Rootme

TryHackMe-RootMe

靶场地址为：https://tryhackme.com/room/rrootmeTask1ConnecttoTryHackMenetworkanddeploythemachine.Ifyoudon’tknowhowtodothis,completetheOpenVPNroomfirst.连接到TryHackMe网络并部署机器。如果你不知道如何做到这一点，请先完成OpenVPN房间。Answer1：

0415i·2024-01-20 08:33

RootMe: ELF32 - PID encryption

原题：Badideatousepredictablestuff.sourcecode:/**gccch21.c-lcrypt-och21*/#include#include#include#include#include#includeintmain(intargc,char*argv[]){charpid[16];char*args[]={"/bin/bash","-p",0};snprintf

SEVEN_9e53·2023-08-27 09:19

CTF-rootme 题解之ELF - 0 protection && ELF - x86 Basic

题目入口：https://www.root-me.org/en/Challenges/Cracking/ELF-0-protectionhttps://www.root-me.org/en/Challenges/Cracking/ELF-x86-Basiccrack-bin:http://challenge01.root-me.org/cracking/ch1/ch1.ziphttp://chal

weixin_30740295·2020-08-19 21:24

CTF-rootme 题解之ELF x86 - Stack buffer overflow basic 1

LINK:https://www.root-me.org/en/Challenges/App-System/ELF32-Stack-buffer-overflow-basic-1Reference:n3k0sec.top/2018/10/11/root-me-app-system/SouceCode:#include#include/*gcc-m32-och13ch13.c-fno-stack-p

weixin_30456039·2020-08-19 15:42

RootMe--CRLF

题目链接：https://www.root-me.org/en/Challenges/Web-Server/CRLF题目提示：1.在日志中注入错误数据打开题目是一个登陆框，且下面有日志，尝试输入用户名acc，密码123，发现日志有了记录显示认证失败，看上面有admin认证失败和认证成功的记录。日志记录并不显示密码，我们可以尝试用换行符(%0d%0a)构造payload在日志中显示认证成功随便输入，

weixin_34291004·2020-08-17 16:34

RootMe--HTTP - Open redirect

题目链接：https://www.root-me.org/en/Challenges/Web-Server/HTTP-Open-redirect点开题目后发现有三个图标链接，点击slack，发现链接后面加了字符串然后跳转到了slack的官网。先用burpsuite分析下果然后面加了一串数字，看着像MD5的特征，找个在线MD5解密网站解一下https://www.md5online.org/md5-

weixin_34072637·2020-08-17 16:31

CTF-rootme 题解之Bash - System 2

LINK:https://www.root-me.org/en/Challenges/App-Script/ELF32-System-2SourceCode:#include#includeintmain(){system("ls-lA/challenge/app-script/ch12/.passwd");return0;}Thetargetistochange'ls'commandas'cat

weixin_30508309·2020-08-17 15:06

CTF-rootme 题解之PHP filters

LINK:https://www.root-me.org/en/Challenges/Web-Server/PHP-filtershttps://challenge01.root-me.org/web-serveur/ch12/Referrence:https://www.leavesongs.com/PENETRATION/php-filter-magic.htmlhttps://blog.cs

weixin_30384031·2020-08-17 15:26

CTF-rootme 题解之File - PKZIP

LINK:https://www.root-me.org/en/Challenges/Cryptanalysis/File-PKZIPReferrence:https://github.com/danielmiessler/SecLists/tree/master/Passwordsfcrackzip:https://github.com/zyjsuper/fcrackzip密码字典:http:/

weixin_30364147·2020-08-17 15:54

CTF-rootme 题解之 Python - PyJail 1

Link:https://www.root-me.org/en/Challenges/App-Script/Python-PyJail-1Reference:https://docs.python.org/2/library/inspect.html?highlight=func_codeSolution:[BlackArch~]#ssh-p2222app-script-ch8@challenge

weixin_30276935·2020-08-17 15:18

RootMe--HTTP directory indexing

题目链接：https://www.root-me.org/en/Challenges/Web-Server/HTTP-directory-indexing题目提示：1.directoryindexing2.CTRL+U打开题目发现空空的网页，啥也没有，那就CTRL+U看看网页源码还真有注释在链接后面添加试试http://challenge01.root-me.org/web-serveur/ch4

weixin_34318956·2020-08-17 11:07

CTF-rootme 题解之Python - input()

LINK:https://www.root-me.org/en/Challenges/App-Script/Python-inputReference:https://blog.51cto.com/12332766/2299894?cid=729687SourceCode:#!/usr/bin/python2importsysdefyouLose():print"Tryagain;-)"sys.e

weixin_30612769·2020-08-17 10:52

CTF-rootme 题解之PYC - ByteCode

LINK：https://www.root-me.org/en/Challenges/Cracking/PYC-ByteCode使用Pyc的逆向脚本uncompyle6进行反编译，该逆向脚本内容如下：#!/usr/bin/python#EASY-INSTALL-ENTRY-SCRIPT:'uncompyle6==3.2.4','console_scripts','uncompyle6'__requ

weixin_30437847·2020-08-17 10:51

Rootme CTF all the day靶场ssrf漏洞

RootmeCTFalltheday靶场ssrf漏洞文章目录RootmeCTFalltheday靶场ssrf漏洞一、漏洞环境二、测试过程读系统文件探测开放的服务器端口利用redis写定时任务来反弹shell一、漏洞环境RootmeCTFalltheday漏洞地址：https://www.root-me.org/en/Capture-The-Flag/CTF-all-the-day/二、测试过程1、

Yzai·2020-08-11 18:33

CTF-rootme 题解之Python - pickle

LINK:https://www.root-me.org/en/Challenges/App-Script/Python-pickleReferrence:https://github.com/Djazouli/RootMeHelp/blob/06d4ad358f43217c12dc8a36dc41ef9cea787f69/AppScript/Python_pickle.mdhttps://doc

weixin_30652879·2020-08-04 19:43

CTF-rootme 题解之Local File Inclusion - Double encoding

LINK:https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion-Double-encodinghttp://challenge01.root-me.org/web-serveur/ch45/本题考察的是本地文件包含漏洞和URL编码，而且是二次编码。查看链接如下:http://challenge01.root-me

weixin_30478923·2020-06-27 20:51

CTF-rootme 题解之Bash - cron

LINK:https://www.root-me.org/en/Challenges/App-Script/Bash-cron登录主机后，查看ch4这个shell脚本内容如下：app-script-ch4@challenge02:~$catch4#!/bin/bash#Sortiedelacommande'crontab-l'exécutéeentantqueapp-script-ch4-crac

weixin_30685047·2019-03-27 19:00

#WP ELF x86 - Stack buffer overflow - C++ vtables

题目地址：rootme0x01题目分析SourceCode:#include#include#include#include#include//g++-m32ch20.cpp-och20-zexecstackclassformatter

Gxiandy·2018-03-12 23:58

Apache端口复用-模块rootme

tag=基于端口复用的apac注意:http22.h里面MODULE_MAGIC_COOKIE(value)//这个要对应好LoadModulerootme22_modulemodules/mod_rootme22

qq_27446553·2015-08-14 11:00

perl 参数传递

http://hi.baidu.com/rootme/blog/item/352738385690aff93b87cef5.htmlhttp://blog.csdn.net/jiangredsheep/

sunmenggmail·2012-08-08 18:00

推荐频道