当前位置:   article > 正文

2021-10-074号靶场转自y神的学习笔记(net渗透,sockcap,msf多重网段渗透,os-shell,验证码重放,C#解密,wfuzz穷举subdomain)_http-robots.txt: 1 disallowed entry

http-robots.txt: 1 disallowed entry

   

 

欢迎大家一起来Hacking水友攻防实验室学习,渗透测试,代码审计,免杀逆向,实战分享,靶场靶机,求关注

  1. masscan扫描

kali@kali:~$ sudo masscan -p 1-65535 192.168.0.134 --rate=1000

[sudo] kali 的密码:

Starting masscan 1.0.5 (http://bit.ly/14GZzcT) at 2020-04-22 05:28:53 GMT

 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth

Initiating SYN Stealth Scan

Scanning 1 hosts [65535 ports/host]

Discovered open port 49154/tcp on 192.168.0.134                                

Discovered open port 21/tcp on 192.168.0.134                                  

Discovered open port 6588/tcp on 192.168.0.134                                

Discovered open port 135/tcp on 192.168.0.134                                 

Discovered open port 80/tcp on 192.168.0.134                                  

Discovered open port 3389/tcp on 192.168.0.134                                

Discovered open port 53/tcp on 192.168.0.134                                  

Discovered open port 999/tcp on 192.168.0.134                                 

Discovered open port 49155/tcp on 192.168.0.134         

  1. nmap探测端口信息

kali@kali:~$ nmap -sC -A -p 49151,21,6588,13,80,3389,53,999,49122 192.168.0.134 -oA cc123-port

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-22 01:32 EDT

Nmap scan report for 192.168.0.134

Host is up (0.00094s latency).

PORT      STATE    SERVICE            VERSION

13/tcp    filtered daytime

21/tcp    open     ftp                Microsoft ftpd

| ftp-syst:

|_  SYST: Windows_NT

53/tcp    open     domain             Microsoft DNS 6.1.7601 (1DB1446A) (Windows Server 2008 R2 SP1)

| dns-nsid:

|_  bind.version: Microsoft DNS 6.1.7601 (1DB1446A)

80/tcp    open     http               Microsoft IIS httpd 7.5

| http-methods:

|_  Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/7.5

|_http-title: IIS7

999/tcp   open     http               Microsoft IIS httpd 7.5

| http-methods:

|_  Potentially risky methods: TRACE

| http-robots.txt: 1 disallowed entry

|_/

|_http-server-header: Microsoft-IIS/7.5

|_http-title: phpMyAdmin

3389/tcp  open     ssl/ms-wbt-server?

|_ssl-date: 2020-04-22T05:32:53+00:00; 0s from scanner time.

6588/tcp  open     http               Microsoft IIS httpd 7.5

| http-cookie-flags:

|   /:

|     ASPSESSIONIDAATDDDCD:

|_      httponly flag not set

| http-methods:

|_  Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/7.5

|_http-title: \xBB\xA4\xCE\xC0\xC9\xF1\xA1\xA4\xD6\xF7\xBB\xFA\xB4\xF3\xCA\xA6 V3.5.1 - \xC7\xB0\xCC\xA8\xB5\xC7\xC2\xBC

49122/tcp filtered unknown

49151/tcp filtered unknown

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2:sp1

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 90.75 seconds

kali@kali:~$ nmap -sC -A -p 49151,21,6588,135,80,3389,53,999,49122 192.168.0.134 -oA cc123-port

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-22 01:34 EDT

Nmap scan report for 192.168.0.134

Host is up (0.00072s latency).

PORT      STATE    SERVICE            VERSION

21/tcp    open     ftp                Microsoft ftpd

| ftp-syst:

|_  SYST: Windows_NT

53/tcp    open     domain             Microsoft DNS 6.1.7601 (1DB1446A) (Windows Server 2008 R2 SP1)

| dns-nsid:

|_  bind.version: Microsoft DNS 6.1.7601 (1DB1446A)

80/tcp    open     http               Microsoft IIS httpd 7.5

| http-methods:

|_  Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/7.5

|_http-title: IIS7

135/tcp   open     msrpc              Microsoft Windows RPC

999/tcp   open     http               Microsoft IIS httpd 7.5

| http-methods:

|_  Potentially risky methods: TRACE

| http-robots.txt: 1 disallowed entry

|_/

|_http-server-header: Microsoft-IIS/7.5

|_http-title: phpMyAdmin

3389/tcp  open     ssl/ms-wbt-server?

|_ssl-date: 2020-04-22T05:35:26+00:00; 0s from scanner time.

6588/tcp  open     http               Microsoft IIS httpd 7.5

| http-cookie-flags:

|   /:

|     ASPSESSIONIDAATDDDCD:

|_      httponly flag not set

| http-methods:

|_  Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/7.5

|_http-title: \xBB\xA4\xCE\xC0\xC9\xF1\xA1\xA4\xD6\xF7\xBB\xFA\xB4\xF3\xCA\xA6 V3.5.1 - \xC7\xB0\xCC\xA8\xB5\xC7\xC2\xBC

49122/tcp filtered unknown

49151/tcp filtered unknown

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2:sp1

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 90.23 seconds

  1. 端口的一些信息

  1. host的绑定

C:\Windows\System32\drivers\etc

192.168.0.134 www.cc123.com

注意主机好像不行,要在虚拟机里面才可以。

  1. 设置网关

kali@kali:~$ wfuzz -w /usr/share/amass/wordlists/subdomains-top1mil-5000.txt -u cc123.com -H "Host:FUZZ.cc123.com"  --hw 53

Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.

********************************************************

* Wfuzz 2.4 - The Web Fuzzer                           *

********************************************************

Target: http://cc123.com/

Total requests: 5000

===================================================================

ID           Response   Lines    Word     Chars       Payload                                                                                             

===================================================================

000000030:   200        461 L    1272 W   22640 Ch    "new"                                                                                              

000000001:   200        969 L    2160 W   43741 Ch    "www"                                                                                              

000001176:   200        969 L    2160 W   43741 Ch    "WWW"                                                                                               

000002700:   400        6 L      26 W     334 Ch      "m."                                                                                               

000002795:   400        6 L      26 W     334 Ch      "ns2.cl.bellsouth.net."                                                                             

000002883:   400        6 L      26 W     334 Ch      "ns1.viviotech.net."                                                                                

000002885:   400        6 L      26 W     334 Ch      "ns2.viviotech.net."                                                                               

000003050:   400        6 L      26 W     334 Ch      "ns3.cl.bellsouth.net."                                                                             

000004081:   400        6 L      26 W     334 Ch      "ferrari.fortwayne.com."                                                                            

000004082:   400        6 L      26 W     334 Ch      "jordan.fortwayne.com."                                                                            

000004083:   400        6 L      26 W     334 Ch      "quatro.oweb.com."                                                                                  

000000267:   200        931 L    1878 W   30822 Ch    "ww2"

子域名

http://www.cc123.com

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/2023面试高手/article/detail/249389
推荐阅读
相关标签
  

闽ICP备14008679号