網絡安全入門之 BUUCTF Pwn - test your nc

1. Description

Title : test_your_nc

Lan Domain : 12399-0b7391f3-2f79-44d9-9f94-5f1349ed2d07

Target : node3.buuoj.cn:29023

Pwn類題目的入門題，我們需要獲取目標機上的flag密鑰。

2. Source

BUUCTF Pwn test your nc

3. 題解

NetCat 在網絡工具中有“瑞士軍刀”美譽，幫助文檔如下。

OpenBSD netcat (Debian patchlevel 1.187-1ubuntu0.1)
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
      [-m minttl] [-O length] [-P proxy_username] [-p source_port]
      [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
      [-X proxy_protocol] [-x proxy_address[:port]]       [destination] [port]
    Command             Summary:
        -4              Use IPv4
        -6              Use IPv6
        -b              Allow broadcast
        -C              Send CRLF as line-ending
        -D              Enable the debug socket option
        -d              Detach from stdin
        -F              Pass socket fd
        -h              This help text
        -I length       TCP receive buffer length
        -i interval     Delay interval for lines sent, ports scanned
        -k              Keep inbound sockets open for multiple connects
        -l              Listen mode, for inbound connects
        -M ttl          Outgoing TTL / Hop Limit
        -m minttl       Minimum incoming TTL / Hop Limit
        -N              Shutdown the network socket after EOF on stdin
        -n              Suppress name/port resolutions
        -O length       TCP send buffer length
        -P proxyuser    Username for proxy authentication
        -p port         Specify local port for remote connects
        -q secs         quit after EOF on stdin and delay of secs
        -r              Randomize remote ports
        -S              Enable the TCP MD5 signature option
        -s source       Local source address
        -T keyword      TOS value
        -t              Answer TELNET negotiation
        -U              Use UNIX domain socket
        -u              UDP mode
        -V rtable       Specify alternate routing table
        -v              Verbose
        -W recvlimit    Terminate after receiving a number of packets
        -w timeout      Timeout for connects and final net reads
        -X proto        Proxy protocol: "4", "5" (SOCKS) or "connect"
        -x addr[:port]  Specify proxy address and port
        -Z              DCCP mode
        -z              Zero-I/O mode [used for scanning]
    Port numbers can be individual or ranges: lo-hi [inclusive]

目標機已經留了後門，直接使用 nc 建立連接即可，flag就在當前目錄中。

> nc node3.buuoj.cn 25066

> ls

bin
boot
dev
etc
flag
home
lib
lib32
lib64
media
mnt
opt
proc
pwn
root
run
sbin
srv
sys
tmp
usr
var

> cat flag

flag{c774e600-83e3-4c92-a0a2-2a3558eccde0}

> exit

---

聯繫郵箱：[email protected]

CSDN：https://me.csdn.net/qq_41729780

知乎：https://zhuanlan.zhihu.com/c_1225417532351741952

公衆號：複雜網絡與機器學習

歡迎關注/轉載，有問題歡迎通過郵箱交流。