andawakin/ctf-writeups
GitHub: andawakin/ctf-writeups
这是一个关于TryHackMe平台CTF靶场的解题记录集合,涵盖了Web渗透、漏洞利用、逆向工程及权限提升等实战技巧。
Stars: 0 | Forks: 0
# TryHackMe Writeups
我在 TryHackMe 上对各个房间的解题汇总。每个文件夹都是一个独立的房间,包含了解题步骤、命令和截图的描述。
## 房间
| 房间 | 难度 | 主题 |
|---|---|---|
| [AgentSudo](TryHackMe/AgentSudo/) | Easy | User-Agent, FTP bruteforce, Steganography, CVE-2019-14287 |
| [BasicPentesting](TryHackMe/BasicPentesting/) | Easy | SMB, Gobuster, SSH bruteforce, SSH key cracking |
| [BountyHacker](TryHackMe/BountyHacker/) | Easy | Anonymous FTP, Hydra, GTFOBins (tar) |
| [BricksHeist](TryHackMe/BricksHeist/) | Medium | CVE-2024-25600, WordPress RCE |
| [Compiled](TryHackMe/Compiled/) | Easy | Reverse Engineering, Ghidra |
| [CrackTheHash](TryHackMe/CrackTheHash/) | Easy | MD5, SHA-1, bcrypt, NTLM, hashcat, john |
| [CryptoFailures](TryHackMe/CryptoFailures/) | Medium | JWT, Base64, 弱算法 |
| [Internal](TryHackMe/Internal/) | Hard | WordPress, WPScan, PHP reverse shell, Jenkins, SSH tunneling |
| [Kenobi](TryHackMe/Kenobi/) | Easy | SMB, NFS, ProFTPD mod_copy, PATH hijacking |
| [LazyAdmin](TryHackMe/LazyAdmin/) | Easy | SweetRice CMS, SQL backup, john, sudo perl |
| [MD2PDF](TryHackMe/MD2PDF/) | Easy | Server-Side XSS, HTML Injection, SSRF |
| [mrRobot](TryHackMe/mrRobot/) | Medium | WordPress, WPScan, PHP reverse shell, SUID Nmap |
| [Neighbour](TryHackMe/Neighbour/) | Easy | IDOR |
| [OhSint](TryHackMe/OhSint/) | Easy | OSINT, ExifTool, BSSID, Wigle.net |
| [RootMe](TryHackMe/RootMe/) | Easy | File upload bypass, SUID python |
| [SkyNet](TryHackMe/SkyNet/) | Easy | SMB, Squirrelmail, RFI, tar wildcard injection |
| [TheGame](TryHackMe/TheGame/) | Medium | Web exploitation |
## 结构
```
TryHackMe/
├── AgentSudo/
│ ├── README.md
│ └── screenshots/
├── BountyHacker/
│ ├── README.md
│ └── screenshots/
...
```
## 工具
- **侦察**: Nmap, Gobuster, ffuf, WPScan, smbmap, smbclient
- **暴力破解**: Hydra, john, hashcat
- **利用**: Netcat, Burp Suite, Metasploit
- **后渗透**: GTFOBins, LinPEAS
- **逆向**: Ghidra, strings, binwalk, ExifTool
- **加密/隐写**: steghide, CyberChef, CrackStation
## TryHackMe 个人资料
[andawakin](https://tryhackme.com/p/andawakin)
标签:CISA项目, CTI, DOS头擦除, ESC4, ExifTool, Ghidra, Go语言工具, Hydra, IP 地址批量处理, Jenkins, JWT, NFS, OSINT, PoC, RFI, SMB, SSH, SSRF, SUID, TryHackMe, Web安全, WordPress, WPScan, Writeup, XSS, XXE攻击, 云资产清单, 人体姿态估计, 内存分配, 威胁模拟, 密码破解, 提权, 文件完整性监控, 文档安全, 暴力破解, 漏洞情报, 网络安全审计, 网络安全教程, 蓝队分析, 逆向工具, 逆向工程, 错误配置检测, 隐写术