Linux Server Forensics

文章目录

  • Linux Server Forensics
    • task1 Deploy the first VM
    • task2 Apache Log Analysis I
    • task3 Web Server Analysis
    • task4 Persistence Mechanisms I
    • task5 User Accounts
    • task6 Deploy the second VM
    • task7 Apache Log Analysis II
    • task8 Persistence Mechanisms II
    • task9 Program Execution History
    • task10 Deploy The Final VM
    • task11 Persistence Mechanisms III
  • Username - ‘fred’
  • Password - ‘FredRules!’

task1 Deploy the first VM

Q1 Deploy the machine and log in to the VM using the provided credentials.

task2 Apache Log Analysis I

1.Navigate to /var/log/apache2

2.How many different tools made requests to the server?

2

3.Name a path requested by Nmap.

/nmaplowercheck1618912425

task3 Web Server Analysis

1.What page allows users to upload files?

contact.php

2.What IP uploaded files to the server?

192.168.56.24

3.Who left an exposed security notice on the server?

Fred

task4 Persistence Mechanisms I

  1. cron
  2. Services/systemd
  3. bashrc
  4. Kernel modules
  5. SSH keys

What command and option did the attacker use to establish a backdoor?

sh -i

task5 User Accounts

What is the password of the second root account?

mrcake

提权原因:

提权方法:

echo “root3:Vh7tgs3zHGuMA:0:0:root:root:/bin/bash” >> /etc/passwd

task6 Deploy the second VM

Deploy the second machine and log in to the VM using the provided credentials.

task7 Apache Log Analysis II

1.Name one of the non-standard HTTP Requests.

GXWR

2.At what time was the Nmap scan performed? (format: HH:MM:SS)

13:30:15

task8 Persistence Mechanisms II

What username and hostname combination can be found in one of the authorized_keys files? (format: username@hostname)

kali@kali

.ssh文件在攻击发生日志被修改

task9 Program Execution History

What is the first command present in root’s bash_history file?

nano /etc/passwd

1.bash_history - bash中运行的命令的记录

2.auth.log - /var/log/auth.log 使用sudo运行的命令的历史记录

3.history.log - /var/log/apt/history.log 使用apt执行的所有任务的历史记录

task10 Deploy The Final VM

Deploy the final machine and log in to the VM using the provided credentials.

task11 Persistence Mechanisms III

Figure out what’s going on and find the flag.

gh0st_1n_the_machine

systemctl --type=service --state=active

systemctl status IpManager

ps -aux


如何关闭?
systemctl stop IpManager

Tryhackme-Linux Server Forensics相关推荐

  1. Red Hat Enterprise Linux Server release 6.3下ganglia监控系统的搭建

    ganglia 是分布式的监控系统,有两个Daemon, 分别是:客户端Ganglia Monitoring Daemon (gmond)和服务端Ganglia Meta Daemon (gmetad ...

  2. Oracle Linux Server release 6.3 下安装JDK

    1.操作系统环境 Last login: Fri Feb 21 18:47:52 2014 from 192.168.56.1 [root@datacenter ~]# uname -a Linux ...

  3. RedHat Enterprise Linux Server 5 安装序列号

    RHEL 5 安装 序列号 服务器: * Red HatEnterprise Linux (Server including virtualization): 2515dd4e215225dd + R ...

  4. Linux Server - NAT

    Linux Server - NAT 转载于:https://blog.51cto.com/leonkuo/631597

  5. Install KVM Hypervisor on arrch64 Linux Server

    Install KVM Hypervisor on arrch64 Linux Server 参考链接: https://wiki.ubuntu.com/ARM64/QEMU https://wiki ...

  6. linux网卡O I流量查询,查看linux server网络I/0流量的shell脚本

    查看linux server网络流量的shell脚本 上传下载大量文件的时候,可以使用这个脚本来实现监控!#!/bin/sh ###统计5s内的平均流量,以Mb为单位 if [ "$1&qu ...

  7. Red Hat Enterprise Linux Server release 7.0双系统安装

    2019独角兽企业重金招聘Python工程师标准>>> Red Hat Enterprise Linux Server release 7.0双系统安装 1.RedHat 公司的企业 ...

  8. Linux Server 安装 raid 1

    Linux Server 安装 raid 1 两组以上的N个磁盘相互作镜像,在一些多线程操作系统中能有很好的读取速度,理论上读取速度等于硬盘数量的倍数,与RAID 0相同.另外写入速度有微小的降低.只 ...

  9. RedHat Enterprise Linux Server 5 在VMware Workstation 6.5的详细安装过程(2)

    我们接上一篇继续完成RedHat Enterprise Linux Server 5 在VMware Workstation 6.5的安装. 第四步:安装RedHat Enterprise Linux ...

最新文章

  1. (网页)SQLserver中在上线的项目中遇到科学计数法怎么办?
  2. 深度学习 Deep Learning with MATLAB(懒人版)
  3. mongon命令(转)
  4. 数据库备份还原顺序关系(环境:Microsoft SQL Server 2008 R2)
  5. python调用perl_在Perl、Shell和Python中传参与输出帮助文档
  6. java判断实例_java判断类和实例的关系
  7. 在美国公司架构中,LLC、LLP 和 Corporation 的区别何在?
  8. 关于StopSelf
  9. Java小白学习指南【day43】---Linux
  10. 微信小程序数据库更新数据说明
  11. c语言tc游戏代码大全,wintcC语言小游戏画图代码.doc
  12. 2019.3 计算机考试资料大放送
  13. 中文字符 简体繁体相互转换
  14. 源支付5.18版本亲测不提示倒版,云端+前段+后台+运行环境
  15. IntelliJ IDEA 2018版本操作总结(长期更新)
  16. final修饰变量、方法、类的作用
  17. windows设置Tomcat使用指定的JDK
  18. RT5350使用uboot从U盘启动linux成功
  19. Oracle 18c ORA-01035: ORACLE only available to users with RESTRICTED SESSION privilege
  20. ESP32-C3 学习测试 蓝牙 篇(二、蓝牙调试APP、开发板手机连接初体验)

热门文章

  1. Linux 强制卸载挂载点
  2. 新学期Flag已立,期待期末给自己一份满意的答卷
  3. index.phps
  4. 淘宝大促双十一之前,如何利用直通车快速提高权重,如何利用关键词带动搜索权重,如何定向拉权重
  5. python - windows 之 mouse_event与keybd_event函数
  6. WinMount V2.2.2, 日期2008.02.29
  7. 香港服务器与美国服务器的优缺点分析
  8. tcp ip 协议 学习
  9. ByteBuffer的Put和Get的用法和要注意的细节
  10. 【小程序在线制作】怎么在线制作自己的小程序?