免责声明
本文渗透的主机经过合法授权。本文使用的工具和方法仅限学习交流使用,请不要将文中使用的工具和渗透思路用于任何非法用途,对此产生的一切后果,本人不承担任何责任,也不对造成的任何误用或损害负责。
服务探测
┌──(root💀kali)-[~/tryhackme/Blueprint]
└─# nmap -sV -Pn 10.10.3.110
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-16 03:34 EST
Stats: 0:02:38 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 69.23% done; ETC: 03:37 (0:00:29 remaining)
Nmap scan report for 10.10.3.110
Host is up (0.47s latency).
Not shown: 987 closed ports
PORTSTATE SERVICEVERSION
80/tcpopenhttp Microsoft IIS httpd 7.5
135/tcp openmsrpcMicrosoft Windows RPC
139/tcp opennetbios-ssnMicrosoft Windows netbios-ssn
443/tcp openssl/http Apache httpd 2.4.23 (OpenSSL/1.0.2h PHP/5.6.28)
445/tcp openmicrosoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
3306/tcpopenmysqlMariaDB (unauthorized)
8080/tcpopenhttp Apache httpd 2.4.23 (OpenSSL/1.0.2h PHP/5.6.28)
49152/tcp openmsrpcMicrosoft Windows RPC
49153/tcp openmsrpcMicrosoft Windows RPC
49154/tcp openmsrpcMicrosoft Windows RPC
49158/tcp openmsrpcMicrosoft Windows RPC
49159/tcp openmsrpcMicrosoft Windows RPC
49160/tcp openmsrpcMicrosoft Windows RPC
Service Info: Hosts: www.example.com, BLUEPRINT, localhost; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 172.68 seconds
服务分析
可以看到开了3个http服务,一个共享服务以及若干rpc服务
浏览器依次打开80和443端口服务,首页都报错。
8080服务显示有一个叫oscommerce的