搜索到
1
篇与
的结果
-
行业赛-数据安全之可疑日志分析一 行业赛数据安全之可疑日志分析题目描述某公司的数据安全工程师对近期信息系统的部分日志进行分析时,发现公司生产区内网的某终端主机可能被黑客远程控制,且黑客从该终端主机上获取了公司员工的关键个人信息。现请你协助该数据安全工程师开展日志分析,从中找到被控制的内网终端主机ip和被泄露的关键个人信息中“luodexin”的身份证号码。1.请找到被控制的内网终端机器的ip地址。使用32位小写md5进行加密处理,提交格式为flag{md5(xxxx)}。例如经分析后得到的结果为 abc123,通过计算 md5('abc123')=e99a18c428cb38d5f260853678922e03,则提交的答案为 flag{e99a18c428cb38d5f260853678922e03}。日志示例10.112.16.10 - - [17/Nov/2023:03:44:21 +0000] "GET / HTTP/1.1" 200 900 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"10.112.16.160 - - [17/Nov/2023:03:44:24 +0000] "GET /?username=guest&password=123456 HTTP/1.1" 200 874 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"10.112.16.160 - - [17/Nov/2023:03:44:26 +0000] "GET /?username=guest&password=123 HTTP/1.1" 200 874 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"10.112.16.160 - - [17/Nov/2023:03:44:27 +0000] "GET /?username=guest&password=admin HTTP/1.1" 200 874 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"10.112.16.123 - - [17/Nov/2023:03:44:32 +0000] "GET /?username=lisi&password=admin HTTP/1.1" 200 875 "-" "Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5"10.112.16.123 - - [17/Nov/2023:03:44:33 +0000] "GET /?username=lisi&password=admin123 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5"10.112.16.123 - - [17/Nov/2023:03:44:33 +0000] "GET /?username=lisi&password=123 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5"10.112.16.123 - - [17/Nov/2023:03:44:34 +0000] "GET /?username=lisi&password=12345 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5"10.112.16.123 - - [17/Nov/2023:03:44:42 +0000] "GET /?username=liaosu&password=admin888 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.123 - - [17/Nov/2023:03:44:44 +0000] "GET /?username=liaosu&password=admin HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.123 - - [17/Nov/2023:03:44:56 +0000] "GET /?username=chuyulong&password=123 HTTP/1.1" 200 875 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser)"10.112.16.123 - - [17/Nov/2023:03:44:57 +0000] "GET /?username=chuyulong&password=123456 HTTP/1.1" 200 875 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser)"10.112.16.123 - - [17/Nov/2023:03:44:57 +0000] "GET /?username=chuyulong&password=12345 HTTP/1.1" 200 875 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser)"10.112.16.28 - - [17/Nov/2023:03:45:10 +0000] "GET /?username=zhangsan&password=123 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/20.0.019; Profile/MIDP-2.1 Configuration/CLDC-1.1) AppleWebKit/525 (KHTML, like Gecko) BrowserNG/7.1.18124"10.112.16.28 - - [17/Nov/2023:03:45:11 +0000] "GET /?username=zhangsan&password=admin123 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/20.0.019; Profile/MIDP-2.1 Configuration/CLDC-1.1) AppleWebKit/525 (KHTML, like Gecko) BrowserNG/7.1.18124"10.112.16.102 - - [17/Nov/2023:03:45:15 +0000] "GET /?username=liumangxin&password=123 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.337 Mobile Safari/534.1+"10.112.16.102 - - [17/Nov/2023:03:45:16 +0000] "GET /?username=liumangxin&password=123123 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.337 Mobile Safari/534.1+"10.112.16.101 - - [17/Nov/2023:03:45:31 +0000] "-" 408 0 "-" "-"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),1,1))%3E79%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),1,1))%3E103%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),1,1))%3E115%23&password=1 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),1,1))%3E109%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),1,1))%3E112%23&password=1 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),1,1))%3E111%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E79%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E103%23&password=1 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E91%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E97%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E100%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E102%23&password=1 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),2,1))%3E101%23&password=1 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),3,1))%3E79%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),3,1))%3E103%23&password=1 HTTP/1.1" 200 862 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"10.112.16.207 - - [17/Nov/2023:03:45:42 +0000] "GET /?username=1'%20or%20ascii(substr((database()),3,1))%3E115%23&password=1 HTTP/1.1" 200 875 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"知识点日志分析,攻击ip溯源分析WP很明显看到10.112.16.207这个ip存在大量的盲注攻击,所以被控制的内网机器ip为10.112.16.207。计算其md5值可以得到flag:flag{dd84f61edcaac4ebe57644b540536299}
