HackMyVM Icecream Walkthrough

发表评论

靶机下载地址:https://hackmyvm.eu/machines/machine.php?vm=Icecream

首先扫描端口。

└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.131                                                 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-09 16:53 CST                                   
Nmap scan report for 192.168.56.131                                                                  
Host is up (0.0022s latency).                                                                        
Not shown: 65530 closed tcp ports (reset)                                                            
PORT     STATE SERVICE     VERSION                                                                   
22/tcp   open  ssh         OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)                             
| ssh-hostkey:                                                                                       
|   256 68:94:ca:2f:f7:62:45:56:a4:67:84:59:1b:fe:e9:bc (ECDSA)                                      
|_  256 3b:79:1a:21:81:af:75:c2:c1:2e:4e:f5:a3:9c:c9:e3 (ED25519)
80/tcp   open  http        nginx 1.22.1                                              16:53:50 [45/64]
|_http-server-header: nginx/1.22.1                                                                   
|_http-title: 403 Forbidden                                                                          
139/tcp  open  netbios-ssn Samba smbd 4.6.2                                                          
445/tcp  open  netbios-ssn Samba smbd 4.6.2                                                          
9000/tcp open  cslistener?                                                                           
| fingerprint-strings:                                                                               
|   FourOhFourRequest:                                                                               
|     HTTP/1.1 404 Not Found                                                                         
|     Server: Unit/1.33.0                                                                            
|     Date: Wed, 09 Oct 2024 08:54:00 GMT                                                            
|     Content-Type: application/json                                                                 
|     Content-Length: 40                                                                             
|     Connection: close                                                                              
|     "error": "Value doesn't exist."                                                                
|   GetRequest:                                                                                      
|     HTTP/1.1 200 OK                                                                                
|     Server: Unit/1.33.0                                                                            
|     Date: Wed, 09 Oct 2024 08:54:00 GMT                                                            
|     Content-Type: application/json                                                                 
|     Content-Length: 1042                                                                           
|     Connection: close                                                                              
|     "certificates": {},                                                                            
|     "js_modules": {},                                                                              
|     "config": {                                                                                    
|     "listeners": {},                                                                               
|     "routes": [],                                                                                  
|     "applications": {}                                                                             
|     "status": {                                                                                    
|     "modules": {                                                                                   
|     "python": {                                                                                    
|     "version": "3.11.2",                                                                           
|     "lib": "/usr/lib/unit/modules/python3.11.unit.so"                                              
|     "php": {                                                                                       
|     "version": "8.2.18",                                                                           
|     "lib": "/usr/lib/unit/modules/php.unit.so"                                                     
|     "perl": {                                                                                      
|     "version": "5.36.0",                                                                           
|     "lib": "/usr/lib/unit/modules/perl.unit.so"                                                    
|     "ruby": {                                                                                      
|     "version": "3.1.2",                                                                            
|     "lib": "/usr/lib/unit/modules/ruby.unit.so"                                                    
|     "java": {                                                                                      
|     "version": "17.0.11",                                                                          
|     "lib": "/usr/lib/unit/modules/java17.unit.so"                                                  
|     "wasm": {                                                                                      
|     "version": "0.1",
|     "lib": "/usr/lib/unit/modules/wasm.unit.so"
|   HTTPOptions: 
|     HTTP/1.1 405 Method Not Allowed
|     Server: Unit/1.33.0 
|     Date: Wed, 09 Oct 2024 08:54:00 GMT
|     Content-Type: application/json
|     Content-Length: 35
|     Connection: close
|_    "error": "Invalid method."

...

Host script results:
|_clock-skew: -3s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2024-10-09T08:54:00
|_  start_date: N/A
|_nbstat: NetBIOS name: ICECREAM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)

查看smb。

└─$ smbclient -L 192.168.56.131                                                                      
Password for [WORKGROUP\kali]:                                                                       

        Sharename       Type      Comment                                                            
        ---------       ----      -------                                                            
        print$          Disk      Printer Drivers
        icecream        Disk      tmp Folder
        IPC$            IPC       IPC Service (Samba 4.17.12-Debian)
        nobody          Disk      Home Directories 
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
Protocol negotiation to server 192.168.56.131 (for a protocol between LANMAN1 and NT1) failed: NT_STA
TUS_INVALID_NETWORK_RESPONSE
Unable to connect with SMB1 -- no workgroup available

继续阅读

HackMyVm Lookup Walkthrough

发表评论

靶机地址https://hackmyvm.eu/machines/machine.php?vm=Lookup

直接访问报错,需要在/etc/hosts里设置域名lookup.hmv,再次访问主页显示一个登录页面。

扫描目录没有发现什么敏感文件,也没有什么漏洞,sql注入也不行。只能尝试爆破,先尝试爆出用户名。这里要注意wfuzz的语法,特别是要用多个-H加入必要的头信息。

└─$ wfuzz -c -w /usr/share/wordlists/seclists/Usernames/Names/names.txt   -H 'Host: lookup.hmv' -H 'Origin: http://lookup.hmv' -H 'Referer: http://lookup.hmv' -d "username=FUZZ&password=123456"  --hh 74  http://lookup.hmv/login.php 
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer                         *
********************************************************

Target: http://lookup.hmv/login.php
Total requests: 10177

=====================================================================
ID           Response   Lines    Word       Chars       Payload                                                                                                                                     
=====================================================================

000000086:   200        0 L      8 W        62 Ch       "admin"                                                                                                                                     
000004897:   200        0 L      8 W        62 Ch       "jose"                                                                                                                                      

Total time: 0
Processed Requests: 10177
Filtered Requests: 10175
Requests/sec.: 0

继续阅读

HackmyVm Universe Walkthrough

发表评论

靶机下载地址为:https://hackmyvm.eu/machines/machine.php?vm=Universe

用nmap扫描常用端口,发现21、22。

└─$ nmap -sV -sC -Pn   192.168.56.125                                                                                                                 

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
22/tcp open  ssh     OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)
| ssh-hostkey: 
|   256 95:d6:5d:68:a3:38:f7:74:87:b3:99:20:f8:be:45:4d (ECDSA)
|_  256 11:77:31:ae:36:4e:22:45:9c:89:8f:5e:e6:01:83:0d (ED25519)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

继续阅读

HackmyVm HackingToys Walkthrough

发表评论

靶机下载地址:https://hackmyvm.eu/machines/machine.php?vm=HackingToys

扫描端口,开了22和3000.

nmap -sV -sC -Pn  -oN port.log 192.168.56.123
...
PORT     STATE SERVICE  VERSION
22/tcp   open  ssh      OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)
| ssh-hostkey: 
|   256 e7:ce:f2:f6:5d:a7:47:5a:16:2f:90:07:07:33:4e:a9 (ECDSA)
|_  256 09:db:b7:e8:ee:d4:52:b8:49:c3:cc:29:a5:6e:07:35 (ED25519)
3000/tcp open  ssl/ppp?
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=FR
| Not valid before: 2024-05-20T15:36:20
|_Not valid after:  2038-01-27T15:36:20
...

继续阅读

华为《HarmonyOS第一课》“从网络获取数据 ”代码示例中的本机服务器设置

发表评论

这是华为关于HarmonyOS开发系列课程中的一课,需要构建一个本地新闻服务端,然后开发客户端去访问并获得数据。
关于如何构建服务端,程序代码的README中介绍的比较简短,测试时需要构建局域网环境:测试本Codelab时要确保运行服务端代码的电脑和测试机连接的是同一局域网下的网络,您可以用您的手机开一个个人热点,然后将测试机和运行服务端代码的电脑都连接您的手机热点进行测试。
这种方式比较麻烦,实际上调试代码时,大多时候是通过模拟器来实现,并不需要通过手机实机开热点。下面是简短步骤。

继续阅读

windows下安装llama-cpp-python失败的处理

发表评论

想尝试python使用llama-cpp的功能,在windows下安装llama-cpp-python时,会报错。

PS C:\Users\xxxx> pip install llama-cpp-python
...
...
Building wheels for collected packages: llama-cpp-python
  Running command Building wheel for llama-cpp-python (pyproject.toml)
  *** scikit-build-core 0.9.9 using CMake 3.30.1 (wheel)
  *** Configuring CMake...
  2024-07-31 15:38:35,991 - scikit_build_core - WARNING - Can't find a Python library, got libdir=None, ldlibrary=None, multiarch=None, masd=None
  loading initial cache file C:\Users\xxxx\AppData\Local\Temp\tmp95k50mhv\build\CMakeInit.txt
  -- Building for: NMake Makefiles
  CMake Error at CMakeLists.txt:3 (project):
    Running

     'nmake' '-?'

    failed with:

     no such file or directory

  CMake Error: CMAKE_C_COMPILER not set, after EnableLanguage
  CMake Error: CMAKE_CXX_COMPILER not set, after EnableLanguage
  -- Configuring incomplete, errors occurred!

  *** CMake configuration failed
  error: subprocess-exited-with-error

  × Building wheel for llama-cpp-python (pyproject.toml) did not run successfully.
  │ exit code: 1
  ╰─> See above for output.
...
...

继续阅读

Atom Walkthrough

发表评论

HackmyVm的靶机Atom,下载地址是https://hackmyvm.eu/machines/machine.php?vm=Atom

正常nmap扫描,只能找到22端口,非常蹊跷。卡在第一步就非常郁闷了,cromiphi制作的靶机总是有点小坑的!

└─$ nmap -sV -sC -Pn  -oN port.log 192.168.56.118  
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-22 20:20 CST
Nmap scan report for 192.168.56.118
Host is up (0.0026s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)
| ssh-hostkey: 
|   256 e7:ce:f2:f6:5d:a7:47:5a:16:2f:90:07:07:33:4e:a9 (ECDSA)
|_  256 09:db:b7:e8:ee:d4:52:b8:49:c3:cc:29:a5:6e:07:35 (ED25519)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

继续阅读

整了个鸿蒙官方文档的下载器

发表评论

HarmonyOs的官方开发文档非常有价值,但有时不能联网,所以写了个小脚本,批量下载并打包成epub。python代码,命令行界面使用PyInquirer实现,用pygments库实现代码高亮。
主界面如下:

***************************************************
HarmonyOs Development Guides/References Downloader
功能:下载HarmonyOs的官方文档并生成epub
版本:3.0
时间:2024-07-18
****************************************************
? 主功能菜单,选择你的操作:  (Use arrow keys)
 ❯  1) 下载应用开发文档(3.1/4.0,已归档)
    2) 下载API参考文档(3.1/4.0,已归档)
    3) 下载应用开发文档(next)
    4) 下载API参考文档(next)
    5) 下载AGC文档
    6) 下载设计指南
    7) 退出程序

继续阅读