- UltraTech
- Task1 Deploy the machine
- Task2 It's enumeration time!
- Task3 Let the fun begin
- Task4 The root of all evil
Deploy the machine
Task2 It’s enumeration time!1.Which software is using the port 8081?
Node.js
2.Which other non-standard port is used?
31331
3.Which software using this port?
Apache
4.Which GNU/Linux distribution seems to be used?
Ubuntu
5.The software using the port 8080 is a REST api, how many of its routes are used by the web application?
2
Task3 Let the fun begin1.There is a database lying around, what is its filename?
utech.db.sqlite
http://ip:8081/ping页面访问无法正常访问,缺少参数运行,在URL添加ip参数即可正常运行;
尝试在ip参数中写入命令,访问http://ip:8081/ping?ip=ls -la ,发现数据库文件utech.db.sqlite
2.What is the first user’s password hash?
f357a0c52799563c7c7b76c1e7543a32
运行http://ip:8081/ping?ip=cat utech.db.sqlite,发现root用户及admin用户hash
3.What is the password associated with this hash?
n100906
Task4 The root of all evilWhat are the first 9 characters of the root user’s private SSH key?
MIIEogIBA
r00t用户属于docker组成员,可以利用docker提权
