Loading... ![tryhackme_connect.png](https://capiry.life/usr/uploads/2024/08/2200263649.png) # 简介 了解并利用 OWASP 十大漏洞中的每一个;十大最严重的网络安全风险。 本房间将对每个OWASP主题进行细分,并详细介绍漏洞、漏洞的产生方式以及如何利用漏洞。您将通过完成支持挑战将理论付诸实践。 1. 访问控制失效 2. 加密失败 3. 注射 4. 不安全的设计 5. 安全配置错误 6. 易受攻击和过时的组件 7. 识别和认证失败 8. 软件和数据完整性故障 9. 安全日志和监控失败 10. 服务端请求伪造(SSRF) 该房间专为初学者设计,不需要任何先前的安全知识。 ### Task4 Broken Access Control (IDOR Challenge)(访问控制失效(IDOR 挑战)) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-e8ca7cb2605300edff571df0cf7fafa949" aria-expanded="true"><div class="accordion-toggle"><span style="">问:看看其他用户的笔记。旗帜是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-e8ca7cb2605300edff571df0cf7fafa949" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### Task8 Cryptographic Failures (Challenge)(加密失败(挑战)) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-0463748cd0971105f3a2c2398a2313b558" aria-expanded="true"><div class="accordion-toggle"><span style="">问:所提及的目录名称是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-0463748cd0971105f3a2c2398a2313b558" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-82c46ee70f03ed31123ec287fcc2a86578" aria-expanded="true"><div class="accordion-toggle"><span style="">问:哪个文件可能包含敏感数据?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-82c46ee70f03ed31123ec287fcc2a86578" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-b6bf38380ee900c22d1dd168171a241033" aria-expanded="true"><div class="accordion-toggle"><span style="">问:管理员用户的密码哈希是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-b6bf38380ee900c22d1dd168171a241033" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-46a5903bf732c80b94aea1437e45a30a59" aria-expanded="true"><div class="accordion-toggle"><span style="">问:管理员的明文密码是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-46a5903bf732c80b94aea1437e45a30a59" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-b3f1b272b7f74bf6fab7733ce8ce275f63" aria-expanded="true"><div class="accordion-toggle"><span style="">问:标志是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-b3f1b272b7f74bf6fab7733ce8ce275f63" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### Task10 3.1. Command Injection(3.1. 命令注入) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-c0256e29f8010a040d156b88dd060eba56" aria-expanded="true"><div class="accordion-toggle"><span style="">问:网站根目录中有什么奇怪的文本文件?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-c0256e29f8010a040d156b88dd060eba56" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-0bab66ae65921379f77762c98c4559c956" aria-expanded="true"><div class="accordion-toggle"><span style="">问:有多少非 root/非服务/非守护进程用户?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-0bab66ae65921379f77762c98c4559c956" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-dcf8bb6a68cbd51472ab3078ebe2ed0258" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-dcf8bb6a68cbd51472ab3078ebe2ed0258" class="collapse collapse-content"><p></p> 可以用个文本编辑器,把打印出来的东西重新排列一下,很快就能找到! <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-2292ce1703b16f1985053a0f982086f659" aria-expanded="true"><div class="accordion-toggle"><span style="">问:该应用程序以什么用户身份运行?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-2292ce1703b16f1985053a0f982086f659" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-eb3a709272aeb3e8f5a70bf0b82092e625" aria-expanded="true"><div class="accordion-toggle"><span style="">问:用户的shell设置为什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-eb3a709272aeb3e8f5a70bf0b82092e625" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-4e8ab73f2a773876c6b3199899b3056d9" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-4e8ab73f2a773876c6b3199899b3056d9" class="collapse collapse-content"><p></p> 就在第二题打印的信息里面 <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-fd416b1979d35f13c17b6ff151c2daed13" aria-expanded="true"><div class="accordion-toggle"><span style="">问:正在运行哪个版本的 Alpine Linux?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-fd416b1979d35f13c17b6ff151c2daed13" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### Task11 4. Insecure Design(4.不安全的设计) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> 不安全的设计 **不安全的设计**是指应用程序架构固有的漏洞。这些漏洞不是由于糟糕的实现或配置而导致的,而是整个应用程序(或其中的一部分)背后的理念从一开始就存在缺陷。大多数情况下,这些漏洞是由于在应用程序的规划阶段进行了不适当的威胁建模而发生的,并一直传播到最终的应用程序。有时,不安全的设计漏洞也可能是由开发人员在代码周围添加一些“快捷方式”以使其测试更容易时引入的。例如,开发人员可以在开发阶段禁用 OTP 验证以快速测试应用程序的其余部分,而无需在每次登录时手动输入代码,但在将应用程序发送到生产环境时忘记重新启用它。 <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-64da15eec85e909687f48a4b2662093693" aria-expanded="true"><div class="accordion-toggle"><span style="">提示</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-64da15eec85e909687f48a4b2662093693" class="collapse collapse-content"><p></p> 我英语不好所以解不开,于是去翻了“资料”,找到了答案 ``` Red, Orange, Yellow, Green, Blue, Indigo, and Violet ``` 答案就在这里面,注意区分大小写! <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-269fed893ba726df9017f88bcae5b07e59" aria-expanded="true"><div class="accordion-toggle"><span style="">问:在约瑟的记述中,这面旗帜的价值是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-269fed893ba726df9017f88bcae5b07e59" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### Task12 5. Security Misconfiguration(5. 安全配置错误) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-64ce97ae99df49cbaa5b622db0dda75689" aria-expanded="true"><div class="accordion-toggle"><span style="">问:当前目录中的数据库文件名(扩展名为 .db 的文件名)是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-64ce97ae99df49cbaa5b622db0dda75689" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-af6a1adb03964fe67ac8a2205be7972483" aria-expanded="true"><div class="accordion-toggle"><span style="">问:源代码中的变量值是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-af6a1adb03964fe67ac8a2205be7972483" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> ### Task12 6. Vulnerable and Outdated Components - Lab(易受攻击和过时的组件 - 实验室) <div class="tip inlineBlock warning"> 题目及信息均为**机器翻译**而来,如有不对的,请指正,谢谢! </div> <div class="tip inlineBlock error"> 在评论本文查看答案之前,请确保自己的确解不出来该题! </div> <div class="tip inlineBlock info"> 如果你对某一题有独特的见解,亦或是想给大家增加自己的提示,以便帮助其他玩家解题,请在本文下方留言,并在评论中注明对应题目内容 </div> <div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-d3d8d059bab1c0997f75305ac8f0d02c14" aria-expanded="true"><div class="accordion-toggle"><span style="">问:/opt/flag.txt 文件的内容是什么?</span> <i class="pull-right fontello icon-fw fontello-angle-right"></i> </div> </div> <div class="panel-body collapse-panel-body"> <div id="collapse-d3d8d059bab1c0997f75305ac8f0d02c14" class="collapse collapse-content"><p></p> <div class="hideContent">此处内容需要评论回复后(审核通过)方可阅读。</div> <p></p></div></div></div> To Do list...... 最后修改:2024 年 08 月 05 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏