摘要:
Sliver介绍 Sliver 是一个开源的跨平台对手仿真/红队框架,各种规模的组织都可以使用它来执行安全测试。Sliver 的植入物支持 C2 over Mutual TLS (mTLS)、WireGuard、HTTP(S) 和 DNS,并使用每个二进制非对称加密密钥进行动态编译。 服务器和客户端 阅读全文
摘要:
此靶机来源于HackMyVm,下载地址:https://hackmyvm.eu/ 0x000 信息收集 主机探测 netdiscover -r 192.168.1.0/24 端口扫描 nmap -sS -sV -T4 -A -p 1-65535 192.168.1.106 22 ssh # 处于过滤 阅读全文
摘要:
此靶机来源于HackMyVm,下载地址:https://hackmyvm.eu/ 0x000 信息收集 主机探测 netdiscover -r 192.168.1.0/24 端口扫描 nmap -sS -sV -T4 -A -p 1-65535 192.168.1.106 22 ssh 80 htt 阅读全文
摘要:
0x000 信息收集 端口扫描 nmap -sT -T4 -A 10.129.240.13 22 ssh 6789 ibm-db2-admin 8080 http-proxy 8443 UniFi Network 访问8443端口,发现是一个UniFi network管理页面;并且发现版本是6.4. 阅读全文
摘要:
0x000 信息收集 端口扫描 nmap -sT -T4 -A 10.129.5.199 访问80端口,显示的是一个后台登陆界面,先放一放。 0x001 漏洞利用 ftp匿名访问 前面扫描到了ftp,存在匿名访问漏洞,发现存在backup.zip,下载到本地;解压发现需要密码。 fcrackzip 阅读全文
摘要:
TASK 1 用什么样的工具可以拦截网络流量? TASK 2 返回登录页面的 Web 服务器上目录的路径是什么? 前面这两个提示,说明是要抓包进行查看,在相应包中发现/cdn-cgi/login 访问一下,是后台登陆界面。 TASK 3 可以在 Firefox 中修改什么以访问上传页面? 这里抓包或 阅读全文
摘要:
TASK 1 哪个 TCP 端口托管数据库服务器? nmap -sT -T4 -A 10.129.187.165 TASK 2 SMB 上可用的非管理共享的名称是什么? smbclient -N -L \\\\10.129.187.165\\ TASK 3 SMB 共享文件中标识的密码是什么? sm 阅读全文
摘要:
0x000 靶场描述 this challenge is geared towards the beginner. It is however different. Added a few more steps and a new skill set is required. Still being 阅读全文
摘要:
0x000 靶场描述 Does penetration testing spark joy? If it does, this machine is for you. This machine is full of services, full of fun, but how many ways a 阅读全文
摘要:
TASK 1 有多少个 TCP 端口是开放的? nmap -sT -A 4 10.129.206.61 TASK 2 网站“联系方式”部分提供的电子邮件地址的域名是什么? 访问网站,找联系方式部分就行。 TASK 3 在没有 DNS 服务器的情况下,我们可以使用哪个 Linux 文件将主机名解析为 阅读全文
摘要:
环境启动参考:https://help.hackthebox.com/en/articles/5185687-introduction-to-lab-access TASK 1 使用 IP 地址访问 Web 服务时,我们被重定向到的域是什么? 使用IP地址访问查看,顺便添加到hosts文件,没什么可 阅读全文
摘要:
0x000 靶场描述 This machine reminds us of a DEVELOPMENT environment: misconfigurations rule the roost. This is designed for OSCP practice, and the origina 阅读全文
摘要:
0x000 靶场描述 MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance w 阅读全文
摘要:
0x000 靶场描述 This is the evil twin of JOY. Unlike JOY, this machine is designed to drive you crazy. Stephen Hawking once mentioned, "God plays dice and 阅读全文
摘要:
0x000 靶场描述 To celebrate the fifth year that the author has survived his infosec career, a new box has been born! This machine resembles a few differen 阅读全文
摘要:
0x000 靶场描述 2021 brings us the VENGEANCE of digitalworld.local! A box born out of COVID-19. This machine was built whilst the author was mulling over l 阅读全文
摘要:
0x000 靶场描述 This box should be easy . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/tsEQqDJh) The box was created wi 阅读全文
摘要:
0x000 靶场描述 The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You'll see the IP right on the login scre 阅读全文
摘要:
0x000 靶场描述 The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You'll see the IP right on the login scre 阅读全文
摘要:
0x000 靶场描述 This box created for improvement of Linux privileged escalation, I hope so you guys enjoy. The box was created with Virtualbox ,but it shou 阅读全文