Rick
- ページにアクセスすると,アクセス元にSSHでログインしようとしてくる。
- auth.logには admin, oracle, hansユーザへのアクセスの試行
Kippoでログインパスワードを入手
2014-12-29 19:40:22+0900 [SSHService ssh-userauth on HoneyPotTransport,13,188.40.18.67] login attempt [hans/=l@Zy+&'}M_.]<zEcDN9] failed
得られたパスワードでサーバへログイン
$ ssh hans@188.40.18.67 The authenticity of host '188.40.18.67 (188.40.18.67)' can't be established. ECDSA key fingerprint is 38:ac:84:56:b7:a9:32:55:0a:43:23:44:1f:2c:10:ab. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '188.40.18.67' (ECDSA) to the list of known hosts. hans@188.40.18.67's password: Last login: Mon Dec 29 11:32:58 2014 from ***** hans@31c3ctf-rick:~$ hans@31c3ctf-rick:~$ ls flag.txt hans@31c3ctf-rick:~$ cat flag.txt 31c3_a5bb3ead8fbc6617374ea3f57f0563d2