introduce

OS: Windows
Difficulty: Hard
Points: 40
Release: 18 Dec 2021
IP: 10.10.11.129

介绍

本文内容来自于hackthebox的forensics challenge的Keep the steam going的题解方法

介绍

本文内容来自于hackthebox的forensics challenge的Strike Back的题解方法

介绍

本次复现环境使用的为hack the box的logforge靶场

修改版ysoserial介绍

• ysoserial-modified

修改版ysoserial主要参考了$@|sh – Or: Getting a shell environment from Runtime.exec这篇英文文章，如下。

1
2
3
4
5
6
7

$ java Exec 'sh -c $@|sh . echo ps ft'
  PID TTY      STAT   TIME COMMAND
27109 pts/25   Ss     0:03 /bin/bash
 6904 pts/25   Sl+    0:00  \_ java Exec sh -c $@|sh . echo ps ft
 6914 pts/25   S+     0:00      \_ sh -c $@|sh . echo ps ft
 6916 pts/25   S+     0:00          \_ sh
 6917 pts/25   R+     0:00              \_ ps ft

introduce

OS: Linux
Difficulty: Medium
Points: 30
Release: 11 Dec 2021
IP: 10.10.11.135

详细过程及exp

0. Connect to the binary:

The only information provided with this challenge was an IP address and port number.
You can connect to the binary using for example netcat as below:

1
2
3
4
5
6
7
8
9
10
11
12
13

┌──(root💀kali)-[~/hackthebox/challenge/pwn/echoland]
└─# nc 138.68.136.191 32714

🦇 Inside the dark cave. 🦇
1. Scream.
2. Run outside.
> HELLO
HELLO

1. Scream.
2. Run outside.
> asd
asd

Typing HELLO or asd resulting in the same value echoed back.
Another option is to (1) Scream…

1
2
3
4
5

1. Scream.
2. Run outside.
> 1
>> AAAAAAA
Your friend did not recognize you and ran the other way!

introduce

OS: Linux
Difficulty: Medium
Points: 30
Release: 27 Nov 2021
IP: 10.10.11.126

introduce

OS: Linux
Difficulty: Easy
Points: 20
Release: 20 Nov 2021
IP: 10.10.11.125

introduce

OS: Linux
Difficulty: Medium
Points: 30
Release: 13 Nov 2021
IP: 10.10.11.124