HA Joker Vulnhub Walkthrough

本文轉載自查看原文 2019-10-23 14:32 317 CTF Challenges/ CTF

下載地址：

https://www.vulnhub.com/entry/ha-joker,379/

主機掃描：

╰─ nmap -p- -sV -oA scan 10.10.202.132
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-23 11:53 CST
Nmap scan report for 10.10.202.132
Host is up (0.0014s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
8080/tcp open http Apache httpd 2.4.29
MAC Address: 00:0C:29:6E:95:65 (VMware)
Service Info: Host: localhost; OS: Linux; CPE: cpe:/o:linux:linux_kernel

http://10.10.202.132/

目錄枚舉：

╰─ python3 dirsearch.py -u http://10.10.202.132/ -e .txt,php,json,html

通過以上可獲得網站跟路徑

使用dirb 工具繼續探測下目錄

╰─ dirb http://10.10.202.132/ -X .txt,php,json,html

+ http://10.10.202.132/secret.txt (CODE:200|SIZE:320)

http://10.10.202.132/secret.txt

Batman hits Joker.
Joker: "Bats you may be a rock but you won't break me." (Laughs!)
Batman: "I will break you with this rock. You made a mistake now."
Joker: "This is one of your 100 poor jokes, when will you get a sense of humor bats! You are dumb as a rock."
Joker: "HA! HA! HA! HA! HA! HA! HA! HA! HA! HA! HA! HA!"

http://10.10.202.132:8080