DC:1渗透笔记 靶机下载地址:https://www.vulnhub.com/entry/dc-1,292/ kali ip地址 信息收集 首先扫描一下靶机ip地址 nmap -sP 192.168.20.0/24 扫描开放端口 nmap -A 192.168.20.128 开放22 80 111端口,111端口为rpcbind漏洞(该漏洞可使攻击者在远程rpcbind绑定主机上任意大小的内存(每次攻击最高可达4GB),除非进程崩溃,或者管理员挂起/重启rpcbind服务,否则该内存不会被释放…

首先地址探测找到主机IP: root@kali:~# nmap -sn 192.168.74.139/24 Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-10 09:47 CST Nmap scan report for 192.168.74.1 Host is up (0.00051s latency). MAC Address: 00:50:56:C0:00:01 (VMware) Nmap scan report for 192.16…

DC1 文章前提概述 本文介绍DC-1靶机的渗透测试流程 涉及知识点(比较基础): nmap扫描网段端口服务 msf的漏洞搜索 drupal7的命令执行利用 netcat反向shell mysql的基本操作 sudi提权 基本环境搭建 靶机下载地址:http://www.five86.com/downloads/DC-1.zip https://download.vulnhub.com/dc/DC-1.zip VMware(windows):https://www.52pojie.cn/thre…

靶机下载地址: https://www.vulnhub.com/entry/dc-7,356/ 主机扫描: http://10.10.202.161/ Google搜索下: SSH 登录 以上分析得出:此脚本是root每三分钟执行一次,并且www-data用户具有写入权限,因此需要想办法获取此权限,进行写入shell反弹即可 https://www.digitalocean.com/community/tutorials/a-beginner-s-guide-to-drush-the-drupa…

信息收集: root@kali:/opt/test# nmap -A -v 192.168.76.137 Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-21 21:51 CST NSE: Loaded 151 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 21:51 Completed NSE at 21:51, 0.00s elapsed Initiat…

出品|MS08067实验室(www.ms08067.com) 本文作者:大方子(Ms08067实验室核心成员) 主机信息 Kali:192.168.56.113 DC9:192.168.56.112 实验过程 先进行主机探测,查找靶机的IP地址: arp‐scan ‐‐interface eth1 192.168.56.1/24 用nmap对主机进行排查确定,DC9的IP地址为192.168.56.112 可以看到DC开放了80端口以及22端口(被过滤) nmap ‐sC ‐sV ‐oA dc‐…

通过nmap扫描,只开放了80端口,并且该web服务是基于Joomla搭建: root@kali:~# nmap -A 192.168.74.140 Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-15 10:06 CST Nmap scan report for 192.168.74.140 Host is up (0.00046s latency). Not shown: 999 closed ports PORT STATE SERVI…

信息收集: yurang@kali:~$ nmap -sn 192.168.76.1/24 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-04 21:52 CST Nmap scan report for 192.168.76.129 Host is up (0.0044s latency). Nmap scan report for 192.168.76.131 Host is up (0.0038s latency). Nmap don…

1.靶机信息 下载链接 https://download.vulnhub.com/breach/Breach-1.0.zip 靶机说明 Breach1.0是一个难度为初级到中级的BooT2Root/CTF挑战. VM虚机配置有静态IP地址(192.168.110.140),需要将虚拟机网卡设置为host-only方式组网.非常感谢 Knightmare和rastamouse进行测试和提供反馈.作者期待大家写出文章,特别是通过非预期的方式获取root权限. 目标 Boot to root:获得ro…

下载地址: https://www.vulnhub.com/entry/nezuko-1,352/ 虚拟机启动,设置IP地址DHCP获取 主机发现扫描: 主机层面扫描: ╰─ nmap -p1-65535 -A 10.10.202.155Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-06 11:01 CSTNmap scan report for 10.10.202.155Host is up (0.00058s latency).Not…