AWD thinking

1. You have to download it first html file , Database backup ：mysqldump -u user -p choosedb > /tmp/db.sql /mysql -u user name -p password Database name < bak.sql/
1. First change your login password （ The password is the same by default ）,
2. Connect someone else's account remotely , You can log into their database , Then delete the library
3. On the outside there is flag The file of
4. Scan your website for vulnerabilities ,
5. Disguise the Trojan horse as someone else's website php file , Then the other party's address plus path execution
6. Configuration file in data/config.php below
7.flag stay home/flag Next
8. The attacker gets the vulnerability to attack , Defensive changes
9. First deployment WAF, Then scan the back door , Code audit , File monitoring
One . hold WAF Drag files to app Under the folder , stay config.php Add a line inside include(‘waf.php’);
3. Just put web Just download the file on the end
Two . They can only delete app The file of
token It's a submission flag The interface of the
4. download web End of the file , Then check the back door
5. Find a word back door , Remote connection , obtain flag
One 、 Defensive process
What defensive teammates do is simply , According to priority, there are the following ：

1. A top priority ： Back up the website source code and database . This function has two functions , First, in case you can't recover after you change the website source code or database , Second, referees usually have regular meetings Check Whether the service is normal , If it is abnormal, points will be deducted , Therefore, backup can also prevent the opponent from invading the host and quickly restore the service after deleting the source code .
2. System security check . It's just a port that shouldn't be opened 3306 Has it been turned on 、 There are no restrictions SSH land 、SSH password modify 、MySQL Whether it is the default password, etc , Here you can brush it with a script .
3. Deploy WAF. Use what you prepared in advance WAF, Rapid deployment using scripts , However, pay attention to whether the service will not be available after deployment .
4. Modify the permissions . for instance MySQL User table reading permission , Whether the upload directory has executable permissions, etc .
5. Deploy file monitoring script . Monitor whether the directory with read-write permission is added 、 Delete files and remind them in time . Here under , If you are planted with an immortal horse, you usually have the following methods of restraint ：
   Force kill Restart the service after dropping the process
   Create a file or directory with the same name as the undead horse
   Write scripts to constantly delete files
   Keep writing a file with the same name as the undead horse
6. Deploy the traffic monitoring script or turn on server logging . The purpose is mainly for traffic playback , See how other big guys hit our machine with loopholes we didn't find , After capturing it, play back the incomprehensible traffic directly to other machines , I have to mention , When we attack ourselves , Also try to confuse your attack traffic , Can't be easily used by others .
   At the beginning of the game , When we connect ssh When , The first thing we should do is to put the source code down Come down , Make a backup in time .
   Then try not to violate the organizer check Hang your own waf.
   When you find yourself beaten , First try to restore the previous backup ( Remember to back up the current ), If you are still beaten , At this time, you should share a good job with your teammates ,
   7. Restrain the undead horse ： Create a folder with the same name as the horse generated by the undead horse .
   8. Find the log address
   /var/log/apache2/
   /usr/local/apache2/logs
   9. Code audit capability （ The defenders ） And the ability to write automated scripts （ The attacker ）
   step ：
   1. Back up the server immediately after the game web A file in a directory (/var/www/html), This is the basis of self audit , It is also a prerequisite to prevent the server from returning to its initial state immediately in case of exceptions in the game .
   2. After the game starts , If you find each team SSH The account and password are the same （ In a certain game phpcms、wordpress）, The password needs to be changed immediately , If it is changed by other teams, then gg 了 .
   3. After finding the back door , Delete for the first time , Which line of a sentence is deleted
   1. Change ssh password
   When the official gives the server password , It is likely to be the default , You need to change your password quickly and try to log in to someone else's target plane , Make a mess hey hey ~
   2.dump Source code
   First of all, there may be no source code , You need to complete the source code yourself dump Come down .
   3. Monitor script on
   It was supposed to put a pass first waf Of , But it is said that it is very easy to be check down, Better not move , Sometimes take flag Points are not as good as down More points , It's hard .include(‘watch.py’);
   select host,user,password from mysql.user; // see host、user、password Three fields
   update mysql.user set password=password(‘himaliya’) where user=‘root’; // After modifying the database account root password
   delete from mysql.user where user=‘debian-sys-maint’; // Delete database debian-sys-maint Anonymous accounts
   After modifying the data password, you need to web Modify relevant configuration items in the application ;
   passwd // Change login password
   netstat -pantu // Check ports and services
   ls -al // see web Application log
   mysqldump -uroot -proot --events --ignore-table=mysql.events --all-databases > all.sql // Back up all databases
   mysqldump -uroot -proot mysql >db.sql
   mysqldump -uroot -proot mysql >/tmp/db.sql;