2024FIC 第四届全国网络空间取证竞赛—线上赛(服务器部分)
b3nguang 2024-07-14 13:37:01 阅读 75
因为使用仿真软件会破坏 esxi 镜像引导,因此学会手动挂载是必要的
关掉杀软等会占用磁盘的软件
FTK(一定要是图标是放大镜的版本)挂载镜像,有几块挂几块,一次性挂挂好,务必 可读可写(不一定 FTK,看自己习惯什么挂载软件就用什么挂载)
管理员模式打开 vmware,cpu 和内存给大点,先挂系统盘,再挂数据盘
成功启动
手动绕密(exsi7 及以下)
手动加一块 iso 镜像
打开电源时进入固件,选第二个
进入试用模式
<code>cp state.tgz /tmp
cd /tmp
tar xzf state.tgz
tar xzf local.tgz
cd etc
cp shadow shadow.bak
nano shadow #shadow咋改你懂得
cd ..
tar czf local.tgz etc
tar czf state.tgz local.tgz
cp /tmp/state.tgz /media/ubuntu/586C-10CC2
空密码登录
esxi 服务器的 esxi 版本为?
挂起来就好
请分析 ESXi 服务器,该系统的安装日期为:
请分析 ESXi 服务器数据存储“datastore”的 UUID 是?
ESXI 服务器的原 IP 地址?
仿起来就好
EXSI 服务器中共创建了几个虚拟机?
网站服务器绑定的 IP 地址为?
fscan 开扫就完事了
rocketchat 手动绕个密
开机启动,选择(core),按++e++键
如果是 CentOS,则修改 <code>ro 为 rw init=/sysroot/bin/sh
;如果是 Ubuntu,则修改 ro
为 rw single init=/bin/bash
按++ctrl+x++,进入 shell 界面,再输入
chroot /sysroot
输入下面的命令修改密码,需要输入两次来确认密码
passwd
关闭 SELinux(可选)
编辑 SELinux 的 config
文件
sudo vi /etc/selinux/config
找到 SELINUX=enforcing
或 SELINUX=permissive
字段,按++i++进入编辑模式,将参数 SELINUX=enforcing
或 SELINUX=permissive
修改为 SELINUX=disabled
,并保存++colon+w+q++
重启
reboot
网站服务器的登录密码为?
fscan 扫出来了
网站服务器所使用的管理面板登陆入口地址对应的端口号为:
www
执行 bt 14
[root@localhost ~]# bt 14
===============================================
正在执行(14)...
===============================================
curl: (28) Resolving timed out after 4519 milliseconds
curl: (28) Resolving timed out after 4519 milliseconds
curl: (28) Resolving timed out after 4517 milliseconds
==================================================================
BT-Panel default info!
==================================================================
获取外网IP失败,请使用服务器公网IP+端口访问面板
外网面板地址: https://服务器公网IP:14131/adec8c75
内网面板地址: https://192.168.8.89:14131/adec8c75
username: j9oehwoa
password: ********
Warning:
If you cannot access the panel,
release the following port (8888|888|80|443|20|21) in the security group
注意:初始密码仅在首次登录面板前能正确获取,其它时间请通过 bt 5 命令修改密码
==================================================================
网站服务器的 web 目录是?
www
执行
[root@localhost ~]# ls /
bin boot dev etc home lib lib64 media mnt opt patch proc root run sbin srv sys tmp usr var webapp webapp.zip www
[root@localhost ~]# ls /webapp
dist group luck-prize qz 7.11 ruoyi-admin.jar0826 ruoyi-admin.jar0904 ruoyi-admin.jar 7.26 ruoyi-admin.jar8.16 test
dist0826 index.html nohup.out restart.sh ruoyi-admin.jar0827 ruoyi-admin.jar0907 ruoyi-admin.jar8.14 ruoyi-admin.jarbak
dist0906 kill.sh profile ruoyi-admin.jar ruoyi-admin.jar0828 ruoyi-admin.jar0915 ruoyi-admin.jar8.15 ruoyi-admin.pid
down logs qz ruoyi-admin.jar0818 ruoyi-admin.jar08281 ruoyi-admin.jar 7.19 ruoyi-admin.jar8.151 start.sh
/www/server/nginx/conf/nginx.conf
查看 nginx 反证
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
stream {
log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';
access_log /www/wwwlogs/tcp-access.log tcp_format;
error_log /www/wwwlogs/tcp-error.log;
include /www/server/panel/vhost/nginx/tcp/*.conf;
}
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
lua_package_path "/www/server/nginx/lib/lua/?.lua;;";
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 80;
server_name adminjmhw.sdxfwl.top;
index index.html;
root /webapp/dist;
#解决页面刷新404问题
try_files $uri $uri/ /index.html;
location /prod-api/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 80;
server_name groupadmin.sdxfwl.top;
index index.html;
root /webapp/group;
#解决页面刷新404问题
try_files $uri $uri/ /index.html;
location /prod-api/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 80;
server_name zihoutaijmhw.sdxfwl.top;
index index.html;
root /webapp/qz;
#解决页面刷新404问题
try_files $uri $uri/ /index.html;
location /prod-api/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 80;
server_name apijmhw.sdxfwl.top;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#抽奖页面
location /luck-prize{
#解决页面刷新404问题
try_files $uri $uri/ /luck-prize/index.html;
index index.html;
alias /webapp/luck-prize;
}
location /download{
try_files $uri $uri/ /down/index.html;
index index.html;
alias /webapp/down;
}
location /app{
try_files $uri $uri/ /app/app.apk;
alias /webapp/app;
}
}
server
{
listen 80;
server_name xiazai.sdxfwl.top;
location / {
root /webapp/down;
try_files $uri $uri/ /down/index.html;
index index.html;
}
#抽奖页面
location /index{
#解决页面刷新404问题
try_files $uri $uri/ /www/server/nginx/guanwang/index.html;
index index.html;
}
location /app{
alias /webapp/app;
try_files $uri $uri/ /app/app.apk;
}
}
server
{
listen 8888;
#抽奖页面
location /{
root /www/server/nginx/guanwang;
index index.html;
}
}
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
location ~ /tmp/ {
return 403;
}
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}
网站配置中 Redis 的连接超时时间为多少秒
[root@localhost tmp]# cat BOOT-INF/classes/application.yml
# 项目相关配置
ruoyi:
# 名称
name: 集美好物
# 版本
version: 3.8.2
# 版权年份
copyrightYear: 2022
# 实例演示开关
demoEnabled: true
# 文件路径 示例( Windows配置D:/ruoyi/uploadPath,Linux配置 /home/ruoyi/uploadPath)
profile: /webapp/profile
# 域名链接
domainUrl: http://apijmhw.sdxfwl.top
# domainUrl: https://287h06775m.picp.vip
# 获取ip地址开关
addressEnabled: false
# 验证码类型 math 数组计算 char 字符验证
captchaType: math
# 开发环境配置
server:
# 服务器的HTTP端口,默认为8080
port: 8080
servlet:
# 应用的访问路径
context-path: /
tomcat:
# tomcat的URI编码
uri-encoding: UTF-8
# 连接数满后的排队数,默认为100
accept-count: 1000
threads:
# tomcat最大线程数,默认为200
max: 800
# Tomcat启动初始化的线程数,默认值10
min-spare: 100
# 日志配置
logging:
level:
com.ruoyi: debug
org.springframework: warn
# 腾讯云
tencent:
cloud:
im:
sdkAppId: 1400814018
key: 388ab0a1f2ab6413e97932fe0afef716ba4b1f989fa5470925891853ea0dfc98
#阿里云人脸识别
aliyun-face:
regionId: cn-hangzhou
accessKey: LTAI5tM8RJiEEuJnHfT8uVaa
secret: 19THhUjxRFhaeWlUJhIG5uV16hyFID
# Spring配置
spring:
# 资源信息
messages:
# 国际化资源文件路径
basename: i18n/messages
profiles:
active: druid
# 文件上传
servlet:
multipart:
# 单个文件大小
max-file-size: 10MB
# 设置总上传的文件大小
max-request-size: 20MB
# 服务模块
devtools:
restart:
# 热部署开关
enabled: true
# redis 配置
redis:
# 地址
host: localhost
# 端口,默认为6379
port: 6379
# 数据库索引
database: 3
# 密码
password:
# 连接超时时间
timeout: 10s
lettuce:
pool:
# 连接池中的最小空闲连接
min-idle: 0
# 连接池中的最大空闲连接
max-idle: 8
# 连接池的最大数据库连接数
max-active: 8
# #连接池最大阻塞等待时间(使用负值表示没有限制)
max-wait: -1ms
# token配置
token:
# 令牌自定义标识
header: Authorization
# 令牌密钥
secret: abcdefghijklmnopqrstuvwxyz
# 令牌有效期(默认30分钟)
expireTime: 1440
# MyBatis配置
mybatis:
# 搜索指定包别名
typeAliasesPackage: com.ruoyi.**.domain
# 配置mapper的扫描,找到所有的mapper.xml映射文件
mapperLocations: classpath*:mapper/**/*Mapper.xml
# 加载全局的配置文件
configLocation: classpath:mybatis/mybatis-config.xml
# PageHelper分页插件
pagehelper:
helperDialect: mysql
# 超出页数返回最后一页
reasonable: false
supportMethodsArguments: true
params: count=countSql
# Swagger配置
swagger:
# 是否开启swagger
enabled: true
# 请求前缀
pathMapping: /
# 防止XSS攻击
xss:
# 过滤开关
enabled: true
# 排除链接(多个用逗号分隔)
excludes: /system/notice
# 匹配链接
urlPatterns: /system/*,/monitor/*,/tool/*
# 加密
security:
publicKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrhYO3r2h87IITw/H3ZMYJbBOip0WWjkez2dGcqkXWmBLcovAkZ5bqY0WMWmODlTuW2fFk7nZRTytbOgmfd9rCx5Ehx4du2VhTXnhI4VtpNC6q+NRt075MnBiIFqBW7UEMRpc1rDcSVWRZVhL8VY47B35gRiAzslxMrtZuIm75M1P4DWt57QCy6D1Kvsbvk5IvevMDZflTV6DwjABqrKXV5OmGetbehb5D7Ap5jWcQVE845lrKf4dCCi+hX9ebYCsxQOg6/jLH2Qo2FKZ3BECh1SfjUfuhjleP0obi/egvPYHubxR4u2RJ/hdUX68umXh7/AbT7mjD+GqLunf1xD8wIDAQAB
privateKey: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCyuFg7evaHzsghPD8fdkxglsE6KnRZaOR7PZ0ZyqRdaYEtyi8CRnlupjRYxaY4OVO5bZ8WTudlFPK1s6CZ932sLHkSHHh27ZWFNeeEjhW2k0Lqr41G3TvkycGIgWoFbtQQxGlzWsNxJVZFlWEvxVjjsHfmBGIDOyXEyu1m4ibvkzU/gNa3ntALLoPUq+xu+Tki968wNl+VNXoPCMAGqspdXk6YZ61t6FvkPsCnmNZxBUTzjmWsp/h0IKL6Ff15tgKzFA6Dr+MsfZCjYUpncEQKHVJ+NR+6GOV4/ShuL96C89ge5vFHi7ZEn+F1Rfry6ZeHv8BtPuaMP4aou6d/XEPzAgMBAAECggEBAKvXswbmMbvdqPLEAhHXZpMNAZhTD/KUd/TEBpWxEh+7fXkwyciPSN2KtBSTX0L6ZDWMYQZLMhUwcjsiD49buBvf2z394BrCUR13+jergtc9e38680WrHZbcI9mEThQRP5krshU3tWrKssxPWNZdFB5CJNcnabKfoa46TNC7LSL3NNkofKrH9kdi1J5GnDR3c3+nuflPy4aM9iqMtPlp+J+kBcRq/9DXoZrBZouu/4QJ7241iGofKVu8HjhfBNUyXWDI9JKu5t291unXYJ13vgGmNkzced+6TK1quPA9pQIOktw0a2daVepnLeoJ0jJBQcdEHf8d8ounb/Z9LdXnl/kCgYEA6JB8lp16fnjMTeQpgLw9R2Eq9jfTZx1jZqIOQJ6dLuX0YOW+l64eZwhd8dEfPkK+2AptWqX87OnRs/5iR607oWuWnyvmlziN2emx+Y9BAKbGhP7E2F/pZ0kLQQ11FxkNwwndJjwnBH/9O4n9CAFJimDZ8lwhxYZDIVhs89v91v0CgYEAxLrTMz9IcT7zfI/egxohgOluylRLRke+IlQ66TPF0oPnRqthouoYHh3HySAjdsyBKd/Vi/CCQFZWrUg15quHuRoxBHOD4t+AybX3aFKK18ILNBJ7ioZ6gHFxgqXPewb4SGWWv4MNT/4IzIx6mJ4Lh4Z3BdxRQ8adWsN80Gmlka8CgYBtb2ghG7ODheZllMLu4CVZzGCCAh0JfavDpOheAgVnBzBq1FFOYNHPnAFRBB3Wl2Pkl2uD523QMerK7x5iKiNQPydeeTMF38foTe7Ax2dIHjJ2bMhGJUPYpWeVUfbSSqjOKXsWPeICXRPVi4Y02R447oBAapg9sYMvUsPaMKAPJQKBgQCXGWdd1R0u3crlwRqGV2ukN6aAgH3QXQoME+Wrd7hZGDZqcPdsyZ/8gaMRNz4F4MzT/Ldn5DImeCnarbu4j8aOxS8g3BhQCJpCUyDTX5KEZOV1+TwqCV/Nh1RHpFLXi2LnOB+wuFdhORxI/xyqW7k/PmfseGtyQvpY3AzhhkNEwQKBgQCmXBf7PrI7gi+PCrtSgQEbm84bda6Y9b24095KLDA22VtabYmF7VwvzJxoHUKtpd2nrcQT/1eZkbLaEsoVP0wFKtvIiTzQZ3VPOHuJiLctAcrQ4hKVI/6nu2r+yRCCar9gcrqB3TLZb+oyR+nPmcBSok78zdeUpFseYaGgbGouwg==
#支付宝
alipay:
pid: 2088441384291084
appId: 2021003181631188
privateKey: MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUB6gxWCkmKJkYulS2hnKMN0FG8OWFwpYie6ytLVnbZZdejY95sg42wFIhTdu6ItQDm417BogazyKfMneSfUGuzpuhwByJr7dBcmuoD3YIEYsGJehLsIqRaLYIeqd42s71sdtTHfviml38tk174SsIEwK21XlM2uBC8YRrQqOYj7nFVcKlEAF0kDISuyBtyQY7Kp5CXM6yW8HJACO1RXocbb6o5IgaXoBn3osr3JScjrbL53jr6Ha7TvQIz7slCiatkxNiFQZy13sMRcZrbUzifg0uZJnTFIA/zFSmD9bifVHAhZ5qBln6Q7Ts0ADpoj14acz18IT+epfLHE0QjFZrAgMBAAECggEBAI0+1JKakj7zSJmqdwhopCI4JOonTB9BM1ahYLS0w2leUeoRD4UYUlOy5oN9JGTpEqecljFgdoa1efDnY7RYcMsMo6yrF9e5ELEukf0Q36YcWaqs0gSqBIU9ZhZb7viZesk9xEeob8XS482XfCKMK2hjkalOqFHEdSTjUz1I1UapMNdNgQyKy5LhhTfOFu2Gozl0UuiH7pmzSQpTTPSDmXJbsvrW5H/KM7UZU0vxdB+7Osib0c9CvaMNqIri/uNBkCIATUEQQgunCqAQDhj5CN2VWw058/TZh1qPG8rrxutrP9hg4m9KUXBE3mfzKXADmef/x/jEhGsxo1UCI3mov2ECgYEA+7x7wGn8JEnTrgt61WCB2I2jTrXl+MGpq2DK3+3HynjB8aRP7kjToNUB4rqy4mAZ2z+GWIFtD8oml5Qf470Sx/4chB6QjR23g3RYSrG0hfFtWjdZYIQrL9PX0jwJ8I04sNTcYosfwGsZiTxxHl9G44lbA6ngTBqGwIVx5oHeRoMCgYEA158CO2bzfswoxZnQYohZYwmanLLy8P9tFBZZFbbzsEjbsy3Tr+K+HSKxo51WBp7UqBzG3ELQ+/n+G/mG9ett20f3GPvUe/vEO55KrlLdZDE8pmzFQCQD4DNX+u0Ln6ryxltihh3ZhPZXdVg9qhnKP0eOMbo6kzesx+HAEfrLa/kCgYAQK9F/UM+jvSJeAdrILkTpFmAxRDobusUdf0BJFktJVGyRC08fLYp6wHQ4jmnDZQ0EKpaExPuukfvcrOVHifPU6RwH2LbMeeY6CZVKZxQDrripnPie3J6xmdg5ZyX0T/4eTe5CXlGR2M9xI3LY0qIJJ9+y4ozIFsQlRe1FM36F5QKBgQCyZ2VAYxlbM28UuAScUjarZBniR4oNbzoAYdFJzztoA5CMe4FoSRKGJtuWBatVBPvtMQo02q/xnNHssZRCS4503eGMcWlJQHIH5hviiruVl8uX4+18+Y+fZLwJ6TIx5Q7Eon4te+srQWvxspYq9PXLT9hOOskWX/180MPL3JeNeQKBgGlIaT9Mru3EJ1q0537JIuq/58LN2RL//QIwjp/m7nXrLz0r7XLMzyKCcw2QNCLnl+Su83YLllEdaLXo/CkKYY5x7RbMPHLzI9+v844H2uhON6Up1VHcc94BM3UghNpmoUbqRdv9rsIckTwRNwtgGkVGvFziPVrPARVkb3v1eMk9
#alipay:
# pid: 2088541582026142
# appId: 2021003174680109
# privateKey: MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNNk8fLV5gnxsWN3G8bwzW3H+BnuXgXckMEO/Qr3vJ2LrgRRxvO8bPrJmr57tPgoQwpbTn3wJv/af/9QSuqaboje5lFSX0NkBBppf+hjfn1vmlSO9kIHgyAkfstRmPkM8SJIoCT9gM0nYwge9FVUAJgegMxETLLLkg4F3RSIE3X6QmI7Fl+k/ww3Q8Qw+3mKRvGIf+FTacBLs/xKMsP8QV9M9PV10Jt8lh0nvW6QDY2FHt6Yzyy1atbHfopyrfU77CptJsGyOlxMD+5O2rK+K47fEWm2+wWwN89lh2qxZ7cl7vcTMoensDrjZpETPu9iVSP0e0Xl3wi7eR2hY5U903AgMBAAECggEAL1QmPW+OQ8SOT7pr3eTS1j82nSOTqwKWWtURKlU+vJfiydTGsRTdToplStOATN8yM7IUHiI+AqxC8fKFqO7x0tLhN6j//uoAOeP9TDOSc0MOgsNmivY+InKKOhqukYD5cRrCRbQ6hQKJRbjCAYCe61JtvXwKzb072UxF9v2855MaAASzxsO0RBhYwPsaaXG1Kq+2hBvQ0RlRuur3rJXQ3eWlfk9XpL5pLrWCNvEWQ40TB436R60DFBkEG95M6tXmnNLiYFGV37UsztH0qUw+PFCoBMt+T72+kg+l1DM1dVgyNYPWolFjZJxPyzi+SzdsxVSaBA1FDa9V1OTjZV/vWQKBgQD/3LcuiAYB/I/5g6azrhDzKjBusoFNPU+xpfIz5ub+xyTGZ54ZhFhNSeSgXlNoIVcfa+1bCvMSLvkIie1uaB3E8QivioU1uNEyu7jCapr+P1xIkw6Um1ZLx5lNfyigYqn6KaYWiIpMkAUje7ulNGr9YN4l3XAIO2kdW5rHCA9AlQKBgQDNUpvRt4iRoweMPsUNUpOWtJ+5b5RwGpFsGfRDrt8sdTvMEaDOyn3AiHrBiHuhAUrsAY2ZrvL20eFM+SpaTC1unqnRu8QykMfIQQ83PTsmNtKjoOBI5X4mOXeIrKpJGm53ecwOyOQcQv0xN9AwNHn7eJATPvO8YRrjK/0Dg6j3mwKBgAkvsoAAMD8IA19RA741xLQGUsDWtd/BEMhvDdghNS/2lHJvK/T8lHMJ8SR03ofBkrA1HsuDBCEmAJj24shxAoicotQyo/++x/wLU2Hfk/sG6VhNt1tMjHeiDfYDV8ESacnqjuUGN/jxvs18Vstiq2i3fqJbZfdVsrt0G4WD25BVAoGBAIyOQJ0QRy1rrX8UeVDldqN0guMuvy7/AQ4/tjefPqfwmT7Z0nu9othqlZ5nEDrn56IobgcG/Mx6YQGQkK2/+FoBw78QCv+SnTE5WHE4OYWvggMB3ogIkpMYQ/wMN4ZT0ct4VXjJjV7LfQh0bNCTG+5KWlbSgYgz8XQSaOI+/yyBAoGBAJ+ahhO8U54bM0m8vci2UTAHV7kliLlkK7RU9piRZzh1muOSZkef+XL6WICefJ91gtnv0UmEElbMYwgyxdsJK5VnVUgZVY8V4QBC4NpF0M5e1rt95LUAjQYqnHvqGboRhuUh7OxLzSyFZIBA1qZeXuyX3Mij8Rzc2593ONbaLCNt
网站普通用户密码中使用的盐值为
这里手撕或者重构网站都可以,我一开始选择手撕,感觉 ruoyi 框架开源的好手撕一点,重构写在文末
网站管理员用户密码的加密算法名称是什么
<code>data 执行
[root@localhost ~]# docker inspect 9b | grep -i pass
"MYSQL_ROOT_PASSWORD=my-secret-pw",
bcrypt,一眼顶针
网站超级管理员用户账号创建的时间是?
重构进入网站之后,用户管理下的用户列表页面默认有多少页数据
这个只能重构
该网站的系统接口文档版本号为
搜 <code>SwaggerConfig
该网站获取订单列表的接口
还是搜索关键字
受害人卢某的用户 ID
受害人卢某一共充值了多少钱
网站设置的单次抽奖价格为多少元
网站显示的总余额数是
只能重构
网站数据库的 root 密码
<code>docker inspect 能看,cmd5 也可以跑,不过付费
数据库服务器的操作系统版本是
<code>[root@localhost ~]# cat /etc/*release
CentOS Linux release 7.9.2009 (Core)
NAME="CentOS Linux"code>
VERSION="7 (Core)"code>
ID="centos"code>
ID_LIKE="rhel fedora"code>
VERSION_ID="7"code>
PRETTY_NAME="CentOS Linux 7 (Core)"code>
ANSI_COLOR="0;31"code>
CPE_NAME="cpe:/o:centos:centos:7"code>
HOME_URL="https://www.centos.org/"code>
BUG_REPORT_URL="https://bugs.centos.org/"code>
CENTOS_MANTISBT_PROJECT="CentOS-7"code>
CENTOS_MANTISBT_PROJECT_VERSION="7"code>
REDHAT_SUPPORT_PRODUCT="centos"code>
REDHAT_SUPPORT_PRODUCT_VERSION="7"code>
CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)
数据库服务器的 Docker Server 版本是
[root@localhost ~]# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7d71120/1.13.1
Built: Wed Mar 2 15:25:43 2022
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7d71120/1.13.1
Built: Wed Mar 2 15:25:43 2022
OS/Arch: linux/amd64
Experimental: false
数据库服务器中数据库容器的完整 ID 是
[root@localhost ~]# docker ps -a --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9bf1cecec3957a5cd23c24c0915b7d3dd9be5238322ca5646e3d9e708371b765 eclipse/mysql "docker-entrypoint.sh mysqld" 7 weeks ago Up 14 minutes 0.0.0.0:3306->3306/tcp mysql
数据库服务器中数据库容器使用的镜像 ID
[root@localhost ~]# docker images --no-trunc
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/eclipse/mysql latest sha256:66c0e7ca4921e941cbdbda9e92242f07fe37c2bcbbaac4af701b4934dfc41d8a 6 years ago 436 MB
数据库服务器中数据库容器创建的北京时间
[root@localhost ~]# docker inspect 9b | grep -i create
"Created": "2024-03-13T12:15:23.02589108Z",
数据库服务器中数据库容器的 ip 是
[root@localhost ~]# docker inspect 9b | grep -i ip
"HostIp": "",
"IpcMode": "",
"Image": "eclipse/mysql",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"HostIp": "0.0.0.0",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
分析数据库数据,在该平台邀请用户进群最多的用户的登录 IP 是
SELECT inviter_id, COUNT(*) AS invite_count
FROM app_group_apply
GROUP BY inviter_id
ORDER BY invite_count DESC
LIMIT 1;
分析数据库数据,在该平台抢得最多红包金额的用户的登录 IP 是
<code>SELECT user_id, SUM(money) AS total_amount
FROM app_group_redpacket_member
GROUP BY user_id
ORDER BY total_amount DESC
LIMIT 1;
数据库中记录的提现成功的金额总记是多少(不考虑手续费)
<code>SELECT SUM(amount) AS total_withdrawn_amount
FROM app_user_withdraw
WHERE status = 3;
rocketchat 服务器中,有几个真实用户?
root@debian:~# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 2448/sendmail: MTA:
tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN 1628/nginx: master
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 1975/docker-proxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1628/nginx: master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2448/sendmail: MTA:
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1011/pure-ftpd (SER
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3335/sshd: /usr/sbi
tcp 0 0 127.0.0.1:8461 0.0.0.0:* LISTEN 866/python3
tcp 0 0 0.0.0.0:14811 0.0.0.0:* LISTEN 1824/python3
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1628/nginx: master
tcp6 0 0 :::21 :::* LISTEN 1011/pure-ftpd (SER
tcp6 0 0 :::22 :::* LISTEN 3335/sshd: /usr/sbi
tcp6 0 0 :::3306 :::* LISTEN 1621/mysqld
root@debian:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
160c806d13ea registry.rocket.chat/rocketchat/rocket.chat:latest "docker-entrypoint.s…" 7 weeks ago Up 3 hours 0.0.0.0:3000->3000/tcp rocketchat-rocketchat-1
929dad307aa4 bitnami/mongodb:5.0 "/opt/bitnami/script…" 7 weeks ago Up 3 hours 27017/tcp rocketchat-mongodb-1
rocketchat 服务器中,聊天服务的端口号是?
见上
rocketchat 服务器中,聊天服务的管理员的邮箱是?
见上
rocketchat 服务器中,聊天服务使用的数据库的版本号是?
rocketchat 服务器中,最大的文件上传大小是?(以字节为单位)
rocketchat 服务器中,管理员账号的创建时间为?
rocketchat 服务器中,技术员提供的涉诈网站地址是?
综合分析服务器,该团伙的利润分配方案中,老李的利润占比是多少
综合分析服务器,该团队“杀猪盘”收网的可能时间段为
请综合分析,警方未抓获的重要嫌疑人,其使用聊天平台时注册邮箱号为?
分析 openwrt 镜像,该系统的主机名为
分析 openwrt 镜像,该系统的内核版本为
分析 openwrt 镜像,该静态 ip 地址为
见 PC 浏览器
分析 openwrt 镜像,所用网卡的名称为
分析 openwrt 镜像,该系统中装的 docker 的版本号为
分析 openwrt 镜像,nastools 的配置文件路径为
分析 openwrt 镜像,使用的 vpn 代理软件为
分析 openwrt 镜像,vpn 实际有多少个可用节点
分析 openwrt 镜像,节点 socks 的监听端口是多少
分析 openwrt 镜像,vpn 的订阅链接是
网站重构方法
之前队友传过一份运维手册,一条一条改,傻瓜式
修改两个yaml文件
修改数据库
绕密
总结
这次打了第四,还差一捏捏有点可惜了,思路没啥大问题,手贱交错几条flag
欢迎加微信交流:WQZ1127786222
b3nguang
2024.5.5
上一篇: [Linux] linux系统安装git_linux安装git
下一篇: Python&运维系列:nginx: [error] invalid PID number ““ in “/usr/local/nginx/logs/nginx.pid“
本文标签
声明
本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。