Title: 2024 4th FIC Preliminary Competition Writeu

Search Materials

Link: https://pan.baidu.com/s/1fwHb_5svMyK3Gr4-QeNc0Q?pwd=43a3

Mounting password: 2024Fic@Hangzhou Powered~by~HL!

Mobile phone part

1. What is the mobile phone model of the suspect Li? A. Xiaomi MI 2s

B. Xiaomi MI 4C. Xiaomi MI 6

D. Xiaomi MI 8

Analysis of the Bluetooth name in Fire Eye is Xiaomi MI3W

image-20240428163939574 But there is no option, so we can check the phone model through useragent.txt

image-202404281650191512. Is the suspect Li possible that he has a tablet computer device? If there is a model of the device? A. iPad Pro 11

B. Vivo Pad 2

C. MatePad Pro

D. Xiaomi Pad 6swifi connection record

image-202404281652122823. What is the password for the suspect Li to turn on the hot spot on the phone? Fire Eyes are in seconds

image-202404281652461005aada11bc1b5

4. What is the internal WeChat ID of the suspect Li?image-20240428165304967wxid_wnigmud8aj6j12

5. What is the download address of the website source code sent by the suspect Li to the technician?image-20240428165400943 image-20240428165429531 New Buddha said: The monk's hall descends, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk's hall, the monk

The new Buddha is in seconds (http://hi.pcmoe.net/buddha.html)

image-20240428165507691http://www.honglian7001.com/down

6. What is the victim’s WeChat user ID?image-20240428165547833 View chat history

image-20240428165610957wxid_u6umc696cms422

7. When did the suspect Li connect to WIFI for the first time? A. 03-14 15:55:57

B. 03-14 16:55:57C. 03-14 17:55:57

D. 03-14 18:55:57

image-20240428165810208 image-202404281658487248. Analyze the social habits of the suspect Li, which time period is the most active in sending and receiving messages? A. 12:00-14:00

B. 14:00-16:00

C. 16:00-18:00D. 18:00-20:00

Many are 16:00-18:00

image-20240428165929835 image-202404281659427739. Please analyze the suspect's mobile phone. There is another important participant in the gang of the case. The police did not arrest him. The WeChat account ID used by the suspect is? The case materials are written that Li and Zhao have brought rose gold bracelets, but through the chat records, they found that the stupid groundhog also participated.

image-20240428170234471wxid_06f01lnpavn722

10. Please analyze the suspect's mobile phone. The suspect boss organizes personnel to participate in gambling activities. The domestic access portal address used is?image-20240428170342991192.168.110.110:8000/login

Server Cluster Question

1. What is the esxi version of the esxi server? Directly simulate the sample 2, and the fire eye will automatically recognize esxi6.7.0

image-20240428171510091 You can see it after simulation

image-202404281717240206.7.0

2. Please analyze the ESXi server. The installation date of this system is: A. Tuesday, March 12, 2024 02:04:15 UTCB. Tuesday, March 12, 2024 02:05:15 UTC

C. Tuesday, March 12, 2024 02:06:15 UTC

D. Tuesday, March 12, 2024 02:07:15 UTC

Use root + empty password to enter, remember to match the nat subnet IP

image-202404281723022013. Please analyze what is the UUID of the ESXi server data store "datastore"?image-2024042817235764365efb8a8-ddd817f6-04ff-000c297bd0e6

4. The original IP address of the ESXI server?image-20240428172443893192.168.8.112

5. How many virtual machines have been created in the EXSI server?image-202404281725259694

6. What is the IP address bound to the website server? After I started the virtual machine, no ip was displayed

So directly scan 192.168.8.1-192.168.8.255

image-20240428173828294 Only 192.168.8.89 can enter. When I finished scanning, I found that he had an IP again.

Then I also found that 192.168.8.128 is rocketchat. I searched and found that its port was 3000 and also entered the rocketchat background.

192.168.8.89

7. What is the login password of the website server? If your teammates are doing Windows, they may find a Commonpwd.txt to use this dictionary to blast it.

┌──(root㉿kali)-[/home/kali/Desktop]

└─#hydra-lroot-PcommonPwd.txtssh://192.168.8.89

Hydrav9.5(c)2023byvanHauser/THCDavid Maciejak-Pleasedonotuse inmilitaryorsecretservice organizations, orforillegalpurposes(thisisnon-binding, these***ignorelawsandethicsanyway).

Hydra(https://github.com/vanhauser-thc/thc-hydra)startingat2024-04-2818:42:26

[WARNING]ManySSH configurationslimitthenumberofparalleltasks,tisrecommendedtoreducethetasks:use-t4

[DATA]max16tasksper1server, overall16tasks,147logintries(l:1/p:147),~10triespertask

[DATA]attackingssh://192.168.8.89:22/

[22][ssh]host:192.168.8.89login:rootpassword:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

8. The corresponding port number of the login port address of the management panel used by the website server is: Baota seconds

When viewing the default information, you may time out. You can wait or modify it using the following method.

image-20240428184856702 Set up a nameserver for him, and he will immediately return to Could not resolve host, and then it's fine

image-2024042818532236614131

9. What is the web directory of the website server? Change the password for the pagoda

image-20240428185455840 image-20240428185418000 However, the website file was not found in this, and there is a /webapp in the same directory as /www. The source code was found in it.

image-20240428185846395/webapp

10. How many seconds does the connection timeout of Redis in the website configuration be?image-202404281855557320

11. The salt value used in the password of the website's ordinary user is image-20240428191125245!@#qaaxcfvghhjllj788+)_)((

12. What is the encryption algorithm name for the webmaster user password A. des

B. rsa

C. md5

D. bcrypt image-2024042819132290613. When was the website super administrator user account created? A. 2022-05-09 12:44:41

B. 2022-05-09 13:44:41

C. 2022-05-09 14:44:41D. 2022-05-09 15:44:41

See database information in jar package

image-20240428191702606 If the connection is found, it cannot be connected

image-20240428191756881 guess the database may not be opened

Then the database location ip written in the pagoda is 192.168.8.142. In esxi, it is found that the data virtual machine is this ip

Or the previous hydra explosion

┌──(root㉿kali)-[/home/kali/Desktop]

└─#hydra-lroot-PcommonPwd.txtssh://192.168.8.142

Hydrav9.5(c)2023byvanHauser/THCDavid Maciejak-Pleasedonotuse inmilitaryorsecretservice organizations, orforillegalpurposes(thisisnon-binding, these***ignorelawsandethicsanyway).

Hydra(https://github.com/vanhauser-thc/thc-hydra)startingat2024-04-2819:22:57

[WARNING]ManySSH configurationslimitthenumberofparalleltasks,tisrecommendedtoreducethetasks:use-t4

[DATA]max16tasksper1server, overall16tasks,147logintries(l:1/p:147),~10triespertask

[DATA]attackingssh://192.168.8.142:22/

[22][ssh]host:192.168.8.142login:rootpassword:hl@70011of1targetsuccessfully completed,1validpasswordfound

[WARNING]Writingrestorefilebecause2finalworkerthreadsdidnotcompleteuntilend.

[ERROR]2targetsdidnotresolveor could not be connected

[ERROR]0targetdidnotcomplete

Hydra(htt