热门标签
热门文章
- 1推荐15个免费B2B网站平台,免费B2B信息发布网站名称_b2b免费网站
- 2mysql启动时遇到:本地计算机上的MySQL服务启动后停止
- 3Java连接SQL Server报错com.microsoft.sqlserver.jdbc.SQLServerException: 驱动程序无法通过使用安全套接字层(SSL)加密与 SQL_java连接sql server报ssl错误
- 4Linux安全配置基线检查文档_配置类基线检查文档
- 5国外的Claude3.5 Sonnet Artifacts和国内的CodeFlying孰强孰弱?_claude artifacts
- 6导热界面材料选用及仿真建模方法
- 7个人看点
- 8STM32使用HAL库驱动EMMC挂载FATFS文件系统_stm32 emmc
- 9白盒测试:如何进行代码级别的检测?
- 10win7 powershell 闪退解决
当前位置: article > 正文
Crossbow - hackmyvm
作者:空白诗007 | 2024-08-17 18:18:12
赞
踩
Crossbow - hackmyvm
简介
靶机名称:Crossbow
难度:中等
靶场地址:https://hackmyvm.eu/machines/machine.php?vm=Crossbow
本地环境
虚拟机:vitual box
靶场IP(Crossbow):192.168.130.63
windows_IP:192.168.130.158
kali_IP:192.168.130.156
扫描
nmap起手
nmap -sT -p0- 192.168.130.63 -oA nmapscan/ports ;ports=$(grep open ./nmapscan/ports.nmap | awk -F '/' '{print $1}' | paste -sd ',');echo $ports >> nmapscan/tcp_ports;
sudo nmap -sT -sV -sC -O -p$ports 192.168.130.63 -oA nmapscan/detail
- 1
- 2
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-12 05:25 EDT Nmap scan report for crossbow.lan (192.168.130.63) Host is up (0.0010s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u1 (protocol 2.0) | ssh-hostkey: | 256 dd:83:da:cb:45:d3:a8:ea:c6:be:19:03:45:76:43:8c (ECDSA) |_ 256 e5:5f:7f:25:aa:c0:18:04:c4:46:98:b3:5d:a5:2b:48 (ED25519) 80/tcp open http Apache httpd 2.4.57 ((Debian)) |_http-server-header: Apache/2.4.57 (Debian) |_http-title: Polo's Adventures 9090/tcp open zeus-admin? | fingerprint-strings: | GetRequest, HTTPOptions: | HTTP/1.1 400 Bad request | Content-Type: text/html; charset=utf8 | Transfer-Encoding: chunked | X-DNS-Prefetch-Control: off | Referrer-Policy: no-referrer | X-Content-Type-Options: nosniff | Cross-Origin-Resource-Policy: same-origin | X-Frame-Options: sameorigin | <!DOCTYPE html> | <html> | <head> | <title> | request | </title> | <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | <meta name="viewport" content="width=device-width, initial-scale=1.0"> | <style> | body { | margin: 0; | font-family: "RedHatDisplay", "Open Sans", Helvetica, Arial, sans-serif; | font-size: 12px; | line-height: 1.66666667; | color: #333333; | background-color: #f5f5f5; | border: 0; | vertical-align: middle; |_ font-weight: 300; MAC Address: 08:00:27:4A:AB:B1 (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
有两个http端口,80和9090
后者需要认证
HTTP
80
先从80端口开始。看样子是个博客?
路径扫描
feroxbuster -u http://192.168.130.63 -t 20 -w $HVV_Tool/8_dict/seclist/Discovery/Web-Content/directory-list-lowercase-2.3-big.txt -x php,zip,bak,jpg,png,mp4,mkv,txt,html,md,git,7z,rar,db,log,docx,xlsx
- 1
___ ___ __ __ __ __ __ ___
|__ |__ |__) |__) | / ` / \ \_/ | | \ |__
| |___ | \ | \ | \__, \__/ / \ | |__/ |___
by Ben "epi" Risher 声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/空白诗007/article/detail/993937推荐阅读
相关标签
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。
