{"id":581,"date":"2021-11-25T15:21:51","date_gmt":"2021-11-25T07:21:51","guid":{"rendered":"http:\/\/cms.aaasec.com.tw\/?p=581"},"modified":"2021-11-25T15:21:51","modified_gmt":"2021-11-25T07:21:51","slug":"vulnhub","status":"publish","type":"post","link":"https:\/\/cms.aaasec.com.tw\/index.php\/2021\/11\/25\/vulnhub\/","title":{"rendered":"\u60f3\u7df4\u7df4\u8cc7\u5b89\u624b\u6cd5\u53c8\u6015\u72af\u6cd5\u55ce\uff1f"},"content":{"rendered":"

\"\"<\/p>\n

By Jayhom<\/h3>\n

\u524d\u8a00<\/h2>\n

\u5728\u5b78\u7fd2\u8cc7\u5b89\u6280\u8853\u7684\u9019\u689d\u8def\u4e0a\uff0c\u5f88\u5e38\u9047\u5230\u6240\u5b78\u7121\u6cd5\u9806\u5229\u5730\u5be6\u73fe\uff0c\u56e0\u70ba\u5b78\u5230\u7684\u5f88\u591a\u8cc7\u5b89\u6280\u8853\u90fd\u5177\u6709\u653b\u64ca\u6027\uff0c\u7121\u6cd5\u8f15\u6613\u5730\u5728\u771f\u5be6\u7684\u5834\u57df\u9032\u884c\u5be6\u4f5c\u3002\u5c31\u50cf\u4e00\u4f4d\u8b66\u5bdf\u4eca\u5929\u5b78\u5230\u4e86\u8a31\u591a\u69cd\u679d\u7684\u4f7f\u7528\u6280\u5de7\uff0c\u4f46\u5f9e\u4f86\u6c92\u6709\u62ff\u904e\u69cd\u679d\u9032\u884c\u771f\u69cd\u5be6\u5f48\u7684\u64cd\u4f5c\u3002\u56e0\u6b64\uff0c\u7576\u771f\u6b63\u9700\u8981\u8b66\u5bdf\u62ff\u69cd\u679d\u57f7\u884c\u4efb\u52d9\u6642\uff0c\u52e2\u5fc5\u6703\u4e0d\u719f\u6089\u6216\u662f\u4e0d\u5bb9\u6613\u4e0a\u624b\uff0cJayhom\u5728\u5b78\u7fd2\u7684\u6642\u5019\u4e5f\u6642\u5e38\u9047\u5230\u9019\u7a2e\u56f0\u64fe\uff0c\u90a3\u6211\u5011\u53ef\u4ee5\u5148\u60f3\u60f3\uff0c\u8b66\u5bdf\u662f\u5982\u4f55\u6392\u9664\u9019\u500b\u56f0\u96e3\uff1f<\/p>\n

\u4ee5\u9776\u5834\uff08\u6a5f\uff09\u6e2c\u8a66\u80fd\u529b<\/h2>\n

\u5728\u6b63\u5f0f\u6210\u70ba\u8b66\u5bdf\u524d\uff0c\u8b66\u5bdf\u7f72\u6703\u63d0\u4f9b\u300c\u9776\u5834\u300d\u7d66\u8b66\u5bdf\u5408\u7406\u7684\u8a66\u9a57\u69cd\u679d\u53ca\u78e8\u7df4\u958b\u69cd\u7684\u6280\u8853\uff0c\u8b93\u6bcf\u4f4d\u9810\u5099\u8b66\u5bdf\u5728\u4efb\u8077\u524d\u90fd\u6709\u6b63\u5f0f\u4f7f\u7528\u904e\u69cd\u679d\uff0c\u7576\u771f\u6b63\u57f7\u884c\u52e4\u52d9\u6642\u624d\u80fd\u5920\u4e0a\u624b\u3002\u90a3\u5728\u8cc7\u5b89\u7684\u4e16\u754c\u88e1\u662f\u5426\u6709\u985e\u4f3c\u7684\u74b0\u5883\u5462\uff1f\u5176\u5be6\u662f\u6709\u7684\u3002<\/p>\n

\u7576Jayhom\u5b78\u7fd2\u5230\u4e00\u4e9b\u8cc7\u5b89\u6280\u8853\u6642\uff0c\u901a\u5e38\u90fd\u9700\u8981\u6839\u64da\u653b\u64ca\u624b\u6cd5\u7684\u4e0d\u540c\uff0c\u53bb\u6a21\u64ec\u4e00\u500b\u5177\u6709\u5f31\u9ede\u7684\u74b0\u5883\uff0c\u4f8b\u5982\u9019\u6b21\u5b78\u5230\u7684\u662f\u5728SMB\u6f0f\u6d1e\uff0c\u90a3\u53ef\u80fd\u5c31\u9700\u8981\u67b6\u8a2d\u4e00\u500bWindows\u74b0\u5883\uff0c\u7136\u5f8c\u958b\u555fSMB\u670d\u52d9\u3002\u56e0\u6b64\uff0c\u6bcf\u5b78\u5230\u4e00\u7a2e\u6280\u8853\u9700\u8981\u7df4\u624b\u6642\uff0c\u90fd\u6703\u82b1\u8a31\u591a\u6642\u9593\u5728\u5efa\u7f6e\u5177\u6709\u5f31\u9ede\u7684\u74b0\u5883\uff0c\u751a\u81f3\u6703\u56e0\u70ba\u90e8\u5206\u8a2d\u5b9a\u503c\u7684\u554f\u984c\uff0c\u800c\u6a21\u64ec\u4e0d\u51fa\u5177\u6709\u5f31\u9ede\u7684\u74b0\u5883\uff0c\u975e\u5e38\u8f9b\u82e6\u3002\u9084\u8a18\u5f97\u5c0f\u7de8\u4e4b\u524d\u6559\u5927\u5bb6\u5982\u4f55\u4f7f\u7528\u865b\u64ec\u6a5f<\/a>\u55ce\uff1f\u9019\u4e5f\u662f\u5728\u6b64\u60c5\u6cc1\u4e0b\u78e8\u7df4\u51fa\u4f86\u7684\u6280\u8853\u4e4b\u4e00\u3002<\/p>\n

\u7db2\u8def\u4e0a\u516c\u958b\u7684\u9776\u6a5f<\/h2>\n

\u770b\u5230\u9019\u908a\u4f60\u4e00\u5b9a\u5f88\u60f3\u554f\u6211\uff0c\u5982\u679c\u4e0d\u60f3\u9019\u9ebc\u7d2f\u7684\u67b6\u74b0\u5883\uff0c\u90a3\u6709\u6c92\u6709\u5176\u4ed6\u65b9\u6cd5\u53ef\u4ee5\u5feb\u901f\u53d6\u5f97\u9019\u4e9b\u9776\u6a5f\uff1f<\/p>\n

\u8981\u5728\u9019\u908a\u63a8\u85a6\u5927\u5bb6\u4e00\u500b\u53eb\u505a\u300cVulnhub<\/strong>\u300d\u7684\u7db2\u7ad9\uff0c\u9019\u500b\u7db2\u7ad9\u662f\u4e00\u500b\u516c\u958b\u9776\u6a5f\u7db2\u7ad9\uff0c\u4e0a\u9762\u6703\u6709\u8a31\u591a\u9ad8\u624b\u5df2\u7d93\u8a2d\u8a08\u597d\u7684\u9776\u6a5f\u74b0\u5883\uff0c\u53ea\u8981\u900f\u904e\u4e0b\u8f09VM\u6a94\uff0c\u7528\u7c21\u55ae\u7684\u5e7e\u500b\u6b65\u9a5f\uff0c\u5c31\u53ef\u4ee5\u57f7\u884c\u4e00\u53f0\u5177\u6709\u5f31\u9ede\u7684\u865b\u64ec\u6a5f\u3002<\/p>\n

\u88e1\u9762\u6709\u5275\u4f5c\u8005\u57cb\u597d\u7684flag\uff08\u6a19\u793a\uff09\uff0c\u7b49\u8457\u5927\u5bb6\u5229\u7528\u81ea\u5df1\u6240\u5b78\u4e4b\u8cc7\u5b89\u624b\u6cd5\u6316\u6398\u6f0f\u6d1e\u4e26\u53d6\u5f97flag\uff0c\u800c\u4e14\u8a31\u591a\u9776\u6a5f\u5275\u4f5c\u8005\u90fd\u6703\u5148\u8a2d\u5b9a\u597d\u76ee\u6a19\u3001\u96e3\u5ea6\u53ca\u985e\u578b\uff0c\u8b93\u5927\u5bb6\u53ef\u4ee5\u6839\u64da\u81ea\u5df1\u60f3\u5617\u8a66\u7684\u624b\u6cd5\u985e\u578b\u9032\u884c\u96e3\u5ea6\u6216\u662f\u985e\u578b\u7684\u9078\u64c7\u3002<\/p>\n

\u50cfJayhom\u5c31\u5f88\u5e38\u5728\u7db2\u7ad9\u4e0a\u4e0b\u8f09\u7db2\u7ad9\u985e\u5f31\u9ede\u7684\u9776\u6a5f\u4f86\u7df4\u7fd2Web\u8cc7\u5b89\u624b\u6cd5\uff0c\u6709\u4e9b\u9776\u6a5f\u5275\u4f5c\u8005\u9084\u6703\u63cf\u8ff0\u9776\u6a5f\u7684\u6545\u4e8b\u60c5\u5883\uff0c\u8b93\u4f60\u5982\u540c\u4e00\u540d\u771f\u7684\u99ed\u5ba2\u5728\u4f01\u696d\u74b0\u5883\u88e1\u9032\u884c\u6ef2\u900f\uff0c\u975e\u5e38\u6709\u8da3\u5594\uff01<\/p>\n

\"\"<\/p>\n

\u7d50\u8a9e<\/h2>\n

\u56e0\u70ba\u9019\u500b\u7db2\u7ad9\u6642\u5e38\u88ab\u8cc7\u5b89\u76f8\u95dc\u4eba\u54e1\u62ff\u4f86\u7df4\u624b\uff0c\u6240\u4ee5\u7db2\u8def\u4e0a\u4e5f\u6709\u8a31\u591a\u91dd\u5c0d\u9776\u6a5f\u7684\u6559\u5b78\u6587\u7ae0\uff0c\u624b\u628a\u624b\u6559\u4f60\u5982\u4f55\u653b\u7834\u9776\u6a5f\uff0c\u751a\u81f3\u5c07\u624b\u6cd5\u5229\u7528\u7684\u76f8\u95dc\u6280\u8853\u505a\u4ecb\u7d39\u3002<\/p>\n

Jayhom\u5c31\u7b97\u6210\u529f\u9760\u81ea\u5df1\u7684\u80fd\u529b\u7834\u4e86\u9776\u6a5f\uff0c\u4e5f\u6642\u5e38\u6703\u518d\u4e0a\u7db2\u641c\u5c0b\u4e00\u4e0b\u5176\u4ed6\u4eba\u7684\u6587\u7ae0\uff0c\u53ef\u4ee5\u76f8\u4e92\u9a57\u8b49\u81ea\u5df1\u7684\u8cc7\u5b89\u624b\u6cd5\u662f\u5426\u8ddf\u4ed6\u4eba\u6709\u5dee\u7570\uff0c\u4e5f\u7d93\u5e38\u56e0\u6b64\u767c\u73fe\u4e0d\u540c\u7684\u653b\u64ca\u624b\u6cd5\uff0c\u4e26\u5b78\u7fd2\u5230\u66f4\u591a\u77e5\u8b58\uff01<\/p>\n

\u53c3\u8003\u9023\u7d50<\/h2>\n

Vulnhub\u7db2\u7ad9\u9023\u7d50<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/581"}],"collection":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/comments?post=581"}],"version-history":[{"count":2,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/581\/revisions"}],"predecessor-version":[{"id":585,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/581\/revisions\/585"}],"wp:attachment":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/media?parent=581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/categories?post=581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/tags?post=581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}