1. nmap掃端口 2. WEB先查 robots.txt ,而後目錄爆破 3. 留意文件中隱藏的內容 4. 查看/etc/中程序中的配置,找登錄憑證
爆破目錄與文件,發現/flag/目錄,訪問得到第一個flaghtml
The 1st flag is : {8734509128730458630012095}
訪問爆破的目錄/admin_area/,發現第二個flag和一對用戶名密碼併發
username : admin password : 3v1l_H@ck3r The 2nd flag is : {7412574125871236547895214}
The 3rd flag is : {7645110034526579012345670} try to find user technawi password to read the flag.txt file, you can find it in a hidden file ;)
找隱藏文件這塊用來很長的時間,最後經過暴力搜索的方式找到:grep -ri technawi /etc/
ssh
The 4th flag is : {7845658974123568974185412} username : technawi password : 3vilH@ksor
用technawi登錄ssh,打開/var/www/html/flag.txtide
The 5th flag is : {5473215946785213456975249}
傳送門code