https://www.vulnhub.com/entry/digitalworldlocal-mercy-v2,263/
nat网络
arp-scan -l 比平常多出来的ip就是靶机了
nmap
PORT STATE SERVICE REASON VERSION
22/tcp filtered ssh port-unreach ttl 64
53/tcp open domain syn-ack ttl 64 ISC BIND 9.9.5-3ubuntu0.17 (Ubuntu Linux)
| dns-nsid:
|_ bind.version: 9.9.5-3ubuntu0.17-Ubuntu
80/tcp filtered http port-unreach ttl 64
110/tcp open pop3 syn-ack ttl 64
| fingerprint-strings:
| DistCCD, JavaRMI, LANDesk-RC, NCP, NotesRPC, Radmin, Socks4, TerminalServer, WMSRequest, beast2, ibm-db2-das, ms-sql-s, mydoom, oracle-tns:
| +OK Dovecot (Ubuntu) ready.
| HELP4STOMP, OfficeScan:
| +OK Dovecot (Ubuntu) ready.
| -ERR Unknown command.
| -ERR Unknown command.
| Memcache, NessusTPv10, NessusTPv11, NessusTPv12, Verifier, VerifierAdvanced, WWWOFFLEctrlstat, firebird:
| +OK Dovecot (Ubuntu) ready.
| -ERR Unknown command.
| Socks5:
| +OK Dovecot (Ubuntu) ready.
| -ERR Unknown command.
| -ERR Unknown command.
|_ -ERR Unknown command.
|_pop3-capabilities: AUTH-RESP-CODE UIDL SASL RESP-CODES CAPA TOP STLS PIPELINING
|_ssl-date: TLS randomness does not represent time
139/tcp open netbios-ssn syn-ack ttl 64 Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp open imap syn-ack ttl 64 Dovecot imapd
|_imap-capabilities: listed more have Pre-login LOGIN-REFERRALS post-login STARTTLS IDLE LITERAL+ capabilities SASL-IR ENABLE ID IMAP4rev1 OK LOGINDISABLEDA0001
|_ssl-date: TLS randomness does not represent time
445/tcp open netbios-ssn syn-ack ttl 64 Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
993/tcp open ssl/imaps? syn-ack ttl 64
|_ssl-date: TLS randomness does not represent time
995/tcp open ssl/pop3s? syn-ack ttl 64
|_ssl-date: TLS randomness does not represent time
8080/tcp open http syn-ack ttl 64 Apache Tomcat/Coyote JSP engine 1.1
| http-methods:
| Supported Methods: GET HEAD POST PUT DELETE OPTIONS
|_ Potentially risky methods: PUT DELETE
|_http-open-proxy: Proxy might be redirecting requests
| http-robots.txt: 1 disallowed entry
|_/tryharder/tryharder
|_http-server-header: Apache-Coyote/1.1
|_http-title: Apache Tomcat
扫出很多端口
看到53要想到dns加地址,但是试了试这台靶机无效
22和80一个是ssh登录,一个是网页搜集信息。