MoonlitSyntax

Beginner level
Beginner level
发表于 | TryHackMe
nmap -sC -sV 10.10.195.244 (base)Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-26 16:41 CSTNmap scan report for 10.10.195.244Host is up (0.29s latency).Not shown: 997 filtered tcp ports (no-response)PORT STATE SERVICE VERSION21/tcp open ftp vsftpd 3.0.3| ftp-syst:| STAT:| FTP server status:| Connected to ::ffff:10.14.69.58| Logged in as ftp| TYPE: ASCII| No session bandwi ...
Basic Penetration Testing
Basic Penetration Testing
发表于 | TryHackMe
先扫nmap -sC -sV 10.10.148.18 enum4linux用来枚举windows和linux的smb服务 这里我没爆破出来,但是wp爆破出来有kay和jan hydra -l jan -P /usr/share/wordlists/rockyou.txt 10.10.148.18 ssh -t 4爆破ssh密码 armando ssh上去可以发现有一个kay用户 可以抓到他的私钥 -----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: AES-128-CBC,6ABA7DE35CDB65070B92C1F760E2FE75IoNb/J0q2Pd56EZ23oAaJxLvhuSZ1crRr4ONGUAnKcRxg3+9vn6xcujpzUDuUtlZo9dyIEJB4wUZTueBPsmb487RdFVkTOVQrVHty1K2aLy2Lka2Cnfjz8Llv+FMadsNXRvjw/HRiGcXPY8B7nsA1eiPYrPZHIH3QOFIYlSPMYv79RC65i6frkDSvxXzbd ...
Pickle Rick
Pickle Rick
发表于 | TryHackMe
上来先扫 扫完了之后访问那几个, robots.txt里的是Wubbalubbadubdub一开始以为没什么用,后来发现是密码,不要放过任何可能的信息!!! 用户名在80端口的页面的注释里,R1ckRul3s 登录上去是个命令执行的 过滤的很少,只有6个,大概是cat less head之类读文件的,问题不大\绕过即可 三个flag分别在,本目录,/home/*/*,/root/*,最后一个是sudo -l发现不需要密码,于是sudo ca\t,最后一个cat *的会出问题,不知道为什么,只有写对文件名才有
Agent sudo
Agent sudo
发表于 | TryHackMe
扫描,发现ftp端口 80端口 Agent那里改成C的时候跳转了,提示ftp弱密码 hydra -l chris -P /Users/dionysus/CTF/tools/rockyou.txt ftp://10.10.0.200 爆破出来链接上去,之后mget *全部拉取下来 根据txt的提示,查看图片信息 binwalk一下发现 DECIMAL HEXADECIMAL DESCRIPTION--------------------------------------------------------------------------------868 0x364 Zlib compressed data, best compression34817 0x8801 End of Zip archive, footer length: 22 binwalk -e,分离,查看_cutie.png.extracted 因为某些原因,报菜名了 binwalk -e cutie.png zip2 ...
AttacktiveDirect
AttacktiveDirect
发表于 | TryHackMe
起手就是一个nmap -sC -sV 10.10.240.107 带上Pn可能会更快些 nmap -sC -sV 10.10.240.107 (base)Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-26 19:56 CSTNmap scan report for 10.10.240.107Host is up (0.22s latency).Not shown: 987 closed tcp ports (conn-refused)PORT STATE SERVICE VERSION53/tcp open domain Simple DNS Plus80/tcp open http Microsoft IIS httpd 10.0| http-methods:|_ Potentially r ...
Osint
Osint
发表于 | TryHackMe
exiftool一下,发现copyright有个人,百度一下 然后去wigle.net找这个Bssid,但是好像太久远,已经过期了 UnileverWifi github找到邮箱OWoodflint@gmail.com 然后找到他的WordPress博客,查看博客源代码,找到这个 下面这个没什么用 %% 经纬度 54 deg 17' 41.27" N, 2 deg 15' 1.33" W %%
Metasploit Introduction
Metasploit Introduction
发表于 | TryHackMe
search search type:auxiliary telnet info RHOSTS 远程主机 还可以用文件 LHOSTS本地IP LPORT 反向shell连接的端口 setg就是全局set background进入后台 或者Ctrl + z sessions查看现有会话 sessions -i 1切换会话 扫描 search portscan 0 auxiliary/scanner/portscan/ftpbounce normal No FTP Bounce Port Scanner1 auxiliary/scanner/natpmp/natpmp_portscan normal No NAT-PMP External Port Scanner2 auxiliary/scanner/sap/sap_router_portscanner normal No SAPRouter Po ...
Anthem VM
Anthem VM
发表于 | TryHackMe
robots.txt UmbracoIsTheBest! 百度一下 直接rdp上去了 看隐藏文件,backup里有admin密码,rdp太卡了 evil-winrm -i 10.10.161.93 -u administrator -p ChangeMeBaby1MoreTime
CTF collection Vol.1
CTF collection Vol.1
发表于 | TryHackMe
steghide info Extinction.jpg 查看数据 steghide extract -sf Extinction.jpg 提取 简单逆向 r2 文件[0x00001060]> aaaINFO: Analyze all flags starting with sym. and entry0 (aa)INFO: Analyze all functions arguments/locals (afva@@@F)INFO: Analyze function calls (aac)INFO: Analyze len bytes of instructions for references (aar)INFO: Finding and parsing C++ vtables (avrr)INFO: Type matching analysis for all functions (aaft)INFO: Propagate noreturn information (aanr)INFO: Use -AA or aaaa to perform additional experi ...
Chill Hack
Chill Hack
发表于 | TryHackMe
目录扫描,secret里有命令执行,bash -c ' xxxx '反弹个shell上线 www-data@ubuntu:/var/www/html$ cd /homecd /homewww-data@ubuntu:/home$ lslsanurodh apaar aurickwww-data@ubuntu:/home$ cd anurodh cd anurodhbash: cd: anurodh: Permission deniedwww-data@ubuntu:/home$ lslsanurodh apaar aurickwww-data@ubuntu:/home$ cd apaarcd apaarwww-data@ubuntu:/home/apaar$ lslslocal.txtwww-data@ubuntu:/home/apaar$ cat local.txtcat local.txtcat: local.txt: Permission deniedwww-data@ubuntu:/home/apaar$ ls -alls -altotal 44drwxr-xr-x ...
Lian_Yu
Lian_Yu
发表于 | TryHackMe
爆破 再爆破,发现.ticket后缀,再爆破 gobuster dir -u 10.10.13.232/island/2100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .ticket 扫到这个/green_arrow.ticket RTy8yhBQdscX base58解密!#th3h00d,…有什么毛病 用户名在注释里,vigilante 三个图片,又要补文件头 8950 4e47 0d0a 1a0a 没看懂 额,就是密码是password This is your visa to Land on Lian_Yu # Just for Fun ***a small Note about itHaving spent years on the island, Oliver learned how to be resourceful and set booby traps all over the island in the common event he ran into dangerou ...
h4cked
h4cked
发表于 | TryHackMe
Reptile 一款LKM Linux rootkit后门 chmod 777 shell脚本 然后直接提权
avatar
dionysus
我醉欲眠卿且去
文章
306
标签
10
分类
8
此心安处
公告
最新文章
离开贴吧
离开贴吧
有点难受
有点难受
梦
复习一下反序列化 cc1-cc7
复习一下反序列化 cc1-cc7
Fastjson
Fastjson
分类
标签
awdMacwebtoolsjavanodejspython审计sqlxss
归档