记一次逆向还原AES加密的DB-PASSWORD

背景

在某次已授权的渗透行动中,拿到了某机器的IIS权限。翻看进程的过程中发现了某Agent在以高权限运行,遂对其进行分析,发现配置文件中包含AES加密的SQL Server数据库密码,遂试图对其进行解密。

阅读更多 >>

HackTheBox Manager WriteUP

题目

logo

解题

Get User

端口扫描

阅读更多 >>

HackTheBox Sandworm WriteUP

题目

Logo

解题

端口扫描

题目给了IP,先端口扫描:

阅读更多 >>

HackTheBox RenderQuest WriteUP

题目

You’ve found a website that lets you input remote templates for rendering. Your task is to exploit this system’s vulnerabilities to access and retrieve a hidden flag. Good luck!

阅读更多 >>

HackTheBox Obscure WriteUP

题目

An attacker has found a vulnerability in our web server that allows arbitrary PHP file upload in our Apache server. Suchlike, the hacker has uploaded a what seems to be like an obfuscated shell (support.php). We monitor our network 24/7 and generate logs from tcpdump (we provided the log file for the period of two minutes before we terminated the HTTP service for investigation), however, we need your help in analyzing and identifying commands the attacker wrote to understand what was compromised.

阅读更多 >>

HackTheBox BabyEncryption WriteUp

题目

You are after an organised crime group which is responsible for the illegal weapon market in your country. As a secret agent, you have infiltrated the group enough to be included in meetings with clients. During the last negotiation, you found one of the confidential messages for the customer. It contains crucial information about the delivery. Do you think you can decrypt it?

阅读更多 >>

HackTheBox TwoDots horror WriteUP

题目

Everything starts from a dot and builds up to two. Uniting them is like a kiss in the dark from a stranger. Made up horrors to help you cope with the real ones, join us to take a bite at the two-sentence horror stories on our very own TwoDots Horror™ blog.

阅读更多 >>

HackTheBox breaking grad WriteUP

题目

You and your buddy corrected the math in your physics teacher’s paper on the decay of highly excited massive string states in the footnote of a renowned publication. He’s just failed your thesis out of spite, for making a fool out of him in the university’s research symposium. Now you can’t graduate, unless you can do something about it… 🤷

阅读更多 >>

HackTheBox C.O.P WriteUP

题目

The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the site and try and find a way into their operation!

阅读更多 >>

HackTheBox Diogenes' Rage WriteUP

题目

Having missed the flight as you walk down the street, a wild vending machine appears in your way. You check your pocket and there it is, yet another half torn voucher coupon to feed to the consumerism. You start wondering why should you buy things that you don’t like with the money you don’t have for the people you don’t like. You’re Jack’s raging bile duct.

阅读更多 >>