## Windows ### 簡單 - BlueMelancholy - SMB漏洞 - KeepYoung - RDP漏洞 - MyCat - web(tomcat)漏洞 ### 普通 - Thinking - thinvnc漏洞 - runas提權 ### 困難 - Monitor - web(PRTG)漏洞 ## Linux ### 簡單 - Keyboard - web(nostromo)漏洞 - /etc/shadow洩漏 - LetsDance - samba漏洞 - JustSmile - vsftp漏洞 ### 普通 - InjectMe - command injection漏洞 - find suid提權 - Welcome - weak password/ftp anonymous - /etc/passwd可寫 - World - wordpress套件(Social WarFare Plugin)漏洞 - Weak password/sudo apt permission ### 困難 - Rescue - web(HelpDeskZ)漏洞 - 內核漏洞提權 - Writer - sql injection RCE - path提權 ## 帳密 ### BlueMelancholy #### login ``` Administrator zk0rg77acvcfw22c user s44vlwhlddoa4j77 ``` ### Monitor #### login ``` Administrator fsaie832fks02la0a User asdfiewowaq843910 prtg admin: prtg@dminnnn prtg pass: y0ud0ntkn0whaHaaaaa ``` ### Thinking #### login ``` Administrator idsafj9234n9811kf User oeawrapsfssiew210 thinvnc admin: iamaaaaaa@dmin ``` ### KeepYoung #### login ``` Administrator gjioesrgt89345ulk User 9ri230fjslifj4328 ``` ### MyCat #### login ``` Administrator saidjf429rjaiofds User sdjfigoerjt9afsij ``` ### InjectMe #### login ``` root apwor93021jfidsa user iasdfoewoadkw1923821 ``` ### Welcome #### login ``` root wqeqwerovdsw293012 user rock4you ``` ### Keyboard #### login ``` root hellrazer user safoewopf0ewf3132 ``` ### LetsDance #### login ``` root weropg9sa32kr9103 user safiwo2390mfdisow ``` ### Rescue #### login ``` root wigjdsoeiwqpf0321 user asdfow04krsapwqer helpdeskz Administrator: asodkapfowepad mysql root: asdflkjhwwooqqpp mysql user: sfdiewofa9320fds ``` ### World #### login ``` root sfisdopwre910213 user digsoreptwofs912 worldpress worldpress wordpress worldpress: jB5xk2#28X!w&0K6Vd mysql root: dsifoewioadpsfsw mysql wordpressuser: fgidgjoewaopdf ``` ### JustSmile #### login ``` root sif02ira0sfksaj23 user dsfj892qk4jw9fioa ``` ### Writer #### login ``` root siodjf92r0sa912mf user gijeor9s0dkge253f mysql root: saijfo23901kjkfl mysql accadmin: faSijof_92304sFaserwof ``` ## windows agent 下載EtM-Agent.exe於桌面，並在工作排程器中設定:     -- this is a test --