vulnhub~incllusiveness】的更多相关文章

vulnhub~incllusiveness

这个机子相对简单一点,但是也是从中发现了自己不少问题 技能一:  nmap 扫描发现了21,22 ,80三个端口,并且ftp服务允许匿名登录,在pub目录下面有writeable权限,这就好办了.我以为这会是一个很好的切入口,没想到结果是在匿名登录后所有除了pwd以外的命令都会导致ftp的连接断开.bug如下: 这里来聊聊ftp协议吧: ftp是基于tTCP的应用层协议,不支持UDP. 传输时调用两个端口,分别是数据连接和控制连接.21端口总是控制连接端口,但在ftp不同的工作模式下,数据端口是…

vulnhub writeup - 持续更新

目录 wakanda: 1 0. Description 1. flag1.txt 2. flag2.txt 3. flag3.txt Finished Tips Basic Pentesting: 2 0. Description 1. hydra user 2. john user 3. sudo user Finished Tips wakanda: 1 download url : https://download.vulnhub.com/wakanda/wakanda-1.ova 0.…

Vulnhub Breach1.0

1.靶机信息 下载链接 https://download.vulnhub.com/breach/Breach-1.0.zip 靶机说明 Breach1.0是一个难度为初级到中级的BooT2Root/CTF挑战. VM虚机配置有静态IP地址(192.168.110.140),需要将虚拟机网卡设置为host-only方式组网.非常感谢 Knightmare和rastamouse进行测试和提供反馈.作者期待大家写出文章,特别是通过非预期的方式获取root权限. 目标 Boot to root:获得ro…

HA Joker Vulnhub Walkthrough

下载地址: https://www.vulnhub.com/entry/ha-joker,379/ 主机扫描: ╰─ nmap -p- -sV -oA scan 10.10.202.132Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-23 11:53 CSTNmap scan report for 10.10.202.132Host is up (0.0014s latency).Not shown: 65532 closed portsP…

HA: ISRO Vulnhub Walkthrough

下载地址: https://www.vulnhub.com/entry/ha-isro,376/ 主机扫描: ╰─ nmap -p- -sV -oA scan 10.10.202.131Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 17:09 CSTNmap scan report for 10.10.202.131Host is up (0.0038s latency).Not shown: 65532 closed portsPO…

LAMPSecurity: CTF6 Vulnhub Walkthrough

镜像下载地址: https://www.vulnhub.com/entry/lampsecurity-ctf6,85/ 主机扫描: ╰─ nmap -p- -sV -oA scan 10.10.202.130Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 08:57 CSTNmap scan report for 10.10.202.130Host is up (0.0029s latency).Not shown: 65525 clo…

Hacker Fest: 2019 Vulnhub Walkthrough

靶机地址: https://www.vulnhub.com/entry/hacker-fest-2019,378/ 主机扫描: FTP尝试匿名登录 应该是WordPress的站点 进行目录扫描: python3 dirsearch.py http://10.10.203.17/ -e html,json,php 此外还有一个phpmyadmin http://10.10.203.17/phpmyadmin/index.php 使用wpscan扫描检测插件漏洞 wpscan --url http:…

DC8: Vulnhub Walkthrough

镜像下载链接: https://www.vulnhub.com/entry/dc-8,367/#download 主机扫描: http://10.10.202.131/?nid=2%27 http://10.10.202.131/?nid=2%20and%201=2 # false http://10.10.202.131/?nid=2%20and%201=1 # true http://10.10.202.131/?nid=-2+union+select++(CONCAT_WS(0x203a2…

HA: Infinity Stones Vulnhub Walkthrough

下载地址: https://www.vulnhub.com/entry/ha-infinity-stones,366/ 主机扫描: 目录枚举 我们按照密码规则生成字典:gam,%%@@2012 crunch 12 12 -t gam,%%@@2012 -o dict.txt ╰─ aircrack-ng -w dict.txt reality.cap gamA00fe2012 http://10.10.202.134/gamA00fe2012/realitystone.txt REALITYST…

Sunset: Nightfall Vulnhub Walkthrough

靶机链接: https://www.vulnhub.com/entry/sunset-nightfall,355/ 主机扫描: ╰─ nmap -p- -A 10.10.202.162Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-09 14:23 CSTNmap scan report for 10.10.202.162Host is up (0.0013s latency).Not shown: 65529 closed portsPOR…