-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsearch.json
More file actions
1 lines (1 loc) · 2.97 KB
/
search.json
File metadata and controls
1 lines (1 loc) · 2.97 KB
1
[{"title":"edusrc漏洞挖掘之支付逻辑漏洞","url":"/2026/01/27/edusrc漏洞挖掘之支付逻辑漏洞/","content":"\n\n\n**注:**文中内容仅限学习交流,严禁用于商业及非法用途,涉及网络安全相关未经授权不得测试,违规使用后果自负,与作者无关 。\n","tags":["EDUSRC"],"categories":["baseTest"]},{"title":"玄机应急响应靶场ssh日志分析","url":"/2025/08/05/玄机应急响应/","content":"\n# ssh日志分析\n\n## 1、可以登录 SSH 的账号数量是多少\n\n先看ssh配置信息\n\n```python\n#cat /etc/ssh/sshd_config\nAllowGroups SSHD_USER root\nMatch Group SSHD_USER\n```\n\n运行用户组SSHD_USER中的用户登录\n\n查看用户组信息\n\n```python\n#cat /etc/group\nSSHD_USER:x:1001:toor,root\n```\n\nflag{2}\n\n## 2、SSH日志中登录成功的日志条数是多少(去除自己登陆产生的两次)\n\n```python\nroot@ip-10-0-10-1:/var/log# ls\nalternatives.log auth.log.1 cloud-init.log debug dpkg.log.2.gz kern.log.1 messages.2.gz syslog.3.gz wtmp\nalternatives.log.1 auth.log.2.gz \n```\n\n存在auth.log.1和auth.log.2.gz\n\n先解压auth.log.2.gz\n\n然后用grep去计数\n\n```python\nroot@ip-10-0-10-6:/var/log# grep -o -i \"Accepted pass\" auth.log.1 auth.log.2 | wc -l\n100\nroot@ip-10-0-10-6:/var/log# grep -o -i \"Accepted\" auth.log.1 auth.log.2 | wc -l\n110\n```\n\n这里测出来的数据都无法正确提交\n\n换一种思路,筛选计数得到成功登录的ip次数\n\n```python\nroot@ip-10-0-10-6:/var/log# grep 'Accepted' /var/log/auth.log.1 auth.log.2 | grep -oE '\\b([0-9]{1,3}\\.){3}[0-9]{1,3}\\b' | sort | uniq -c\n 2 111.39.249.77\n 66 192.168.11.1\n 28 192.168.70.1\n 7 60.174.207.118\n```\n\nflag{103}\n\n## 3、SSH日志中登录成功次数最多的用户的用户名是什么 \n\n```python\nroot@ip-10-0-10-6:/var/log# sudo grep 'Accepted' /var/log/auth.log.1 auth.log.2 | grep -oP 'Accepted password for \\K\\w+' | sort | uniq -c\nsudo: unable to resolve host ip-10-0-10-6: Name or service not known\n 21 root\n 74 toor\n 5 ubuntu\n```\n\nflag{toor}\n\n## 4、SSH日志中登录失败次数最多的用户以及登录使用的ip是什么(flag:flag{用户名,ip})\n\n```python\nroot@ip-10-0-10-6:/var/log# grep 'Failed password' /var/log/auth.log.1 auth.log.2 | grep -oP 'Failed password for \\K\\w+' | sort | uniq -c\n 10 backup\n 10 bin\n 15 daemon\n 2 games\n 2 gnats\n 12167 invalid\n 2 irc\n 1 mail\n 17 mongodb\n 11 nobody\n 4 proxy\n 6 rabbitmq\n 58189 root\n 10 sshd\n 6 sync\n 5 sys\n 1 toor\n 11 uucp\n 50 www\nroot@ip-10-0-10-6:/var/log# grep 'root' /var/log/auth.log.1 auth.log.2 | grep -oP 'from \\K([0-9]{1,3}\\.){3}[0-9]{1,3}' | sort | uniq -c\n 3379 87.163.106.41\n 18181 87.163.111.11\n 22 88.142.46.185\n 14 89.252.140.204\n```\n\nflag{root,87.163.111.11}\n","tags":["应急响应","ssh日志分析"],"categories":["writeup"]}]