热门标签
热门文章
- 1【VSCode】VScode 配置 Linux 驱动环境(简单版)_linux vscode
- 205_动态sql_动态sql与关联映射习题
- 3HarmonyOS构建第一个ArkTS应用(FA模型)_harmony os3.0.0的 sdk 选哪个
- 4YOLOv8改进 | 图像去雾 | 利用图像去雾网络UnfogNet辅助YOLOv8进行图像去雾检测(全网独家首发)
- 5关于Clang
- 6Uniapp浙政钉埋点_浙政钉 埋点 signkey 从哪里获取
- 7services.gradle.org的替代址
- 8固态存储是未来|浅析SSD架构的演进与创新技术-1
- 9鸿蒙开发路由跳转踩坑_鸿蒙页面无法跳转
- 10ISCE2StaMPS全流程
当前位置: article > 正文
https://app.hackthebox.com/machines/Soccer_xxp113,com
作者:从前慢现在也慢 | 2024-03-08 19:11:43
赞
踩
xxp113,com
https://app.hackthebox.com/machines/Soccer
┌──(kwkl㉿kwkl)-[~]
└─$ cat /etc/hosts 1 ⨯
127.0.0.1 localhost
127.0.1.1 kwkl.kwkl kwkl
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.129.187.153 unika.htb
10.129.187.172 thetoppers.htb
10.129.187.172 s3.thetoppers.htb
#10.129.235.232 megacorp.com
#
#
10.10.11.196 stocker.htb
10.10.11.196 dev.stocker.htb
10.10.11.194 soccer.htb
┌──(kwkl㉿kwkl)-[~/桌面/burp]
└─$ nmap -A 10.10.11.194 -T4 130 ⨯
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 22:46 HKT
Nmap scan report for 10.10.11.194 (10.10.11.194)
Host is up (0.99s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 ad0d84a3fdcc98a478fef94915dae16d (RSA)
| 256 dfd6a39f68269dfc7c6a0c29e961f00c (ECDSA)
|_ 256 5797565def793c2fcbdb35fff17c615c (ED25519)
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
9091/tcp open xmltec-xmlmail?
| fingerprint-strings:
| informix:
| HTTP/1.1 400 Bad Request
|_ Connection: close
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port9091-TCP:V=7.93%I=7%D=3/3%Time=640208C3%P=x86_64-pc-linux-gnu%r(inf
SF:ormix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\
SF:n\r\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 255.63 seconds
┌──(kwkl㉿kwkl)-[~/桌面/burp]
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
┌──(kwkl㉿kwkl)-[~]
└─$ gobuster dir -u soccer.htb -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt 1 ⨯
===============================================================
Gobuster v3.2.0-dev
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://soccer.htb
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.2.0-dev
[+] Timeout: 10s
===============================================================
2023/03/04 11:51:23 Starting gobuster in directory enumeration mode
===============================================================
/tiny (Status: 301) [Size: 178] [--> http://soccer.htb/tiny/]
Progress: 9478 / 87665 (10.81%)^C
[!] Keyboard interrupt detected, terminating.
===============================================================
2023/03/04 12:04:41 Finished
===============================================================
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
search exploit
How to use
Download ZIP with latest version from master branch.
Just copy the tinyfilemanager.php to your webspace - thats all
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/211748
推荐阅读
相关标签
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。
