picoCTF All General Skills Challenge Writeup
picoCTF 2025
FANTASY CTF
EASY
題目給了一個 netcat 連線資訊 連進去之後一直按 Enter 會出現第一個選單
Options:
A) *Register multiple accounts*
Fearnot changed 11 days agoView mode Like Bookmark
載點
Windows載這個Ubuntu 22.04 AMD iso
Mac載這個Ubuntu 22.04 ARM iso
VMware載點
裡面有Windows和Mac的 zip 檔裡面東西是一樣的 只是有壓縮過而已
Step.1 打開VT
VT(Virtualization Technology)虛擬化技術
mac 應該可以跳過這步驟
Fearnot changed 7 months agoView mode Like Bookmark
Step.1 掃描
先用nmap掃描
nmap -T4 192.168.111.193
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
Step.2 Exploit
發現網頁是Drupal Site,嘗試使用metasploit注入漏洞
Fearnot changed 7 months agoView mode Like Bookmark
Step.1 掃描
nmap -T4 192.168.223.107
若遇到以下情形可以試著「降速」T5 --> T4
Warning: 192.168.223.107 giving up on port because retransmission cap hit (2).
掃描後發現有以下的服務
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
Fearnot changed 7 months agoView mode Like Bookmark