HackTheBox - AKERVA (Fortresses)

靶机信息
名称	AKERVA
IP	10.13.37.11
类型	Fortresses
网址	https://app.hackthebox.com/fortresses/2
价格	Free

Introduction:
This fun fortress from Akerva features a gradual learning curve. It teaches about common developer mistakes while also introducing a very interesting web vector. Prepare to take your skills to the next level!

端口扫描

TCP扫描

Starting Nmap 7.93 ( https://nmap.org ) at 2024-03-07 05:05 GMT
Nmap scan report for 10.13.37.11
Host is up (0.074s latency).

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 0de441fd9fa9074d25b4bd5d26cc4fda (RSA)
|   256 f76551e039372c817fb555bd639c82b5 (ECDSA)
|_  256 2861d35ab939f25bd7105a67ee81a85e (ED25519)
80/tcp   open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-generator: WordPress 5.4-alpha-47225
|_http-title: Root of the Universe – by @lydericlefebvre & @akerva_fr
5000/tcp open  http    Werkzeug httpd 0.16.0 (Python 2.7.15+)
|_http-server-header: Werkzeug/0.16.0 Python/2.7.15+
| http-auth: 
| HTTP/1.0 401 UNAUTHORIZED\x0D
|_  Basic realm=Authentication Required
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

UDP扫描

└──╼ #nmap -sU -T5 10.13.37.11
Starting Nmap 7.93 ( https://nmap.org ) at 2024-03-07 05:41 GMT
Warning: 10.13.37.11 giving up on port because retransmission cap hit (2).
Nmap scan report for 10.13.37.11
Host is up (0.074s latency).
Not shown: 891 open|filtered udp ports (no-response), 108 closed udp ports (port-unreach)
PORT    STATE SERVICE
161/udp open  snmp

指纹识别

 ___ _  _ ____ ____ ____ _  _
|    |\/| [__  |___ |___ |_/  by @r3dhax0r
|___ |  | ___| |___ |___ | \_ Version 1.1.3 K-RONA


 [+]  Deep Scan Results  [+]
 ┏━Target: 10.13.37.11