2025/11/04/HackMyVMSoc1/ #6
giscus[bot]
bot
Replies: 1 comment
-
|
设计上是希望通过了解splunk的密码文件结构($SPLUNK_HOME/etc/passwd , passwd.bak, passwd.old)来获取信息以达到初步的访问。另外一开始是抱着设计成代码审计直接通过search跑spl达到rce的,但是由于exploit没公开让各位直接做太难了所以降了一下难度,也能够让大家了解splunk这个蓝队产品。谢谢你的writeup! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
2025/11/04/HackMyVMSoc1/
Soc1 https://hackmyvm.eu/machines/machine.php?vm=Soc1 Recon PortScan 开放了多个 Web 服务 (Apache, Splunk, Jenkins) 和一个数据库服务 (MongoDB) 枚举 web 首先还是看 WEB 服务,但是貌...
https://www.sunsetaction.top/2025/11/04/HackMyVMSoc1/
Beta Was this translation helpful? Give feedback.
All reactions