Nmap1234567891011121314151617181920212223242526272829303132333435363738└─$ sudo nmap -sU 10.10.11.174 --top-ports=200 --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-24 01:46 ESTNmap scan report for 10.10.11.174Host is up (0.17s latency).Not shown: 196 open|filtered udp ports (no-response)PORT STATE SERVICE53/udp open domain88/udp open kerberos-sec123/udp open ntp389/udp open ldap└─$ sudo nmap -sS 10.10.11.174 -p- --min-rate=2000Starting Nmap 7.94SVN ( https://nm...

1这台机器因为流程不长，重点在后面部分，所以前面记录一下主要的转折点上的思路就跳过去了，后面的部分就稍微多写了写 nmap12345678910111213141516171819202122232425262728293031Not shown: 65330 closed tcp ports (reset), 176 filtered tcp ports (no-response)PORT STATE SERVICE53/tcp open domain80/tcp open http88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap445/tcp open microsoft-ds464/tcp open kpasswd5593/tcp open http-rpc-epmap636/tcp open ldapssl3268/tcp open globalcatLDAP3269/tc...

01 DACLacl分为两种类型，DACL 和 SACL DACL 控制访问权限 ACE包含（拒绝访问/允许） 直接决定权限 SACL 日志/审计记录 行为记录 失败/成功的行为记录 1.用户多个权限场景的DACL匹配以下为例，当有两个 用户A 用户B A用户 B用户 Andrew Jane GROUP-A GROUP-A GROUP-B GROUP-C 他们都要访问一个 对象 而这个对象 DACL 中的权限如下 Object ACE1 ACE2 ACE3 Access denied Access allowed Access allowed Andrew GROUP-A Everyone Read,Write,execute Write Read,execute 因为 拒绝 ACL优先级更高 因此 A用户 试图执行、写入、查看 Object 将会禁止访问 Access denied 而 B用户 将拥有，ACE2 GROUP-A的 write 权限， ACE3 Everyone的Rea...

OPTinselTrace24-3: Blizzard BreakdownSherlock Scenario Furious after discovering he’s been left off the Nice List this holiday season, one particular elf - heavily influenced by Krampus - goes rogue, determined to take revenge. Consumed by anger, he hatches a sinister plan to sabotage Christmas by targeting Santa Claus’ most critical asset - its S3 data archive! This repository holds sensitive information, including blueprints for new toys, holiday logistics, toy production schedules, and mos...

OPTinselTrace24-2: Cookie ConsumptionSherlock Scenario Santa’s North Pole Operations have implemented the “Cookie Consumption Scheduler” (CCS), a crucial service running on a Kubernetes cluster. This service ensures Santa’s cookie and milk intake is balanced during his worldwide deliveries, optimizing his energy levels and health. 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950Task 1How many replicas are configured for the flask-app deployment?Inte...

机器介绍123456789Unrested is a medium difficulty `Linux` machine hosting a version of `Zabbix`. Enumerating the version of `Zabbix` shows that it is vulnerable to both [CVE-2024-36467](https://nvd.nist.gov/vuln/detail/CVE-2024-36467) (missing accesscontrols on the `user.update` function within the `CUser` class) and [CVE-2024-42327](https://nvd.nist.gov/vuln/detail/CVE-2024-42327) (SQL injection in `user.get` function in `CUser` class) which is leveraged to gain user access on the target. Post-ex...

12345678910111213141516171819202122232425262728293031323334353637383940414243444546└─$ sudo nmap -sS 10.10.11.231 -p- --min-rate=2000[sudo] password for fonllge:Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-10 01:52 ESTNmap scan report for 10.10.11.231Host is up (0.14s latency).Not shown: 65509 closed tcp ports (reset)PORT STATE SERVICE53/tcp open domain88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap445/tcp open microsoft-ds...

nmap123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106└─$ sudo nmap -sS 10.10.10.235 -p80,8443,10250,10251,31337 --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-04 03:02 ESTNmap scan report for unobtainium.htb (10.10.10.235)Host is up (0.28s latency).PORT STATE SERVICE80/tcp open http8443/tcp open https-...