CTFHub技能树-暗码口令wp
弁言仅开放如下关卡
https://track123.oss-cn-beijing.aliyuncs.com/20250216224440108.png
弱口令
通常以为容易被别人(他们有可能对你很相识)推测到或被破解工具破解的口令均为弱口令。
打开环境,是如下界面,尝试一些弱口令暗码无果
https://track123.oss-cn-beijing.aliyuncs.com/20250216212945757.png
利用burpsuite抓包,然后爆破,发送到爆破模块
https://track123.oss-cn-beijing.aliyuncs.com/20250216221322541.png
添加变量和暗码字典,然后爆破
https://track123.oss-cn-beijing.aliyuncs.com/20250216221431646.png
爆破成功
https://track123.oss-cn-beijing.aliyuncs.com/20250216213019913.png
默认口令
打开环境,是一个邮件网关系统
https://track123.oss-cn-beijing.aliyuncs.com/20250216223857272.png
由于附带验证码不好爆破,结合题目尝试在互联网搜刮亿邮邮件网关装备有没有默认账号暗码
找的如下一篇文章:https://www.cnblogs.com/scivous/p/14041571.html
https://track123.oss-cn-beijing.aliyuncs.com/20250216224109617.png
逐个尝试,第二组即是精确的账号暗码,得到flag
https://track123.oss-cn-beijing.aliyuncs.com/20250216224244420.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]