A box involving encrypted archives, source code analysis and more.
Please deploy the machine so you can get started. Please allow a few minutes to make sure all the services boot up. Good luck!
twitter: fieldraccoon
免費靶機
A new start-up has a few issues with their web server.
Root the box! Designed and created by DarkStar7471, built by Paradox.
Enjoy the room! For future rooms and write-ups, follow @darkstar7471 on Twitter.
免費靶機
This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box.
This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box. If you find more dm me in discord at Fsociety2006.
免費靶機
You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
Welcome to another THM exclusive CTF room. Your task is simple, capture the flags just like the other CTF room. Have Fun!
If you are stuck inside the black hole, post on the forum or ask in the TryHackMe discord.
免費靶機
*以過濾不需答題者回答的題目
FTP Account:chris以及FTP password:crystalTo_agentJ.txt,裡面有一些相關線索,告知有些資訊藏在圖檔裡cute-alien.jpg,發現有夾檔案cute-alien.jpg的檔案取出,獲得一個壓縮檔,但是需要密碼才能解壓縮alien,檔案解壓縮後有一份To_agentR.txtTo_agentR.txt檔案裡有一串加密字串QXJlYTUx,目前暫時看不出來是什麼編碼cute-alien.jpg有經過隱寫,使用steghide解開發現需要密碼Area51,解開隱寫後的檔案,是個文字檔,從文字檔描述裡獲得了SSH帳密:james:hackerrules!Alien_autospy.jpg,使用反向連接的方式,去搜尋圖檔來源,得知圖檔出至於foxnewssudo -l,發現出來一個奇怪的訊息(ALL, !root) /bin/bash,Google 搜尋得知是 CVE-2019-14287 漏洞sudo -u#-1 /bin/bash指令直接越權dpkg -l policykit-1查看版本號,得知版本號為0.15.20,該版本有個 CVE-2021-4034 漏洞,可用該Github作者提供的檔案進行提權閱讀限制
滲透過程有受到作者設定的閱讀限制...
在使用wsl --install進行WSL安裝後,在運行Ubuntu出現下圖0x80004002錯誤
0x80004002