作业2025_3_29

Orange_Whistling

已于 2025-04-08 21:22:46 修改

阅读量643

点赞数 20

文章标签：网络安全

于 2025-04-07 03:35:23 首次发布

本文链接：https://blog.youkuaiyun.com/Orange_Whistling/article/details/147018233

版权

1.

爬取目标：https://www.wuwu0jc.wiki/

爬取过程：burp使用balanced模式扫描并审计

爬起结果站点树：

2.

扫描目标：LIBVIO

3.

第（1）题

截取登录数据包后爆破生日密码
爆破成功，密码时19730329

第(2)题

文件位置的寻找：在dirserach的默认爆破目录dirserach/db/dicc.txt 加上mageduC11.txt

进行资源扫描：

python dirsearch.py -u 124.221.131.194:8082 -r --cookie="PHPSESSID=56culm08f0olf99jllp9c6hqi5; security=impossible" -e txt --force-extensions                                         ─╯
/mnt/hgfs/SHARE/HACK_TOOLS/dirsearch/dirsearch_bypass403-0.2/dirsearch.py:35: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
  from pkg_resources import DistributionNotFound, VersionConflict

  _|. _ _  _  _  _ _|_    v0.4.3 by 鹏组安全
 (_||| _) (/_(_|| (_| )

Extensions: txt | HTTP method: GET | Threads: 25 | Wordlist size: 14452

Output File: /mnt/hgfs/SHARE/HACK_TOOLS/dirsearch/dirsearch_bypass403-0.2/reports/_124.221.131.194_8082/_25-04-06_19-32-28.txt

Target: http://124.221.131.194:8082/

[19:32:28] Starting:
[19:32:31] 403 -  303B  - /.ht_wsr.txt
[19:32:32] 403 -  306B  - /.htaccess.bak1
[19:32:32] 403 -  306B  - /.htaccess.save
[19:32:32] 403 -  306B  - /.htaccess.orig
[19:32:32] 403 -  307B  - /.htaccess_extra
[19:32:32] 403 -  306B  - /.htaccess_orig
[19:32:32] 403 -  304B  - /.htaccess_sc
[19:32:32] 403 -  308B  - /.htaccess.sample
[19:32:32] 403 -  304B  - /.htaccessBAK
[19:32:32] 403 -  304B  - /.htaccessOLD
[19:32:32] 403 -  305B  - /.htaccessOLD2
[19:32:32] 403 -  297B  - /.html
[19:32:32] 403 -  296B  - /.htm
[19:32:32] 403 -  303B  - /.httr-oauth
[19:32:32] 403 -  302B  - /.htpasswds
[19:32:32] 403 -  306B  - /.htpasswd_test
[19:32:33] 403 -  296B  - /.php
[19:32:34] 403 -  297B  - /.php3
[19:33:06] 200 -    7KB - /CHANGELOG.md
[19:33:08] 301 -  326B  - /config  ->  http://124.221.131.194:8082/config/
Added to the queue: config/
[19:33:08] 200 -  462B  - /config/
[19:33:10] 200 -   11KB - /COPYING.txt
[19:33:14] 200 -  492B  - /docs/
[19:33:15] 301 -  324B  - /docs  ->  http://124.221.131.194:8082/docs/
Added to the queue: docs/
[19:33:16] 200 -  477B  - /dvwa/
Added to the queue: dvwa/
[19:33:19] 200 -    1KB - /favicon.ico
[19:33:26] 403 -  298B  - /icons/
Added to the queue: icons/
[19:33:34] 200 -  698B  - /login.php
[19:33:47] 200 -  148B  - /php.ini
[19:33:56] 200 -    8KB - /README.md
[19:33:57] 200 -   26B  - /robots.txt
[19:34:00] 403 -  305B  - /server-status
[19:34:00] 403 -  306B  - /server-status/
Added to the queue: server-status/
[19:34:01] 200 -    1KB - /setup.php
[19:34:28] 200 -  156B  - /mageduC11.txt

找到密码字典，就在http://124.221.131.194:8082/根目录中

加入vulnerabilities/brute/页面使用turbo intruder插件进行密码爆破
爆破成功，密码是：magedu@c11

4.

首先前两步

1'            # 预测会报错
1 and 1=1     # 预测不会报错，且结果和输入1时一致

结果都符合预测的情况下，第三步

1 and 1=2

若他报错则是字符型；他不报错但没有输出，则是数字型