基本和granny差不多
预备知识
nikto、nmap、iis6.0的webdav
windows低权限用户可写的目录
CVE:2017-7269、巴西烤肉(churrasco.exe)
信息收集和获取立足点
先探测端口服务
nmap 10.10.10.14
只开了一个80的http,先浏览器访问一下
只是一个报错页面,nikto探测一下
nikto -h http://10.10.10.14
输出结果,可以看到是iis6.0,而且有DAV还有MicrosoftOfficeWebServer
+ Server: Microsoft-IIS/6.0
+ Retrieved microsoftofficewebserver header: 5.0_Pub
+ Retrieved x-powered-by header: ASP.NET
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ Uncommon header 'microsoftofficewebserver' found, with contents: 5.0_Pub
+ The X-Content-Type-Options header is not set. This could allow the user agent to render