Loading... # 简介 > Enumerating and Exploiting More Common Network Services & Misconfigurations > 枚举和利用更多常见的网络服务和错误配置 # 任务 ### 任务1 Get Connected(建立连接🔗) <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-df0e36058e011667eb272e299b3f35d519" aria-expanded="true"><div class="accordion-toggle"><span style="">问:准备好了吗?我们出发吧!</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-df0e36058e011667eb272e299b3f35d519" class="collapse collapse-content"><p></p> 答:直接点 `Complete ` 即可 <p></p></div></div></div> ### 任务2 Understanding NFS(了解NFS) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-44844c72a7acdf4c53762eb5d7d7c2b426" aria-expanded="true"><div class="accordion-toggle"><span style="">什么是 NFS?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-44844c72a7acdf4c53762eb5d7d7c2b426" class="collapse collapse-content"><p></p>NFS 代表“网络文件系统”,允许系统通过网络与其他系统共享目录和文件。通过使用 NFS,用户和程序可以像访问本地文件一样访问远程系统上的文件。它通过在服务器上安装整个或部分文件系统来实现这一点。客户端可以使用分配给每个文件的权限访问安装的文件系统部分。 <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-f0230c19f92f7ca213a7a6de87d0ef8050" aria-expanded="true"><div class="accordion-toggle"><span style="">问:NFS 代表什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-f0230c19f92f7ca213a7a6de87d0ef8050" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-9ab0a744301e3748d5b372ca2b31f2a011" aria-expanded="true"><div class="accordion-toggle"><span style="">问:什么过程允许 NFS 客户端与远程目录进行交互,就像它是物理设备一样?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-9ab0a744301e3748d5b372ca2b31f2a011" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d24eca68e42818efba11089fe71174bc42" aria-expanded="true"><div class="accordion-toggle"><span style="">问:NFS 使用什么来表示服务器上的文件和目录?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d24eca68e42818efba11089fe71174bc42" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-bfabafb41158009b0f4dbde03e636fb759" aria-expanded="true"><div class="accordion-toggle"><span style="">问:NFS 使用什么协议在服务器和客户端之间进行通信?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-bfabafb41158009b0f4dbde03e636fb759" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-de0c7af07bb6b349eed7c7155a4e4dd89" aria-expanded="true"><div class="accordion-toggle"><span style="">问:NFS 服务器以哪两个用户数据作为控制用户权限的参数?格式:参数 1/参数 2</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-de0c7af07bb6b349eed7c7155a4e4dd89" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="tip inlineBlock warning"> 提示:上题请仔细查看 **答案格式** `parameter 1 / parameter 2` ,并按要求输入内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-5347d68a5af7a89ef66c9ce9331b09d094" aria-expanded="true"><div class="accordion-toggle"><span style="">问:Windows NFS 服务器可以与 Linux 客户端共享文件吗?(Y/N)</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-5347d68a5af7a89ef66c9ce9331b09d094" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-ee215f6940fffb64db22b7684e2daf1a92" aria-expanded="true"><div class="accordion-toggle"><span style="">问:Linux NFS 服务器可以与 MacOS 客户端共享文件吗?(Y/N)</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-ee215f6940fffb64db22b7684e2daf1a92" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-be62a48752a1f9a2c014c3cb83f447ff87" aria-expanded="true"><div class="accordion-toggle"><span style="">问:NFS 的最新版本是什么?【2016 年发布,但截至 2020 年仍然是最新的】这需要外部研究。</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-be62a48752a1f9a2c014c3cb83f447ff87" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-c26896bd17d578a8b2b81972c8d2d09c85" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-c26896bd17d578a8b2b81972c8d2d09c85" class="collapse collapse-content"><p></p> NFSv4 —— From wikipedia 版本 4(RFC 3010,2000 年 12 月;在 RFC 3530(2003 年 4 月)和 RFC 7530(2015 年 3 月)中再次修订)受到[安德鲁文件系统](https://en.wikipedia.org/wiki/Andrew_File_System "安德鲁文件系统")(AFS) 和[服务器消息块](https://en.wikipedia.org/wiki/Server_Message_Block "服务器消息块")(SMB,也称为 CIFS) 的影响,包括性能改进、要求强大的安全性并引入了[状态](https://en.wikipedia.org/wiki/State_(computer_science)) "州(计算机科学)")协议。^[[7] ](https://en.wikipedia.org/wiki/Network_File_System#cite_note-7)^^[[8]](https://en.wikipedia.org/wiki/Network_File_System#cite_note-sane2000-8)^在Sun Microsystems移交 NFS 协议的开发后,版本 4 成为与[互联网工程任务组](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force "互联网工程任务组")(IETF)一起开发的第一个版本。[](https://en.wikipedia.org/wiki/Sun_Microsystems "太阳微系统公司") NFS 版本 4.1(RFC 5661,2010 年 1 月;修订于 RFC 8881,2020 年 8 月)旨在提供协议支持以利用集群服务器部署,包括提供对分布在多台服务器之间的文件的可扩展并行访问的能力(pNFS 扩展)。版本 4.1 包括会话中继机制(也称为 NFS 多路径),并在某些企业解决方案(如[VMware ESXi)](https://en.wikipedia.org/wiki/VMware_ESXi "VMware ESXi")中可用。 NFS 版本 4.2(RFC 7862)于 2016 年 11 月发布^[[9],](https://en.wikipedia.org/wiki/Network_File_System#cite_note-9)^其新功能包括:服务器端克隆和复制、应用程序 I/O 建议、稀疏文件、空间预留、应用程序数据块(ADB)、带有 sec_label 的标签 NFS,可适应任何 MAC 安全系统,以及两个针对 pNFS 的新操作(LAYOUTERROR 和 LAYOUTSTATS)。 NFSv4 相对于其前代产品的一大优势是仅使用一个 UDP 或 TCP 端口 2049 来运行服务,这简化了跨防火墙使用该协议的过程。 原文链接:https://en.wikipedia.org/wiki/Network_File_System#NFSv4 <p></p></div></div></div> ### 任务3 Enumerating NFS(枚举NFS) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-20bc1c8563e23e8ff69976ee0e27e0ba23" aria-expanded="true"><div class="accordion-toggle"><span style="">什么是枚举?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-20bc1c8563e23e8ff69976ee0e27e0ba23" class="collapse collapse-content"><p></p> 枚举被定义为“与目标主机建立主动连接以发现系统中的潜在攻击媒介的过程,并且可用于进一步利用系统。” - [Infosec Institute](https://resources.infosecinstitute.com/what-is-enumeration/)。这是考虑如何枚举和利用远程机器时的关键阶段 - 因为您将用来通知攻击的信息将来自此阶段 <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-8af43bf8318affdf4d6b70bed46180f570" aria-expanded="true"><div class="accordion-toggle"><span style="">**要求**</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-8af43bf8318affdf4d6b70bed46180f570" class="collapse collapse-content"><p></p> 为了对 NFS 服务器和共享进行更高级的枚举,我们需要一些工具。其中第一个 是从本地 计算机与任何 NFS 共享进行交互的关键:**nfs-common**。 <p></p></div></div></div> ##### 让我们分析一下 | **标签** | **功能** | | --- | --- | --- | | sudo | 以 root 身份运行 | | mount | 执行挂载命令 | | -t nfs | 要挂载的设备类型,然后指定它是 NFS | | IP | 共享 NFS 服务器的 IP 地址以及我们希望挂载的共享的名称 | | -nolock | 指定不使用 NLM 锁定 | <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d6b87db2043c5a094e726f3d54a9b48146" aria-expanded="true"><div class="accordion-toggle"><span style="">问:进行您选择的彻底的端口扫描,有多少个端口是开放的?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d6b87db2043c5a094e726f3d54a9b48146" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-ba1ed2cbc87ebdf767b8e0e9a525ba8b1" aria-expanded="true"><div class="accordion-toggle"><span style="">问:哪个端口包含我们要枚举的服务?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-ba1ed2cbc87ebdf767b8e0e9a525ba8b1" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-84ac18b8b0f4a1bc58a06ff8dd47711571" aria-expanded="true"><div class="accordion-toggle"><span style="">问:现在,使用 `/usr/sbin/showmount -e IP` 列出 NFS 共享,可见共享的名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-84ac18b8b0f4a1bc58a06ff8dd47711571" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-2e59534f97caf16ff3ff9073280eccc912" aria-expanded="true"><div class="accordion-toggle"><span style="">问:将目录更改为挂载共享的位置 - 里面的文件夹名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-2e59534f97caf16ff3ff9073280eccc912" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-3aef460fc3dc461b30a86ae372f0644b81" aria-expanded="true"><div class="accordion-toggle"><span style="">问:这些文件夹中的哪一个**可以****包含**允许我们远程访问服务器的密钥?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-3aef460fc3dc461b30a86ae372f0644b81" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-ef5f1ad94475e6ad83e45903679b1a2127" aria-expanded="true"><div class="accordion-toggle"><span style="">问:这些键中哪一个对我们最有用?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-ef5f1ad94475e6ad83e45903679b1a2127" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-47e53c57504d4d0d10a6c421049d11ff29" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们可以使用 `*ssh -i <key-file> <username>@<ip>*` 登录机器吗?(Y/N)</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-47e53c57504d4d0d10a6c421049d11ff29" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-18bd3b2f4f5ed4862ec5f74c6b85772d83" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-18bd3b2f4f5ed4862ec5f74c6b85772d83" class="collapse collapse-content"><p></p> 用户名称就在某一个文件内,找找看吧! <p></p></div></div></div> ### 任务4 Exploiting NFS(利用NFS) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-bb58ccd2e7cb11b8f681e8b163f0140883" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们使用哪个字母来设置使用 chmod 设置的 SUID 位?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-bb58ccd2e7cb11b8f681e8b163f0140883" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-5b2c92bbac77cb5db6fcd007a6db53aa85" aria-expanded="true"><div class="accordion-toggle"><span style="">问:权限集是什么样的?确保它以 -sr-x 结尾。</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-5b2c92bbac77cb5db6fcd007a6db53aa85" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d4174c071b033d4d6153612ea31bd3f792" aria-expanded="true"><div class="accordion-toggle"><span style="">问:如果一切顺利,您应该会拥有一个 root 身份的 shell!root 标志是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d4174c071b033d4d6153612ea31bd3f792" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-36cc14431cd950b9085addab56a47c1166" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-36cc14431cd950b9085addab56a47c1166" class="collapse collapse-content"><p></p> 答案就在某一个文件内,找找看吧! <p></p></div></div></div> ### 任务5 Understanding SMTP(了解 SMTP) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> ##### **什么是SMTP?** SMTP 代表“简单邮件传输协议”。它用于处理电子邮件的发送。为了支持电子邮件服务,需要一对协议,包括SMTP和 POP/ IMAP。它们一起分别允许用户发送外发邮件和检索收到的邮件。 SMTP服务器执行三项基本功能: * 它验证谁通过SMTP服务器发送电子邮件。 * 它发送外发邮件 * 如果无法送达外发邮件,它会将邮件发回给发件人 大多数人在某些第三方电子邮件客户端(例如 Thunderbird)上配置新电子邮件地址时 都会遇到SMTP ;因为当您配置新的电子邮件客户端时,您需要配置SMTP服务器配置才能发送外发电子邮件。 ##### **更多信息:** 这里有一个资源,比我在这里所介绍的更详细地解释了SMTP 的技术实现和工作原理。 [https://www.afternerd.com/blog/smtp/](https://www.afternerd.com/blog/smtp/) <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-552347dfcebffae7455c1fdda26e075930" aria-expanded="true"><div class="accordion-toggle"><span style="">问:SMTP 代表什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-552347dfcebffae7455c1fdda26e075930" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-bb6dae094a15130d002f29c2c6fe4f825" aria-expanded="true"><div class="accordion-toggle"><span style="">问:SMTP 负责发送什么?(用复数回答)</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-bb6dae094a15130d002f29c2c6fe4f825" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-a3102310c4d98f8c756bceecd72b496c13" aria-expanded="true"><div class="accordion-toggle"><span style="">问:SMTP 流程的第一步是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-a3102310c4d98f8c756bceecd72b496c13" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-9c6ab547f4edc551152dab2ed035392b34" aria-expanded="true"><div class="accordion-toggle"><span style="">问:默认 SMTP 端口是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-9c6ab547f4edc551152dab2ed035392b34" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-cc928c3bc7342c8a82e4083b813372d095" aria-expanded="true"><div class="accordion-toggle"><span style="">问:如果收件人的服务器不可用,SMTP 服务器会将电子邮件发送到哪里?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-cc928c3bc7342c8a82e4083b813372d095" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d0e691cb28abb10003d81e78782a89d28" aria-expanded="true"><div class="accordion-toggle"><span style="">问:电子邮件最终发送到哪台服务器?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d0e691cb28abb10003d81e78782a89d28" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-4d262bb875cf7f10de188cff5fae29241" aria-expanded="true"><div class="accordion-toggle"><span style="">问:Linux 机器可以运行 SMTP 服务器吗?(Y/N)</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-4d262bb875cf7f10de188cff5fae29241" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-9b10fc42351767a6e47ecebe59b87d1797" aria-expanded="true"><div class="accordion-toggle"><span style="">问:Windows 机器可以运行 SMTP 服务器吗?(Y/N)</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-9b10fc42351767a6e47ecebe59b87d1797" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> 这你也要看答案?????都在资料里面好吧,自己先找找,死活找不到的话, 你在看吧...... <p></p></div></div></div> ### 任务6 Enumerating SMTP(枚举 SMTP) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="tip inlineBlock warning"> 本节内容需要掌握 `Metasploit` 的使用方法哦! </div> ##### **枚举服务器详细信息** 配置不当或存在漏洞的邮件服务器通常可以成为入侵网络的初始立足点,但在发起攻击之前,我们希望对服务器进行指纹识别,以使我们的目标尽可能精确。我们将使用 MetaSploit 中的“ *smtp_version* ”模块来执行此操作。顾名思义,它将扫描一系列 IP 地址并确定遇到的任何邮件服务器的版本。 To Do...... <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-961f336b1409a82c8eff27fea22e9b0d52" aria-expanded="true"><div class="accordion-toggle"><span style="">问:SMTP 在哪个端口上运行?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-961f336b1409a82c8eff27fea22e9b0d52" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d93e35839e30768a6bde1f3ad7cc4f7926" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们使用什么命令来执行此操作?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d93e35839e30768a6bde1f3ad7cc4f7926" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-4facb88b6653f9dffb0b858f9acab2c827" aria-expanded="true"><div class="accordion-toggle"><span style="">问:让我们搜索模块“ smtp_version”,它的完整模块名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-4facb88b6653f9dffb0b858f9acab2c827" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-0b040f694741db0baa20f371641097da17" aria-expanded="true"><div class="accordion-toggle"><span style="">问:太好了,现在选择模块并列出选项。我们该怎么做呢?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-0b040f694741db0baa20f371641097da17" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-1ef64e52f9398741e7e57d2287a22cd619" aria-expanded="true"><div class="accordion-toggle"><span style="">问:看一下选项,一切看起来都正确吗?我们需要设置什么选项?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-1ef64e52f9398741e7e57d2287a22cd619" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-4122e3ec8a697eb1c086c3c1b4f0c03671" aria-expanded="true"><div class="accordion-toggle"><span style="">问:将其设置为目标机器的正确值。然后运行漏洞。系统邮件名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-4122e3ec8a697eb1c086c3c1b4f0c03671" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-b8f12536a5d95cecd249bf4df37233b357" aria-expanded="true"><div class="accordion-toggle"><span style="">问:哪个邮件传输代理 (MTA) 正在运行 SMTP 服务器?这需要一些外部研究。</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-b8f12536a5d95cecd249bf4df37233b357" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-73667e0423f48130db5404ed5547760c39" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-73667e0423f48130db5404ed5547760c39" class="collapse collapse-content"><p></p> 本题需要会用搜索引擎! <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-2f2e34e2254c70ceddae9f2c77f17fe98" aria-expanded="true"><div class="accordion-toggle"><span style="">问:让我们搜索模块“ *smtp_enum* ”,它的完整模块名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-2f2e34e2254c70ceddae9f2c77f17fe98" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-7d45a385eb8d28326d3c1af9c3fcd94893" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们需要为单词列表的路径设置什么选项?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-7d45a385eb8d28326d3c1af9c3fcd94893" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-1f7d76ef8fc1b851b9d96b96ef87da5738" aria-expanded="true"><div class="accordion-toggle"><span style="">问:一旦我们设置了此选项,我们还需要设置什么其他基本参数?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-1f7d76ef8fc1b851b9d96b96ef87da5738" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-241473d3d784d46ff322d9987a91f5477" aria-expanded="true"><div class="accordion-toggle"><span style="">问:好的!现在完成了,返回的用户名是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-241473d3d784d46ff322d9987a91f5477" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-88be54c3e5c9a26277110121d41d565d88" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-88be54c3e5c9a26277110121d41d565d88" class="collapse collapse-content"><p></p> 输出命令至少需要包含 `Users found: `,才是执行成功,如果没有,则代表你步骤有问题,请自行查验! <p></p></div></div></div> ### 任务7 Exploiting SMTP(利用 SMTP) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> | **SECTION** | 功能 | | ------------------------- | ------------------------- | | hydra | 运行 hydra 工具 | | -t 16 | 每个目标的并行连接数 | | -l [user] | 指向你试图入侵其账户的用户 | | -P [path to dictionary] | 指向包含可能密码列表的文件 | | -vV | 将详细模式设置为非常详细,显示每次尝试的登录名+密码组合 | | [machine IP] | 目标机器的 IP 地址 | | ssh / protocol | 设置协议 | <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-66b0ca3db395107981ea8b7ee1809e6159" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们在枚举阶段找到的用户的密码是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-66b0ca3db395107981ea8b7ee1809e6159" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-807d862108b886ec5cc74a4417c32a7783" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-807d862108b886ec5cc74a4417c32a7783" class="collapse collapse-content"><p></p> 不会有人直接把实例命令输进去跑了吧 <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-f745c7b5949d2870f02a538d758b188631" aria-expanded="true"><div class="accordion-toggle"><span style="">问:现在,让我们以用户身份通过 SSH 进入服务器,看看 smtp.txt 的内容是什么</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-f745c7b5949d2870f02a538d758b188631" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### 任务8 Understanding MySQL(了解 MySQL) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-82af54228775e07667b56a322b06c8e756" aria-expanded="true"><div class="accordion-toggle"><span style="">问:MySQL 是什么类型的软件?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-82af54228775e07667b56a322b06c8e756" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-3964d125823576524811c08895edb9b920" aria-expanded="true"><div class="accordion-toggle"><span style="">问:MySQL 基于什么语言?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-3964d125823576524811c08895edb9b920" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-19e62d454f410d050489d6730ac831c664" aria-expanded="true"><div class="accordion-toggle"><span style="">问:MySQL 使用什么通信模型?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-19e62d454f410d050489d6730ac831c664" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-19d66f70b737065de6fb52b92203411043" aria-expanded="true"><div class="accordion-toggle"><span style="">问:MySQL 的常见应用有哪些?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-19d66f70b737065de6fb52b92203411043" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-848633d7d64b549895456bc274d9a7c8100" aria-expanded="true"><div class="accordion-toggle"><span style="">问:哪些主流社交网络使用 MySQL 作为后端数据库?这需要进一步研究。</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-848633d7d64b549895456bc274d9a7c8100" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### 任务8 Enumerating MySQL(枚举 MySQL) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-331a4ffe9bd94a592e47ddc900b8cd3144" aria-expanded="true"><div class="accordion-toggle"><span style="">问:MySQL 正在使用哪个端口?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-331a4ffe9bd94a592e47ddc900b8cd3144" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-51424649cae7b9259be3f5011db568ae4" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们需要设置哪三个选项?(按降序排列)。</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-51424649cae7b9259be3f5011db568ae4" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-1e8b625dff5022048993873324a7e82d24" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-1e8b625dff5022048993873324a7e82d24" class="collapse collapse-content"><p></p> 严格按照实例格式输入 xxx/xxx/xxx <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-facd933fe48e3a3ead3e3048bfa5d7c758" aria-expanded="true"><div class="accordion-toggle"><span style="">问:默认情况下,它将使用“select version()”命令进行测试,这会给你什么结果?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-facd933fe48e3a3ead3e3048bfa5d7c758" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-22bd5ca87ce7eacdc1886063d4d334ac64" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-22bd5ca87ce7eacdc1886063d4d334ac64" class="collapse collapse-content"><p></p> 用户密码都在文章里,自己找找 <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-9e1d89e58c71b9ded5265153c3bacfb923" aria-expanded="true"><div class="accordion-toggle"><span style="">问:将“sql”选项更改为“显示数据库”。返回了多少个数据库?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-9e1d89e58c71b9ded5265153c3bacfb923" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### 任务9 Exploiting MySQL(利用MySQL) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-4b1b1e0db11bc4a2059cfc4291da56d219" aria-expanded="true"><div class="accordion-toggle"><span style="">问:该模块的全名是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-4b1b1e0db11bc4a2059cfc4291da56d219" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-8b4b90277c3f7239a70df2fec4eeb08f29" aria-expanded="true"><div class="accordion-toggle"><span style="">问:设置相关选项,运行漏洞利用。最后转储的表的名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-8b4b90277c3f7239a70df2fec4eeb08f29" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-83f92f8e5856f32791b699961f5a45e491" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-83f92f8e5856f32791b699961f5a45e491" class="collapse collapse-content"><p></p> 用户密码还是上文 <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d806b796efd5f11e7a95b304d1c8e70b86" aria-expanded="true"><div class="accordion-toggle"><span style="">问:但我们可以做得更好……搜索并选择“mysql_hashdump”模块。该模块的全名是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d806b796efd5f11e7a95b304d1c8e70b86" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-fe2718f90be6da0526a097076bd355df53" aria-expanded="true"><div class="accordion-toggle"><span style="">问:哪个非默认用户对你来说很突出?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-fe2718f90be6da0526a097076bd355df53" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-6f256c3fdb40820cbe9f0565c47be32753" aria-expanded="true"><div class="accordion-toggle"><span style="">问:用户/哈希组合字符串是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-6f256c3fdb40820cbe9f0565c47be32753" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-417c0e346d2990a72f70ae017dec590b42" aria-expanded="true"><div class="accordion-toggle"><span style="">问:我们找到的用户的密码是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-417c0e346d2990a72f70ae017dec590b42" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-ed2cee926fa23cdd758a83a173e1150a22" aria-expanded="true"><div class="accordion-toggle"><span style="">问:MySQL.txt 的内容是什么</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-ed2cee926fa23cdd758a83a173e1150a22" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="tip inlineBlock success"> **Thank you** 感谢您花时间参加这个房间的工作,祝您未来一切顺利。 </div> 最后修改:2024 年 08 月 03 日 © 禁止转载 赞 1 如果觉得我的文章对你有用,请随意赞赏
1 条评论
滴!学生卡!打卡时间:09:24:50,请上车的乘客系好安全带~