3-vulnhub Raven2
下载地址为:https://download.vulnhub.com/raven/Raven2.ova
本次的靶机ip为192.168.3.14(桥接模式自动获取)
目标:拿到4个flag
一、信息搜集
1.扫描ip
2.扫描端口,这里使用nmap:
nmap -p 1-65535 -sV 192.168.3.14
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-06 23:06 CST
Nmap scan report for 192.168.3.14
Host is up (0.00044s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u4 (protocol 2.0)
80/tcp open http Apache httpd 2.4.10 ((Debian))
111/tcp open rpcbind 2-4 (RPC #100000)
56310/tcp open status 1 (RPC #100024)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.31 seconds
3.扫描目录,这路使用dirb:
(进行分析结果发现有wordpress可以进行利用一波)
dirb http://192.168.3.14/
==> DIRECTORY: http://192.168.3.14/css/
==> DIRECTORY: http://192.168.3.14/fonts/
==> DIRECTORY: http://192.168.3.14/img/
+ http://192.168.3.14/index.html (CODE:200|SIZE:16819)
==> DIRECTORY: http://192.168.3.14/js/
==> DIRECTORY: http://192.168.3.14/manual/
+ http://192.168.3.14/server-status (CODE:403|SIZE:300)
==> DIRECTORY: http://192.168.3.14/vendor/
==> DIRECTORY: http://192.168.3.14/wordpress/
---- Entering directory: http://192.168.3.14/manual/ ----
这里扫出来好多,就不再依依进行描述!
4.相关信息
微件(Widgets) OWL Carousel
字体脚本 Google Font API Font Awesome
杂项 Pop