下载链接: https://www.vulnhub.com/entry/hackme-1,330/ 网络扫描探测: ╰─ nmap -p1-65535 -sV -A 10.10.202.131 22/tcp open  ssh 80/tcp open  http    Apache httpd 2.4.34 ((Ubuntu)) 可够尝试SSH爆破,发现有次数限制 web入手: 右键源码找到注册接口 注册: admin #  并且成功登录 尝试搜索框注入: POST /welcome.php H…

目录 wakanda: 1 0. Description 1. flag1.txt 2. flag2.txt 3. flag3.txt Finished Tips Basic Pentesting: 2 0. Description 1. hydra user 2. john user 3. sudo user Finished Tips wakanda: 1 download url : https://download.vulnhub.com/wakanda/wakanda-1.ova 0.…

1.靶机信息 下载链接 https://download.vulnhub.com/breach/Breach-1.0.zip 靶机说明 Breach1.0是一个难度为初级到中级的BooT2Root/CTF挑战. VM虚机配置有静态IP地址(192.168.110.140),需要将虚拟机网卡设置为host-only方式组网.非常感谢 Knightmare和rastamouse进行测试和提供反馈.作者期待大家写出文章,特别是通过非预期的方式获取root权限. 目标 Boot to root:获得ro…

下载地址: https://www.vulnhub.com/entry/ha-joker,379/ 主机扫描: ╰─ nmap -p- -sV -oA scan 10.10.202.132Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-23 11:53 CSTNmap scan report for 10.10.202.132Host is up (0.0014s latency).Not shown: 65532 closed portsP…

下载地址: https://www.vulnhub.com/entry/ha-isro,376/ 主机扫描: ╰─ nmap -p- -sV -oA scan 10.10.202.131Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 17:09 CSTNmap scan report for 10.10.202.131Host is up (0.0038s latency).Not shown: 65532 closed portsPO…

镜像下载地址: https://www.vulnhub.com/entry/lampsecurity-ctf6,85/ 主机扫描: ╰─ nmap -p- -sV -oA scan 10.10.202.130Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 08:57 CSTNmap scan report for 10.10.202.130Host is up (0.0029s latency).Not shown: 65525 clo…

靶机地址: https://www.vulnhub.com/entry/hacker-fest-2019,378/ 主机扫描: FTP尝试匿名登录 应该是WordPress的站点 进行目录扫描: python3 dirsearch.py http://10.10.203.17/ -e html,json,php 此外还有一个phpmyadmin http://10.10.203.17/phpmyadmin/index.php 使用wpscan扫描检测插件漏洞 wpscan --url http:…

镜像下载链接: https://www.vulnhub.com/entry/dc-8,367/#download 主机扫描: http://10.10.202.131/?nid=2%27 http://10.10.202.131/?nid=2%20and%201=2 # false http://10.10.202.131/?nid=2%20and%201=1 # true http://10.10.202.131/?nid=-2+union+select++(CONCAT_WS(0x203a2…

下载地址: https://www.vulnhub.com/entry/ha-infinity-stones,366/ 主机扫描: 目录枚举 我们按照密码规则生成字典:gam,%%@@2012 crunch 12 12 -t gam,%%@@2012 -o dict.txt ╰─ aircrack-ng -w dict.txt reality.cap gamA00fe2012 http://10.10.202.134/gamA00fe2012/realitystone.txt REALITYST…

靶机链接: https://www.vulnhub.com/entry/sunset-nightfall,355/ 主机扫描: ╰─ nmap -p- -A 10.10.202.162Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-09 14:23 CSTNmap scan report for 10.10.202.162Host is up (0.0013s latency).Not shown: 65529 closed portsPOR…