hackmyvm
文章平均质量分 66
xdeclearn
这个作者很懒,什么都没留下…
展开
-
hackmyvm: logan2
browse port 80, find a sql injection.using sqlmap, we got a new domain: add the domain to the hosts, and visit. from the comments, it can be seen that there is a file inclusion.use this file inclusion and apache2’s log file, we can exec phpinfo(but ex原创 2023-10-10 19:35:39 · 207 阅读 · 0 评论 -
hackmyvm: juggling walkthrough
hackmyvm: juggling, md5 0e problem, php weak typing原创 2022-07-25 09:58:55 · 916 阅读 · 0 评论 -
hackmyvm: kitty walkthrough
一个稍微有点难的训练原创 2022-06-27 17:33:15 · 509 阅读 · 0 评论 -
hackmyvm: controller walkthrough
1. get first reverse shellvisit port 80, from the page http://192.168.85.135/index.php/2021/06/27/hola-mundo/ we get hint.use enum4linux to get samba shares, the we get the directory tester which we can visit without user and passwd.follow the hint原创 2021-10-13 14:05:06 · 385 阅读 · 3 评论 -
hackmyvm: again walkthrough
1. 命令执行获取shellPORT STATE SERVICE22/tcp open ssh80/tcp open http访问web,获得用户名和提示。下载 upload.bck.<?phpif (!isset($_FILES["myFile"])) { die("There is no file to upload.");}$filepath = $_FILES['myFile']['tmp_name'];$fileSize = filesize($fi原创 2021-10-12 11:33:18 · 222 阅读 · 0 评论 -
hackmyvm-random walkthrough
1. get reverse shellPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open httpbrowse port 80, get the user name eleanor and alan.crack ftp service, get the user eleanor's password.use sftp login as eleanor , get into the path /html and原创 2021-10-03 21:36:51 · 299 阅读 · 0 评论 -
hackmyvm: may walkthrough
hackmyvm: may walkthrough信息收集访问80,会跳转到域名may.hmv访问,这里需添加hosts访问。得到了一个用户明marie。爆破目录未果,于是爆破vhost。找到两个vhost,portal和ssh。添加hosts后访问portal.may.hmv。这个一个登录页面,会验证用户名和密码,尝试注入失败后,利用前面得到的用户名尝试爆破密码。得到密码rebelde并成功获取到了cookie,将这个cookie注入到http://ssh.may.hmv/check.原创 2021-08-12 13:42:29 · 425 阅读 · 0 评论 -
hackmyvm-bunny walkthrough
hackmyvm-buny walkthrough难度(作者评价):difficult信息收集PORT STATE SERVICE22/tcp open ssh80/tcp open http获取shell端口信息很少,常规操作,访问80,爆破目录。upload.php,password.txt,config.php都是没有实际含义的文本文件。phpinfo.php泄露了主机的相关信息。能想到的就是index.php是不是存在ssrf。于是利用ffuf对index.php进原创 2021-08-09 15:49:03 · 186 阅读 · 0 评论 -
hackmyvm-hopper walkthrough
hackmyvm: hopper信息收集到获取第一个shellPORT STATE SERVICE22/tcp open ssh80/tcp open http全端口扫描,先访问一下web服务。利用gobuster扫描目录找到目录advanced-search,这里存在ssrf。虚拟机有三个用户可以bash登录,root,edward,henry。经过简单测试,不能进行远程文件包含,估计是调用的curl_exec,关于php的ssrf利用一般情况下可以参看SSRF in PH原创 2021-08-05 22:38:43 · 349 阅读 · 1 评论