CISP-PTE 日志分析1

作者:mooyuan天天日期:2026/1/5

目录

一、渗透准备

1、打开靶场

2、开始答题

3、分析日志

(1)基于ip地址分析

(2)基于响应值200分析

二、暴力破解

1、firefox打开adminlogin.php页面

2、bp inception设置为on

3、输入用户名密码登录

4、bp抓包发送到intruder

5、配置intruder的positon

6、配置intruder的payload并开启攻击

7、分析攻击结果

8、正确密码登录

本文详细讲解CTF-PTE靶场日志分析关卡的渗透实战全流程。本文通过分析CTF-PTE靶场日志文件,展示了完整的渗透测试流程。首先基于IP地址172.16.12.12分析攻击行为,发现大量目录扫描和404响应;随后通过200响应值发现针对adminlogin.php的暴力破解尝试。实战部分使用Burp Suite对登录页面进行暴力破解,最终成功获取管理员凭证(admin/please)并获取flag。整个案例演示了如何通过日志分析和工具配合完成渗透测试,包括信息收集、日志分析和暴力破解等关键步骤。

一、渗透准备

1、打开靶场

打开靶场,页面提示“最近管理员很苦恼,发现自己的服务器被人入侵了,但是不知道原因,你能帮帮他吗? 管理员把日志保存下来了,大概分析了一下,有两个IP对服务器进行了攻击, 感觉攻击者的IP是 172.16.12.12 。 日志下载地址:当前目录下的 access.log”,如下所示。

2、开始答题

点击开始答题,进入到如下日志页面下载页面。

http://d82d1369.clsadp.com/access.log

3、分析日志

(1)基于ip地址分析

根据本关卡页面的提示ip地址(172.16.12.12),在日志中搜索172.16.12.12关键字,如下所示。

1172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /nothisexistpage.html HTTP/1.1" 404 296 "-" "-"
2172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /robots.txt HTTP/1.1" 404 286 "-" "-"
3172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /guadmin/login.asp HTTP/1.1" 404 293 "-" "-"
4172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /!admin!/ HTTP/1.1" 404 284 "-" "-"
5172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /%23sql.asp HTTP/1.1" 404 284 "-" "-"
6172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /%23sql.aspx HTTP/1.1" 404 285 "-" "-"
7172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /%23sql.php HTTP/1.1" 404 284 "-" "-"
8172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /../admin HTTP/1.1" 400 304 "-" "-"
9172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /houtai HTTP/1.1" 404 282 "-" "-"
10172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /../admin.asp HTTP/1.1" 400 304 "-" "-"
11172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /../admin.aspx HTTP/1.1" 400 304 "-" "-"
12172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /../admin.php HTTP/1.1" 400 304 "-" "-"
13172.16.12.12 - - [31/Oct/2017:15:32:55 +0800] "GET /../admin/default HTTP/1.1" 400 304 "-" "-"
14172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/default.asp HTTP/1.1" 400 304 "-" "-"
15172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/default.aspx HTTP/1.1" 400 304 "-" "-"
16172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/default.php HTTP/1.1" 400 304 "-" "-"
17172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/index HTTP/1.1" 400 304 "-" "-"
18172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/index.asp HTTP/1.1" 400 304 "-" "-"
19172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/index.aspx HTTP/1.1" 400 304 "-" "-"
20172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/index.php HTTP/1.1" 400 304 "-" "-"
21172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/login HTTP/1.1" 400 304 "-" "-"
22172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/login.asp HTTP/1.1" 400 304 "-" "-"
23172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/login.aspx HTTP/1.1" 400 304 "-" "-"
24172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/login.php HTTP/1.1" 400 304 "-" "-"
25172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/manage HTTP/1.1" 400 304 "-" "-"
26172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/manage.asp HTTP/1.1" 400 304 "-" "-"
27172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/manage.aspx HTTP/1.1" 400 304 "-" "-"
28172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /../admin/manage.php HTTP/1.1" 400 304 "-" "-"
29172.16.12.12 - - [31/Oct/2017:15:32:56 +0800] "GET /admin/login.asp HTTP/1.1" 404 291 "-" "-"
30172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /admin/login.aspx HTTP/1.1" 404 292 "-" "-"
31172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /admin/login.php HTTP/1.1" 404 291 "-" "-"
32172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /szwyadmin/login.asp HTTP/1.1" 404 295 "-" "-"
33172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /szwyadmin/login.aspx HTTP/1.1" 404 296 "-" "-"
34172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /szwyadmin/login.php HTTP/1.1" 404 295 "-" "-"
35172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /_Admin HTTP/1.1" 404 282 "-" "-"
36172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /_admin.asp HTTP/1.1" 404 286 "-" "-"
37172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /_admin.aspx HTTP/1.1" 404 287 "-" "-"
38172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /_admin.php HTTP/1.1" 404 286 "-" "-"
39172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /_Admin/ HTTP/1.1" 404 283 "-" "-"
40172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /_database/ HTTP/1.1" 404 286 "-" "-"
41172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /1.asa HTTP/1.1" 404 281 "-" "-"
42172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /1.asp HTTP/1.1" 404 281 "-" "-"
43172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /1.aspx HTTP/1.1" 404 282 "-" "-"
44172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /1.php HTTP/1.1" 404 281 "-" "-"
45172.16.12.12 - - [31/Oct/2017:15:32:57 +0800] "GET /1.rar HTTP/1.1" 404 281 "-" "-"
46172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /1.txt HTTP/1.1" 404 281 "-" "-"
47172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11.asa HTTP/1.1" 404 282 "-" "-"
48172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11.asp HTTP/1.1" 404 282 "-" "-"
49172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11.aspx HTTP/1.1" 404 283 "-" "-"
50172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11.php HTTP/1.1" 404 282 "-" "-"
51172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11.rar HTTP/1.1" 404 282 "-" "-"
52172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11/ HTTP/1.1" 404 279 "-" "-"
53172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /111.asa HTTP/1.1" 404 283 "-" "-"
54172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /111.asp HTTP/1.1" 404 283 "-" "-"
55172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /111.aspx HTTP/1.1" 404 284 "-" "-"
56172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /111.php HTTP/1.1" 404 283 "-" "-"
57172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /111.rar HTTP/1.1" 404 283 "-" "-"
58172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /111/ HTTP/1.1" 404 280 "-" "-"
59172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11111/ HTTP/1.1" 404 282 "-" "-"
60172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11111/index.asp HTTP/1.1" 404 291 "-" "-"
61172.16.12.12 - - [31/Oct/2017:15:32:58 +0800] "GET /11111/index.aspx HTTP/1.1" 404 292 "-" "-"
62172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /11111/index.php HTTP/1.1" 404 291 "-" "-"
63172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /115cn.asp HTTP/1.1" 404 285 "-" "-"
64172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /115cn.aspx HTTP/1.1" 404 286 "-" "-"
65172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /115cn.php HTTP/1.1" 404 285 "-" "-"
66172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123.asa HTTP/1.1" 404 283 "-" "-"
67172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123.asp HTTP/1.1" 404 283 "-" "-"
68172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123.aspx HTTP/1.1" 404 284 "-" "-"
69172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123.php HTTP/1.1" 404 283 "-" "-"
70172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123.rar HTTP/1.1" 404 283 "-" "-"
71172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123.txt HTTP/1.1" 404 283 "-" "-"
72172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /123/ HTTP/1.1" 404 280 "-" "-"
73172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /1234.asa HTTP/1.1" 404 284 "-" "-"
74172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /1234.asp HTTP/1.1" 404 284 "-" "-"
75172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /1234.aspx HTTP/1.1" 404 285 "-" "-"
76172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /1234.php HTTP/1.1" 404 284 "-" "-"
77172.16.12.12 - - [31/Oct/2017:15:32:59 +0800] "GET /1234.rar HTTP/1.1" 404 284 "-" "-"
78172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12345.asa HTTP/1.1" 404 285 "-" "-"
79172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12345.asp HTTP/1.1" 404 285 "-" "-"
80172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12345.aspx HTTP/1.1" 404 286 "-" "-"
81172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12345.php HTTP/1.1" 404 285 "-" "-"
82172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12345.rar HTTP/1.1" 404 285 "-" "-"
83172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /123456.asa HTTP/1.1" 404 286 "-" "-"
84172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /123456.asp HTTP/1.1" 404 286 "-" "-"
85172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /123456.aspx HTTP/1.1" 404 287 "-" "-"
86172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /123456.php HTTP/1.1" 404 286 "-" "-"
87172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /123456.rar HTTP/1.1" 404 286 "-" "-"
88172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12912.asp HTTP/1.1" 404 285 "-" "-"
89172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12912.aspx HTTP/1.1" 404 286 "-" "-"
90172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /12912.php HTTP/1.1" 404 285 "-" "-"
91172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /1ndex.asp HTTP/1.1" 404 285 "-" "-"
92172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /1ndex.aspx HTTP/1.1" 404 286 "-" "-"
93172.16.12.12 - - [31/Oct/2017:15:33:00 +0800] "GET /1ndex.php HTTP/1.1" 404 285 "-" "-"
94172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2.txt HTTP/1.1" 404 281 "-" "-"
95172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2/ HTTP/1.1" 404 278 "-" "-"
96172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2001/ HTTP/1.1" 404 281 "-" "-"
97172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2002/ HTTP/1.1" 404 281 "-" "-"
98172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2003/ HTTP/1.1" 404 281 "-" "-"
99172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2004/ HTTP/1.1" 404 281 "-" "-"
100172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2005/ HTTP/1.1" 404 281 "-" "-"
101172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2005kycj/ HTTP/1.1" 404 285 "-" "-"
102172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2006.asp HTTP/1.1" 404 284 "-" "-"
103172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2006.aspx HTTP/1.1" 404 285 "-" "-"
104172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2006.php HTTP/1.1" 404 284 "-" "-"
105172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2006/ HTTP/1.1" 404 281 "-" "-"
106172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2007/ HTTP/1.1" 404 281 "-" "-"
107172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2008/ HTTP/1.1" 404 281 "-" "-"
108172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /2088shop HTTP/1.1" 404 284 "-" "-"
109172.16.12.12 - - [31/Oct/2017:15:33:01 +0800] "GET /22.asa HTTP/1.1" 404 282 "-" "-"
110......

(2)基于响应值200分析

继续搜索响应值为200的日志记录,如下所示发现海量POST /adminlogin.php报文,猜测是对login页面进行暴力破解。

1172.16.12.12 - - [31/Oct/2017:15:45:20 +0800] "GET /adminlogin.php HTTP/1.1" 200 1888 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
2172.16.12.12 - - [31/Oct/2017:15:45:20 +0800] "GET /css/normalize.css HTTP/1.1" 200 7546 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
3172.16.12.12 - - [31/Oct/2017:15:45:20 +0800] "GET /css/grid.css HTTP/1.1" 200 14433 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
4172.16.12.12 - - [31/Oct/2017:15:45:21 +0800] "GET /css/style.css HTTP/1.1" 200 51433 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
5172.16.12.12 - - [31/Oct/2017:15:45:21 +0800] "GET /css/jquery-ui.js HTTP/1.1" 200 153706 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
6172.16.12.12 - - [31/Oct/2017:15:45:21 +0800] "GET /css/jquery.js HTTP/1.1" 200 247165 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
7172.16.12.12 - - [31/Oct/2017:15:45:21 +0800] "GET /css/typecho.js HTTP/1.1" 200 40629 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
8172.16.12.12 - - [31/Oct/2017:15:45:21 +0800] "GET /img/typecho-logo.svg HTTP/1.1" 404 296 "http://172.16.12.11:84/css/style.css" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
9172.16.12.12 - - [31/Oct/2017:15:45:28 +0800] "POST /login.php HTTP/1.1" 404 285 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
10172.16.12.12 - - [31/Oct/2017:15:46:43 +0800] "GET /adminlogin.php HTTP/1.1" 200 1893 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
11172.16.12.12 - - [31/Oct/2017:15:46:50 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
12172.16.12.12 - - [31/Oct/2017:15:46:50 +0800] "GET /img/typecho-logo.svg HTTP/1.1" 404 296 "http://172.16.12.11:84/css/style.css" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
13172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
14172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
15172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
16172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
17172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
18172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
19172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
20172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
21172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
22172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
23172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
24172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
25172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
26172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
27172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
28172.16.12.12 - - [31/Oct/2017:15:47:42 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
29172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
30172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
31172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
32172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
33172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
34172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
35172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
36172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
37172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
38172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
39172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
40172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
41172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
42172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
43172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
44172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
45172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
46172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
47172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
48172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
49172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
50172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
51172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
52172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
53172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
54172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
55172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
56172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
57172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
58172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
59172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
60172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
61172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
62172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
63172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
64172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
65172.16.12.12 - - [31/Oct/2017:15:47:43 +0800] "POST /adminlogin.php HTTP/1.1" 200 1893 "http://172.16.12.11:84/adminlogin.php" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36"
66......

二、暴力破解

1、firefox打开adminlogin.php页面

http://d82d1369.clsadp.com/adminlogin.php

firefox打开adminlogin.php页面,注意启动burpsuite,同时浏览器开启代理并指向burpsuite,如下所示进入了登陆页面,和我们日志分析的结果一样,这是一个登录页面且无需验证码,接下来我们需要对其暴力破解。

2、bp inception设置为on

firefox的代理配置为指向burpsuite,同时开启bp并将inception设置为on,如下所示。

3、输入用户名密码登录

用户名输入admin,密码随机输入mooyuan,如下所示点击登录。

4、bp抓包发送到intruder

浏览器点击登录,如下所示报文被bp抓到,右键将其发送到intruder。

发送到intruder后,点击clear,使左下角的payload postion数量为0,如下所示。

5、配置intruder的positon

选中password对应的mooyuan,将其加入到payload positon中,如下所示。

6、配置intruder的payload并开启攻击

Payload选择密码字典top1000.txt,配置完毕点击Start attack开始攻击。

7、分析攻击结果

攻击结束后,可以发现响应报文的长度绝大多数都是2246,效果如下所示。

观察每一个攻击结果的长度,并对其进行排序,发现有一个长度与其他的都不同,点击此报文如下所示。

8、正确密码登录

输入用户名admin和密码please登录,如下所示。

点击登录后,成功进入了显示flag的页面,具体如下所示。

CISP-PTE 日志分析1》 是转载文章,点击查看原文

上一篇:Linux系统安全及应用(账号权限管理、登录控制、弱口令、端口扫描)

下一篇:Elasticsearch 8.13.4 动态同义词实战全解析

相关推荐

从“单机”到“分布式”到“集群”,服务经历了什么?
哈里谢顿2025/12/27

【万字长文·图解】 从“单机”到“分布式”到“集群”——一次讲透两者的区别、联系、落地场景与常见架构 一、先放一张脑图 单机(one box)────┬──> 集群(Cluster):多台机器干**同一件事**(横向复制) └──> 分布式(Distributed):多台机器干**不同的事**(横向拆分) 关键词 集群 = 人多力量大(量) 分布式 = 专人干专事(分工) 现实中往往“分布式 + 集群”混合出现(既拆分又复制) 二、集群(Cluster)

谷歌的大反击:Gemini 3 Flash 让“快”和“聪明”终于握手言和
墨风如雪2025/12/18

还记得以前我们怎么挑选大模型吗?我们要么忍受旗舰模型“老牛拉破车”般的推理速度,只为求一个靠谱的答案;要么为了秒回的快感,去忍受轻量级模型偶尔的“胡言乱语”。 在这个2025年的尾巴,谷歌似乎终于要把这道选择题撕掉了。 12月17日,Gemini 3 Flash 正式上线。如果不看发布会,光看名字,你可能会以为这又是一个为了省钱而不得不做出的妥协版。但上手实测并扒开数据一看,这次的情况有点不一样。谷歌不想让你把它当备胎,而是想让它成为你每天都在用的主力。 速度不再是智商的敌人 让我们先聊聊最直

Labview 与欧姆龙 PLC 的 Ethernetip TCP 网口通讯:CIP 通讯的魅力
qq 8762239652025/12/10

Labview Ethernetip TCP网口通讯欧姆龙PLC OmronNX1P2NJ501NJ301PLC标签通讯 CIP通讯比Fins通讯更完美。 1.自定义变量读写 2.支持 Bool单点或数组读写 3支持数字格式单个或者数组读写 4支持浮点数单个或者数组读写 程序经过测试准确运行从此远离%转换成Fins. 在自动化控制领域,Labview 与欧姆龙 PLC 的通讯是很多工程师会面临的课题。今天咱就唠唠 Labview 通过 Ethernetip TCP 网口和欧姆龙 NX1P2

单片机手搓掌上游戏机(十六)—pico运行fc模拟器之程序修改烧录
Bona Sun2025/11/30

我们来山寨picosystem,毕竟79刀,有些地方还是要简化修改的。 到: https://github.com/fhoedemakers/PicoSystem_InfoNes 下载zip或者git clone都可以。 解压缩,用vscode 打开文件夹   修改的地方:  首先是那个VSYNC,也就是8引脚的一个输入信号,我能买到的st7789上都没有这个引脚,看了一下代码 就是等待它的下降沿,也就知道该刷下一屏了。  其实没多大作用,我孤陋寡闻,还没见过屏幕撕裂,

React Native for Harmony:订单列表页面状态筛选完整实现
lili-felicity2026/1/13

目录 核心知识点:订单列表状态筛选 完整核心用法 1.1 核心内置 API/Hook/组件 介绍实战开发:双版本完整实现 2.1 版本一:基础极简版 - 订单状态单选筛选OpenHarmony6.0+ TS环境专属避坑指南扩展用法:订单筛选高频进阶技巧 一、核心知识点:订单列表状态筛选 完整核心用法 1、核心内置 API/Hook/组件 介绍 本次实现的订单列表「状态筛选」功能,全程基于React Native原生核心能力开发、无任何第三方依赖、无鸿蒙原生桥接代码,所有能力完美适配鸿蒙端,且在T

【Linux 系统开发】基础开发工具详解:软件包管理器、编辑器。编译器开发实战
纵有疾風起2026/1/21

目录 引言 一. 软件包管理器 1.1 什么是软件包 1.2 Linux软件生态 1.3 如何使用yum/apt 1.4 安装源 二. 编辑器Vim 2.1 Linux编辑器-vim 2.2 vim的基本概念 2.3 vim的基本操作 2.4 vim命令模式命令集 1)进入插入模式: 2)从插入模式切换为命令模式 : 3)移动光标 : 4)删除文字: 4)复制: 5)替换: 6)撤销上一次操作: 7)更改 : 8)跳至指定的行: 总结并拓展: 2.5

上一篇:Linux系统安全及应用(账号权限管理、登录控制、弱口令、端口扫描)

下一篇:Elasticsearch 8.13.4 动态同义词实战全解析

首页编辑器站点地图

本站内容在 CC BY-SA 4.0 协议下发布

Copyright © 2026 XYZ博客