Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub Nasef Walkthrough

https://www.vulnhub.com/entry/nasef1-locating-target,640/scan files at port 80.wget goodmat.txt, get a username and ssh key file.decrypt encrypted ssh key.log in ssh.find writable file.add new root account to /etc/passwd.root@nasef1:~# id;hostna

Vulnhub Gaara Walkthrough

https://www.vulnhub.com/entry/gaara-1,629/Scan port 80, find Cryoserver.┌──(kali㉿mykali)-[~/Documents/gaara] └─$ curl http://192.168.56.78/Cryoserver | sed '/^$/d'   % Total    %&n

Vulnhub ICMP: 1 Walkthrough

https://www.vulnhub.com/entry/icmp-1,633/Scan ports, find 22 and 80.┌──(kali㉿mykali)-[~/Documents/icmp] └─$ nmap -sV -sC -p- 192.168.56.81  -oN ports.log ... PORT   STATE SERVICE VER

Vulnhub System Failure Walkthrough

https://www.vulnhub.com/entry/system-failure-1,654/Scan ports.# Nmap 7.91 scan initiated Thu Mar 11 21:49:07 2021 as: nmap -sV -sC -p- -oN ports.log 192.168.56.80 N

Vulnhub The Office: Doomsday Device done!

https://www.vulnhub.com/entry/the-office-doomsday-device,627/Very interesting machine.Recommand you the writeup by ghost26082012 here:https://youtu.be/-DVdXBGf35w

Vulnhub hacksudo: 1 Walkthough

https://www.vulnhub.com/entry/hacksudo-1,650/Simple walkthrough.Scan ports.Scan port 80, check each file's source code, but nothing useful.Port 8080 is tomcat, with default creds. Use msfconsole to get reverse shell.Now we are user tomcat.Upload

Vulnhub DOUBLE: 1 Walkthough

https://www.vulnhub.com/entry/double-1,632/Scan ports opened.Port 8080 need auth, we don't know yet. So we start from port 80.Check http://url/production. Try to send some cmd, like cmd="id", code="1", then we can see the comm

Vulnhub Alfa: 1 Simple Walkthrough

https://www.vulnhub.com/entry/alfa-1,655/Simple walkthroug:nmap -sV -sC -p- 192.168.56.72  -oN ports.logftp log in as anonymous, get a pic file.check robots.txt, find brain fuck strings, decode it, and get a new url.enum4linux, get username.ente

Vulnhub bassamCTF: 1 Walkthough

Machine is here.Nmap scan ports.Port 80 only has one file.Get domain name from index.html.Add it to /etc/hosts, then brute force vhost.gobuster vhost -u http://bassam.ctf  -w /usr/share/seclists/Discovery/DNS/subdomains-

Vulnhub靶机Hackme:2的Walkthrough(数据库注入、命令注入)

    靶机下载地址https://www.vulnhub.com/entry/hackme-2,618/。有一段没玩注入漏洞的靶机了,所以记录一下Walkthrough。    靶机运行后nmap扫描端口,发现只开了22和80。        浏览器打开80端口后,来到一个登录界面,测试了几个弱口令未果。       
<< < 1 2 3 4 > >>

Powered By Z-BlogPHP 1.7.0