Six_plum

发表于2024-11-26|更新于2024-11-26|渗透|vulnhub

vulnhub-DC-9信息收集nmap扫一下 1234567891011121314151617181920212223└─# nmap -A -p1-65535 192.168.20.139 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-26 19:54 CSTNmap scan report for 192.168.20.139Host is up (0.0015s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp filtered ssh80/tcp open http Apache httpd 2.4.38 ((Debian))|_http-title: Example.com - Staff Details - Welcome|_http-server-header: Apache/2.4.38 (Debian)MAC Address: 00:0C:29:8D:A7:50 ...

vulnhub-DC-8

发表于2024-11-25|更新于2024-11-25|渗透|vulnhub

vulnhub-DC-8信息收集还是nmap扫一下端口 1234567891011121314151617181920212223242526272829303132333435└─# nmap -A -p1-65535 192.168.20.138Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-25 18:46 CSTNmap scan report for 192.168.20.138Host is up (0.0013s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)| ssh-hostkey: | 2048 35:a7:e6:c4:a8:3c:63:1d:e1:c0:ca:a3:66:bc:88:bf (RSA)| 256 ab:ef:9f:69:ac:ea:54:c6:8 ...

vulnhub-DC-7

发表于2024-11-21|更新于2024-11-21|渗透|vulnhub

vulnhub-DC-7信息收集nmap扫描，忘截图了，是一个80端口和22端口，指纹识别到cms是drupal。然后就卡住了，看了别的师傅说留意署名，以及刚开始作者提到的跳出框框，那就去搜一搜署名@DC7USER，发现了github账号，里面有源码用户密码泄露在config.php中拿到了用户名和密码 1234567<?php $servername = "localhost"; $username = "dc7user"; $password = "MdR3xOgB7#dW"; $dbname = "Staff"; $conn = mysqli_connect($servername, $username, $password, $dbname);?> 登录不了，试试ssh可以登录定时任务登录提示有邮件 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748dc7us ...

vulnhub-DC-6

发表于2024-11-21|更新于2024-11-21|渗透|vulnhub

vulnhub-DC-6信息收集老规矩，nmap扫一下 1234567891011121314151617181920212223242526└─# nmap -A -p1-65535 192.168.20.135Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-21 12:33 CSTNmap scan report for 192.168.20.135Host is up (0.0016s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0)| ssh-hostkey: | 2048 3e:52:ce:ce:01:b6:94:eb:7b:03:7d:be:08:7f:5f:fd (RSA)| 256 3c:83:65:71:dd:73:d7:23:f8:83:0d:e3:46:bc:b ...

vulnhub-DC-5

发表于2024-11-20|更新于2024-11-20|渗透|vulnhub

vulnhub-DC-5信息收集老样子，nmap扫一下 1234567891011121314151617181920212223242526272829303132333435└─# nmap -A -p1-65535 192.168.20.134Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-20 21:11 CSTNmap scan report for 192.168.20.134Host is up (0.0024s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE VERSION80/tcp open http nginx 1.6.2|_http-title: Welcome|_http-server-header: nginx/1.6.2111/tcp open rpcbind 2-4 (RPC #100000)| rpcinfo: | program version port/prot ...

vulnhub-DC-4

发表于2024-11-20|更新于2024-11-20|渗透|vulnhub

vulnhub-DC-4信息收集老规矩，nmap扫一下 1234567891011121314151617181920212223242526272829└─# nmap -A -p1-65535 192.168.20.133Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-20 16:22 CSTNmap scan report for 192.168.20.133Host is up (0.0016s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0)| ssh-hostkey: | 2048 8d:60:57:06:6c:27:e0:2f:76:2c:e6:42:c0:01:ba:25 (RSA)| 256 e7:83:8c:d7:bb:84:f3:2e:e8:a2:5f:79:6 ...

vulnhub-DC-3

发表于2024-11-14|更新于2024-11-14|渗透|vulnhub

vulnhub-DC-3信息收集老规矩nmap扫一下,忘记截图了，反正扫出来是有一个80端口的web服务，并且是joomla的管理系统cms 1nmap -A -p1-65535 192.168.20.131 网上搜一下，有很多版本的漏洞，不知道是什么版本，用joomscan这个工具扫一下 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455joomscan --url http://192.168.20.131 ____ _____ _____ __ __ ___ ___ __ _ _ (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__ ...

vulnhub-DC-2

发表于2024-11-13|更新于2024-11-13|渗透|vulnhub

vulnhub-DC-2信息收集还是用nmap扫一下端口 1234567891011121314151617181920212223242526272829└─# nmap -A -p1-65535 192.168.20.130Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-13 18:51 CSTNmap scan report for 192.168.20.130Host is up (0.0017s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION80/tcp open http Apache httpd 2.4.10 ((Debian))|_http-title: Did not follow redirect to http://dc-2/|_http-server-header: Apache/2.4.10 (Debian)7744/tcp open ssh OpenSSH 6.7p ...

vulnhub-DC-1

发表于2024-11-12|更新于2024-11-12|渗透|vulnhub

vulnhub-DC-1信息收集老规矩先用fscan扫一下 123456789101112131415161718192021└─# ./fscan -h 192.168.20.136 ___ _ / _ \ ___ ___ _ __ __ _ ___| | __ / /_\/____/ __|/ __| '__/ _` |/ __| |/ // /_\\_____\__ \ (__| | | (_| | (__| < \____/ |___/\___|_| \__,_|\___|_|\_\ fscan version: 1.8.4start infoscan192.168.20.136:80 open192.168.20.136:22 open[*] alive ports len is: 2start vulscan[*] WebTitle http://192.168.20.136 code:200 len ...

HMV-UP

发表于2024-11-10|更新于2024-11-10|渗透|HMV

HMV-UP信息收集先用fscan扫一下 123456789101112131415└─# ./fscan -h 192.168.20.132 ___ _ / _ \ ___ ___ _ __ __ _ ___| | __ / /_\/____/ __|/ __| '__/ _` |/ __| |/ // /_\\_____\__ \ (__| | | (_| | (__| < \____/ |___/\___|_| \__,_|\___|_|\_\ fscan version: 1.8.4start infoscan192.168.20.132:80 open[*] alive ports len is: 1start vulscan[*] WebTitle http://192.168.20.132 code:200 len:4489 title:RodGar - Subir Imag ...