一、靶场地址
https://buuoj.cn/challenges#[安洵杯%202019]Attack
二、复现步骤
1、下载题目给的附件,解压是一个pcap包文件,用wireshark打开;
2、利用wireshark过滤语法,tcp contains “flag”,全局搜索flag;
3、右键追踪HTTP Stream流,发现flag.txt和压缩包文件;
4、将所有数据包扔给deepseek,得到压缩包的十六进制数;
504b03041400090063000a006e4f70f6dd0b6b000000d400000008000b00666c61672e7478740199070001004145030800401dc45850f69acf81a07a849f0f9a3ab553a95fe219de8ee32ab7c9e1826054187db53ab64d2e3b4045e95ef6d0eec1b41de18d33ad21ee3b53aefc31a1a5ab65efa829475e6758343d3b745f414b5194e3f50648b85f0a899cd09a7b9ee0ed4e9c86f294919fccfacafb504b070870f6dd0b6b000000d4000000504b01021f001400090063000a006e4f70f6dd0b6b000000d400000008002f0000000000000020080000000000666c61672e7478740a0020000000000001001800904623733b9ad501904623733b9ad5014e10a5ca3a9ad5010199070001004145030800504b0506000000000100010065000000ac0000002f00d5e2bfc9cac761646d696e6973747261746f72b5c4c3d8c3dca3acd4f5c3b4c4dccbe6b1e3b8f8c8cbbfb4c4d8a3bf6165646339
5、十六进制转文件:https://tool.hiofd.com/hex-convert-file-online/
提示解压需要密码
5、将pcap包的文件导出来,发现lsass.dmp文件;
6、利用mimikatz获取lsass.dmp文件的密码,将lsass.dmp文件复制到mimikatz目录,执行下面的命令,得到密码W3lc0meToD0g3;
mimikatz官方下载地址:https://github.com/gentilkiwi/mimikatz/
privilege::debug
sekurlsa::minidump lsass.dmp
sekurlsa::logonpasswords full
7、解压划到最后面得到flag;
flag{3466b11de8894198af3636c5bd1efce2}
