https://buuoj.cn/challenges#[%E5%AE%89%E6%B4%B5%E6%9D%AF%202019]Attack![BUUCTF:[安洵杯 2019]Attack_HTTP](https://s2.51cto.com/images/blog/202306/19154634_649007da73b531148.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
Attack.pcap
foremost分离
![BUUCTF:[安洵杯 2019]Attack_HTTP_02](https://s2.51cto.com/images/blog/202306/19154634_649007da8c2f154151.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
得到一个压缩包但是需要密码,接着看
![BUUCTF:[安洵杯 2019]Attack_压缩包_03](https://s2.51cto.com/images/blog/202306/19154634_649007daa342f94007.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
wireshark导出HTTP
![BUUCTF:[安洵杯 2019]Attack_压缩包_04](https://s2.51cto.com/images/blog/202306/19154634_649007dab91fd79467.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
发现lsass.dmp文件,使用mimikatz读取其内容
privilege::debug
sekurlsa::minidump lsass.dmp
sekurlsa::logonpasswords full![BUUCTF:[安洵杯 2019]Attack_HTTP_05](https://s2.51cto.com/images/blog/202306/19154634_649007dad0fa275721.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
得到了Administrator用户的密码:W3lc0meToD0g3,作为解压密码,解压压缩包得到flag
![BUUCTF:[安洵杯 2019]Attack_压缩包_06](https://s2.51cto.com/images/blog/202306/19154634_649007dae6ced16905.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
flag{3466b11de8894198af3636c5bd1efce2}
