对于不少喜欢网络安全的小伙伴,一直在很焦虑。如何学习网络安全,但由于各类平台和自身硬件等方面的限制。学习起来很吃力,故而本文为搭建分享一款在线靶场环境
TryHackMe
推荐理由
-
对自身硬件没有太高的要求,有个浏览器就行了。
-
支持THM AttackBox 无需安装kali等系统,在浏览器直接启动虚拟系统。
注册
注册需要友好接入网络。没有不能愉快上网,我们需要在浏览器中安装插件Header Editor
安装完成后,将下面内容保存为txt。导入插件中!
{
"request": [
{
"enable": true,
"name": "Google APIs",
"ruleType": "redirect",
"matchType": "regexp",
"pattern": "^http(s?)://ajax\\.googleapis\\.com/(.*)",
"exclude": "",
"isFunction": false,
"action": "redirect",
"to": "https://gapis.geekzu.org/ajax/$2",
"group": "Google Redirect"
},
{
"enable": true,
"name": "reCaptcha",
"ruleType": "redirect",
"matchType": "regexp",
"pattern": "^http(s?)://(?:www\\.|recaptcha\\.|)google\\.com/recaptcha/(.*)",
"exclude": "",
"isFunction": false,
"action": "redirect",
"to": "https://recaptcha.net/recaptcha/$2",
"group": "Google Redirect"
}
],
"sendHeader": [],
"receiveHeader": [
{
"enable": true,
"name": "Content Security Policy Header Modification",
"ruleType": "modifyReceiveHeader",
"matchType": "all",
"pattern": "",
"exclude": "",
"isFunction": true,
"code": "let rt = detail.type;\nif (rt === 'script' || rt === 'stylesheet' || rt === 'main_frame' || rt === 'sub_frame') {\n for (let i in val) {\n if (val[i].name.toLowerCase() === 'content-security-policy') {\n let s = val[i].value;\n s = s.replace(/googleapis\\.com/g, '$& https://gapis.geekzu.org');\n s = s.replace(/recaptcha\\.google\\.com/g, '$& https://recaptcha.net');\n s = s.replace(/google\\.com/g, '$& https://recaptcha.net');\n s = s.replace(/gstatic\\.com/g, '$& https://*.gstatic.cn');\n val[i].value = s;\n }\n }\n}",
"group": "Google Redirect"
}
]
}
完成之后,便可以正常注册了。
牛刀小试
点击右上角的IP地址,出现如下效果。我们选择AttackBox。
完成后,左边为靶场环境,右边为在线Linux主机。里面常用的安全工具都包含了。当然你也可以用apt命令进行安装。
Hash破解
我们可以来到实践关卡。Crack the hash破解!
给你给出了hash值,需要我们破解后,在下方输入解密后的信息。
标签:hash,recaptcha,hashcat,新手入门,https,靶场,com,破解,TryHackMe From: https://blog.csdn.net/Lucker_YYY/article/details/142351518