Skip to content

BUUCTF Pwn test your nc#

目录#

[toc]

1. Description#

Title : test_your_nc

Lan Domain : 12399-0b7391f3-2f79-44d9-9f94-5f1349ed2d07

Target : node3.buuoj.cn:29023

Pwn类题目的入门题,我们需要获取目标机上的flag密钥。

2. Source#

BUUCTF Pwn test your nc

3. 题解#

NetCat 在网络工具中有“瑞士军刀”美誉,帮助文档如下。

OpenBSD netcat (Debian patchlevel 1.187-1ubuntu0.1)
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
      [-m minttl] [-O length] [-P proxy_username] [-p source_port]
      [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
      [-X proxy_protocol] [-x proxy_address[:port]]       [destination] [port]
    Command             Summary:
        -4              Use IPv4
        -6              Use IPv6
        -b              Allow broadcast
        -C              Send CRLF as line-ending
        -D              Enable the debug socket option
        -d              Detach from stdin
        -F              Pass socket fd
        -h              This help text
        -I length       TCP receive buffer length
        -i interval     Delay interval for lines sent, ports scanned
        -k              Keep inbound sockets open for multiple connects
        -l              Listen mode, for inbound connects
        -M ttl          Outgoing TTL / Hop Limit
        -m minttl       Minimum incoming TTL / Hop Limit
        -N              Shutdown the network socket after EOF on stdin
        -n              Suppress name/port resolutions
        -O length       TCP send buffer length
        -P proxyuser    Username for proxy authentication
        -p port         Specify local port for remote connects
        -q secs         quit after EOF on stdin and delay of secs
        -r              Randomize remote ports
        -S              Enable the TCP MD5 signature option
        -s source       Local source address
        -T keyword      TOS value
        -t              Answer TELNET negotiation
        -U              Use UNIX domain socket
        -u              UDP mode
        -V rtable       Specify alternate routing table
        -v              Verbose
        -W recvlimit    Terminate after receiving a number of packets
        -w timeout      Timeout for connects and final net reads
        -X proto        Proxy protocol: "4", "5" (SOCKS) or "connect"
        -x addr[:port]  Specify proxy address and port
        -Z              DCCP mode
        -z              Zero-I/O mode [used for scanning]
    Port numbers can be individual or ranges: lo-hi [inclusive]

目标机已经留了后门,直接使用 nc 建立连接即可,flag就在当前目录中。

> nc node3.buuoj.cn 25066

> ls

bin
boot
dev
etc
flag
home
lib
lib32
lib64
media
mnt
opt
proc
pwn
root
run
sbin
srv
sys
tmp
usr
var

> cat flag

flag{c774e600-83e3-4c92-a0a2-2a3558eccde0}

> exit

和我一样希望学习网络安全知识的同学,推荐学习《Web安全攻防实战》《安全攻防技能30讲》

联系邮箱:curren_wong@163.com

CSDNhttps://me.csdn.net/qq_41729780

知乎https://zhuanlan.zhihu.com/c_1225417532351741952

公众号复杂网络与机器学习

欢迎关注/转载,有问题欢迎通过邮箱交流。

二维码

Back to top