- 博客(27)
- 收藏
- 关注
RSS订阅原创 zimbra10.1.4补丁分析
zimbra近期更新了10.1.4补丁,对其中的三个安全问题进行了分析,供大家一起来学习安全,提升自己的安全开发意识。
2024-12-24 10:42:53
626
原创 hackmyvm: logan2
browse port 80, find a sql injection.using sqlmap, we got a new domain: add the domain to the hosts, and visit. from the comments, it can be seen that there is a file inclusion.use this file inclusion and apache2’s log file, we can exec phpinfo(but ex
2023-10-10 19:35:39
309
原创 高版本jdk下jetty servlet型内存马编写
高版本下jetty内存马编写的过程中,获取webappcontext对象出现了一些差异。本文通过跟踪处理流程,解决了高版本jdk条件下非嵌入式环境webappcontext获取的问题,成功实现了servlet型内存马的添加。通过这次学习,了解了java内存马的原理和实现,丰富了自己的知识面。...
2022-07-25 10:41:57
2152
原创 hackmyvm: juggling walkthrough
hackmyvm: juggling, md5 0e problem, php weak typing
2022-07-25 09:58:55
999
原创 hackmyvm: controller walkthrough
1. get first reverse shellvisit port 80, from the page http://192.168.85.135/index.php/2021/06/27/hola-mundo/ we get hint.use enum4linux to get samba shares, the we get the directory tester which we can visit without user and passwd.follow the hint
2021-10-13 14:05:06
452
3
原创 hackmyvm: again walkthrough
1. 命令执行获取shellPORT STATE SERVICE22/tcp open ssh80/tcp open http访问web,获得用户名和提示。下载 upload.bck.<?phpif (!isset($_FILES["myFile"])) { die("There is no file to upload.");}$filepath = $_FILES['myFile']['tmp_name'];$fileSize = filesize($fi
2021-10-12 11:33:18
288
原创 hackmyvm-random walkthrough
1. get reverse shellPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open httpbrowse port 80, get the user name eleanor and alan.crack ftp service, get the user eleanor's password.use sftp login as eleanor , get into the path /html and
2021-10-03 21:36:51
360
原创 VIKINGS: 1 vulnhub walkthrough
虚拟机地址 : https://www.vulnhub.com/entry/vikings-1,741/infomationPORT STATE SERVICE22/tcp open ssh80/tcp open http访问web。对目录site进行目录和文件爆破,发现了war.txt。➜ vikings gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://
2021-09-16 22:45:57
1725
原创 DarkHole: 2 vulnhub walkthrough
主机和端口发现:➜ ~ nmap -sn 192.168.143.0/24Host is up (0.00010s latency).Nmap scan report for 192.168.143.206➜ ~ nmap -T4 -v -p- 192.168.143.206PORT STATE SERVICE22/tcp open ssh80/tcp open http访问web服务,有一个登录页面:尝试注入失败,于是dirb爆破一下目录:发现了git目录,于是使用
2021-09-08 21:02:12
591
原创 hackmyvm: may walkthrough
hackmyvm: may walkthrough信息收集访问80,会跳转到域名may.hmv访问,这里需添加hosts访问。得到了一个用户明marie。爆破目录未果,于是爆破vhost。找到两个vhost,portal和ssh。添加hosts后访问portal.may.hmv。这个一个登录页面,会验证用户名和密码,尝试注入失败后,利用前面得到的用户名尝试爆破密码。得到密码rebelde并成功获取到了cookie,将这个cookie注入到http://ssh.may.hmv/check.
2021-08-12 13:42:29
507
原创 hackmyvm-bunny walkthrough
hackmyvm-buny walkthrough难度(作者评价):difficult信息收集PORT STATE SERVICE22/tcp open ssh80/tcp open http获取shell端口信息很少,常规操作,访问80,爆破目录。upload.php,password.txt,config.php都是没有实际含义的文本文件。phpinfo.php泄露了主机的相关信息。能想到的就是index.php是不是存在ssrf。于是利用ffuf对index.php进
2021-08-09 15:49:03
229
原创 hackmyvm-hopper walkthrough
hackmyvm: hopper信息收集到获取第一个shellPORT STATE SERVICE22/tcp open ssh80/tcp open http全端口扫描,先访问一下web服务。利用gobuster扫描目录找到目录advanced-search,这里存在ssrf。虚拟机有三个用户可以bash登录,root,edward,henry。经过简单测试,不能进行远程文件包含,估计是调用的curl_exec,关于php的ssrf利用一般情况下可以参看SSRF in PH
2021-08-05 22:38:43
401
1
原创 MOMENTUM: 2 vulnhub walkthrough
信息Momentum2.ova (Size: 698 MB)Download (Mirror): https://download.vulnhub.com/momentum/Momentum2.ovaDownload (Torrent): https://download.vulnhub.com/momentum/Momentum2.ova.torrent ( Magnet)端口扫描和目录扫描PORT STATE SERVICE22/tcp open ssh80/tcp open
2021-07-19 21:09:47
432
2
原创 Orasi: 1 vulnhub walkthrough
下载地址:http://www.vulnhub.com/entry/orasi-1,660/Hint :just one useless little dot0x01 信息收集到获取shell端口扫描:使用anonymous访问ftp,获取到一个文件:url。该文件为一个共享连接库。先看看main函数:于是将insert中的每一个字符转换为acsii码,得到一串字符/sh4d0w$s,看起来像是url。访问80端口,得到一串奇怪的字符,看着有点像口令字典工具crunch的参数,等一下还有用。
2021-03-11 16:59:33
1527
原创 Alfa: 1 vulnhub walkthrough
信息页:http://www.vulnhub.com/entry/alfa-1,655/关键字:Enumeration | Web Application | Brute Force | Privilege Escalation0x01 端口扫描PORT STATE SERVICE21/tcp open ftp80/tcp open http139/tcp open netbios-ssn445/tcp open microsoft-ds65111/tc
2021-03-10 11:46:37
482
原创 Phonebook
Phonebook新的改变我们对Markdown编辑器进行了一些功能拓展与语法支持,除了标准的Markdown编辑器功能,我们增加了如下几点新功能,帮助你用它写博客:全新的界面设计 ,将会带来全新的写作体验;在创作中心设置你喜爱的代码高亮样式,Markdown 将代码片显示选择的高亮样式 进行展示;增加了 图片拖拽 功能,你可以将本地的图片直接拖拽到编辑区域直接展示;全新的 KaTeX数学公式 语法;增加了支持甘特图的mermaid语法1 功能;增加了 多屏幕编辑 Markdown文章功能
2021-01-08 16:49:09
219
原创 Warzone: 3 (Exogen) vulnhub walkthrough
Warzone: 3 (Exogen)vulnhub地址:http://www.vulnhub.com/entry/warzone-3-exogen,606/0x01 信息收集到获取shellPORT STATE SERVICE VERSION21/tcp open ftp vsftpd 3.0.322/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)4444/tcp op
2020-12-03 21:29:12
932
原创 Shuriken: 1 vulnhub walkthrough
Shuriken: 1vulnhub地址:http://www.vulnhub.com/entry/shuriken-1,600/0x01 信息收集到获取shell服务器只开放了80端口,dirb爬取目录。==> DIRECTORY: http://192.168.56.121/css/ ==> DIRECTORY: http://192.168.56.121/img/
2020-12-03 13:46:11
1259
原创 Masashi: 1 vulnhub walkthrough
Masashi: 1虚拟机信息:http://www.vulnhub.com/entry/masashi-1,599/0x01. 信息收集获取shellPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)80/tcp open http Apache httpd 2.4.38 ((Debian))tcp端口只开放了22和80,访问80为apache
2020-12-02 10:39:16
381
1
原创 Praying: 1 vulnhub walkthrough
Praying: 1虚拟机信息:http://www.vulnhub.com/entry/praying-1,575/1. 获取shell80/tcp open http Apache httpd 2.4.41 ((Ubuntu))服务器只开放了80端口,访问后为apache默认页面,于是用dirb跑了一下目录,发现了admin目录。==> DIRECTORY: http://192.168.56.105/admin/发现后发现为mantis的登陆页面测
2020-11-26 21:54:27
435
原创 GreenOptic: 1 vulnhub walkthrough
GreenOptic: 1下载地址:http://www.vulnhub.com/entry/greenoptic-1,510/1. 端口扫描开放端口信息,系统为centos7。PORT STATE SERVICE VERSION21/tcp open ftp vsftpd 3.0.222/tcp open ssh OpenSSH 7.4 (protocol 2.0)53/tcp open domain ISC BIND 9.11.4-P2
2020-11-24 21:09:55
798
原创 Warzone: 2 vulnhub walkthrough
Warzone: 2下载地址: http://www.vulnhub.com/entry/warzone-2,598/获取shell端口扫描结果:PORT STATE SERVICE VERSION21/tcp open ftp vsftpd 3.0.322/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)1337/tcp open tcpwrapped使用anon
2020-11-16 15:39:27
582
原创 SECARMY VILLAGE: GRAYHAT CONFERENCE vulnhub walkthrough
SECARMY VILLAGE: GRAYHAT CONFERENCE虚拟机地址:https://download.vulnhub.com/secarmyvillage/SECARMY-VILLAGE-OSCP-GIVEAWAY.ova主机探测、端口扫描这里就省略了,每次都写显得冗余了。flag1访问80端口,没有什么有价值信息,先dirb跑一下目录---- Scanning URL: http://192.168.132.141/ ----==> DIRECTORY: http://19
2020-11-14 23:10:04
2343
原创 Money Heist: 1 vulnhub walkthrough
Money Heist: 1虚拟机页面:http://www.vulnhub.com/entry/money-heist-1,592/Description“The Professor” has a plan to pull off the biggest heist in recorded history – to print billions of Flags . To help him carry out the ambitious plan, he recruits eight people
2020-10-30 22:31:09
747
原创 Warzone: 1 vulnhub walkthrough
Warzone: 1虚拟机页面:http://www.vulnhub.com/entry/warzone-1,589/DescriptionInfo : Created and Tested in Virtual Box, maybe you need to write codeBased on : CryptoScenario : You are trying to gain access to the enemy systemMission : Your mission is to ge
2020-10-27 13:45:49
1021
原创 IA: Nemesis (1.0.1) vulnhub walkthrough
文章目录IA: Nemesis (1.0.1)服务探测web渗透测试获取第二个flag提权至root获取第三个flag参考IA: Nemesis (1.0.1)虚拟机页面:http://www.vulnhub.com/entry/ia-nemesis-101,582/DescriptionDifficulty: Intermediate to HardGoal: Get the root shell and read all the 3 flags.Information: You need
2020-10-27 13:37:55
2183
1
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人