.2009 (Core)

NAME="CentOS Linux"code>

VERSION="7 (Core)"code>

ID="centos"code>

ID_LIKE="rhel fedora"code>

VERSION_ID="7"code>

PRETTY_NAME="CentOS Linux 7 (Core)"code>

ANSI_COLOR="0;31"code>

CPE_NAME="cpe:/o:centos:centos:7"code>

HOME_URL="https://www.centos.org/"code>

BUG_REPORT_URL="https://bugs.centos.org/"code>

CENTOS_MANTISBT_PROJECT="CentOS-7"code>

CENTOS_MANTISBT_PROJECT_VERSION="7"code>

REDHAT_SUPPORT_PRODUCT="centos"code>

REDHAT_SUPPORT_PRODUCT_VERSION="7"code>

CentOS Linux release 7.9.2009 (Core)

CentOS Linux release 7.9.2009 (Core)

数据库服务器的 Docker Server 版本是

[root@localhost ~]# docker version

Client:

Version: 1.13.1

API version: 1.26

Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64

Go version: go1.10.3

Git commit: 7d71120/1.13.1

Built: Wed Mar 2 15:25:43 2022

OS/Arch: linux/amd64

Server:

Version: 1.13.1

API version: 1.26 (minimum version 1.12)

Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64

Go version: go1.10.3

Git commit: 7d71120/1.13.1

Built: Wed Mar 2 15:25:43 2022

OS/Arch: linux/amd64

Experimental: false

数据库服务器中数据库容器的完整 ID 是

[root@localhost ~]# docker ps -a --no-trunc

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

9bf1cecec3957a5cd23c24c0915b7d3dd9be5238322ca5646e3d9e708371b765 eclipse/mysql "docker-entrypoint.sh mysqld" 7 weeks ago Up 14 minutes 0.0.0.0:3306->3306/tcp mysql

数据库服务器中数据库容器使用的镜像 ID

[root@localhost ~]# docker images --no-trunc

REPOSITORY TAG IMAGE ID CREATED SIZE

docker.io/eclipse/mysql latest sha256:66c0e7ca4921e941cbdbda9e92242f07fe37c2bcbbaac4af701b4934dfc41d8a 6 years ago 436 MB

数据库服务器中数据库容器创建的北京时间

[root@localhost ~]# docker inspect 9b | grep -i create

"Created": "2024-03-13T12:15:23.02589108Z",

数据库服务器中数据库容器的 ip 是

[root@localhost ~]# docker inspect 9b | grep -i ip

"HostIp": "",

"IpcMode": "",

"Image": "eclipse/mysql",

"LinkLocalIPv6Address": "",

"LinkLocalIPv6PrefixLen": 0,

"HostIp": "0.0.0.0",

"SecondaryIPAddresses": null,

"SecondaryIPv6Addresses": null,

"GlobalIPv6Address": "",

"GlobalIPv6PrefixLen": 0,

"IPAddress": "172.17.0.2",

"IPPrefixLen": 16,

"IPv6Gateway": "",

"IPAMConfig": null,

"IPAddress": "172.17.0.2",

"IPPrefixLen": 16,

"IPv6Gateway": "",

"GlobalIPv6Address": "",

"GlobalIPv6PrefixLen": 0,

分析数据库数据,在该平台邀请用户进群最多的用户的登录 IP 是

SELECT inviter_id, COUNT(*) AS invite_count

FROM app_group_apply

GROUP BY inviter_id

ORDER BY invite_count DESC

LIMIT 1;

image-20240505221432472

分析数据库数据,在该平台抢得最多红包金额的用户的登录 IP 是

<code>SELECT user_id, SUM(money) AS total_amount

FROM app_group_redpacket_member

GROUP BY user_id

ORDER BY total_amount DESC

LIMIT 1;

image-20240505220938163

数据库中记录的提现成功的金额总记是多少(不考虑手续费)

<code>SELECT SUM(amount) AS total_withdrawn_amount

FROM app_user_withdraw

WHERE status = 3;

rocketchat 服务器中,有几个真实用户?

root@debian:~# netstat -nlpt

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 2448/sendmail: MTA:

tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN 1628/nginx: master

tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 1975/docker-proxy

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1628/nginx: master

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2448/sendmail: MTA:

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1011/pure-ftpd (SER

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3335/sshd: /usr/sbi

tcp 0 0 127.0.0.1:8461 0.0.0.0:* LISTEN 866/python3

tcp 0 0 0.0.0.0:14811 0.0.0.0:* LISTEN 1824/python3

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1628/nginx: master

tcp6 0 0 :::21 :::* LISTEN 1011/pure-ftpd (SER

tcp6 0 0 :::22 :::* LISTEN 3335/sshd: /usr/sbi

tcp6 0 0 :::3306 :::* LISTEN 1621/mysqld

root@debian:~# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

160c806d13ea registry.rocket.chat/rocketchat/rocket.chat:latest "docker-entrypoint.s…" 7 weeks ago Up 3 hours 0.0.0.0:3000->3000/tcp rocketchat-rocketchat-1

929dad307aa4 bitnami/mongodb:5.0 "/opt/bitnami/script…" 7 weeks ago Up 3 hours 27017/tcp rocketchat-mongodb-1

image-20240505210811684

image-20240505211727895

rocketchat 服务器中,聊天服务的端口号是?

见上

rocketchat 服务器中,聊天服务的管理员的邮箱是?

见上

rocketchat 服务器中,聊天服务使用的数据库的版本号是?

image-20240505212105241

image-20240505212132139

image-20240505212228736

rocketchat 服务器中,最大的文件上传大小是?(以字节为单位)

image-20240505214149753

rocketchat 服务器中,管理员账号的创建时间为?

image-20240505213819350

rocketchat 服务器中,技术员提供的涉诈网站地址是?

image-20240505214319466

综合分析服务器,该团伙的利润分配方案中,老李的利润占比是多少

image-20240505214308372

综合分析服务器,该团队“杀猪盘”收网的可能时间段为

image-20240505214402212

请综合分析,警方未抓获的重要嫌疑人,其使用聊天平台时注册邮箱号为?

image-20240505214511249

分析 openwrt 镜像,该系统的主机名为

698138afd0fc7ba17ad2f1b4fe3ca98a

image-20240505205848249

分析 openwrt 镜像,该系统的内核版本为

image-20240505205905148

分析 openwrt 镜像,该静态 ip 地址为

见 PC 浏览器

分析 openwrt 镜像,所用网卡的名称为

image-20240505210108978

分析 openwrt 镜像,该系统中装的 docker 的版本号为

image-20240505210127414

分析 openwrt 镜像,nastools 的配置文件路径为

image-20240505210147865

分析 openwrt 镜像,使用的 vpn 代理软件为

image-20240505210317536

分析 openwrt 镜像,vpn 实际有多少个可用节点

image-20240505210336098

分析 openwrt 镜像,节点 socks 的监听端口是多少

image-20240505210423385

分析 openwrt 镜像,vpn 的订阅链接是

image-20240505210446861

网站重构方法

之前队友传过一份运维手册,一条一条改,傻瓜式

image-20240505222120420

修改两个yaml文件

image-20240505223027949

修改数据库

image-20240505225359017

image-20240505225600602

绕密

image-20240505225621638

image-20240505225641923

image-20240505225526717

总结

image-20240505222306858

这次打了第四,还差一捏捏有点可惜了,思路没啥大问题,手贱交错几条flag

欢迎加微信交流:WQZ1127786222

b3nguang

2024.5.5



声明

本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。