靶场:The Hackers Labs
地址:https://thehackerslabs.com/pildoritas/
系统:linux,windows
内容:pfsense CVE、openvpn route modify、AD信息检索、mssql windows-auth、mssql提权
分类目录归档:linux靶场
TheHackersLabs Gintonic Walkthrough
TheHackersLabs Securitron Walkthrough
靶场:The Hackers Labs
地址:https://thehackerslabs.com/securitron/
系统:linux
内容:AI、sql注入、查看root的PATH、PATH利用。
TheHackersLabs TheOffice Walkthrough
靶场:The Hackers Labs
地址:https://thehackerslabs.com/theoffice/
系统:linux
内容:proto原型污染、内网穿透、id_rsa comment
TheHackersLabs Emerreuvedoble Walkthrough
靶场:The Hackers Labs
地址:https://thehackerslabs.com/emerreuvedoble/
系统:linux
内容:User-Agent的作用、XXE、LFI、docker、exiftool、bash命令-eq的利用
(非常有趣,值得一玩)
HackMyVm Wave Walkthrough
靶机下载地址https://hackmyvm.eu/machines/machine.php?vm=Wave。
Tips: shell加解密、常见php扩展名、端口转发、less命令的使用。
整体玩下来还是挺有趣的。
HackMyVm Up Walkthrough
HackMyVm Dentacare Walkthrough
靶机下载地址:https://hackmyvm.eu/machines/machine.php?vm=Dentacare。
扫描端口,开放了22、80和8000。
└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.136
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)
| ssh-hostkey:
| 256 e7:ce:f2:f6:5d:a7:47:5a:16:2f:90:07:07:33:4e:a9 (ECDSA)
|_ 256 09:db:b7:e8:ee:d4:52:b8:49:c3:cc:29:a5:6e:07:35 (ED25519)
80/tcp open http Werkzeug/3.0.2 Python/3.11.2
|_http-server-header: Werkzeug/3.0.2 Python/3.11.2
|_http-title: DentaCare Corporation
| fingerprint-strings:
...
8000/tcp open http Apache httpd 2.4.57
|_http-title: 403 Forbidden
|_http-server-header: Apache/2.4.57 (Debian)
VulNyx Express Walkthrough
这是我第一次玩VulNyx的靶机,这个靶机还是很有意思的,涉及到了GET/POST的变化、SSRF、SSTI,解题思路很有意思,所以记录下来。靶机的下载地址为https://vulnyx.com/file/Express.php。
扫描端口,显示22和80。
└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.134
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)
| ssh-hostkey:
| 256 65:bb:ae:ef:71:d4:b5:c5:8f:e7:ee:dc:0b:27:46:c2 (ECDSA)
|_ 256 ea:c8:da:c8:92:71:d8:8e:08:47:c0:66:e0:57:46:49 (ED25519)
80/tcp open http Apache httpd 2.4.62 ((Debian))
|_http-server-header: Apache/2.4.62 (Debian)
|_http-title: Apache2 Debian Default Page: It works
MAC Address: 08:00:27:88:F1:F0 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
HackMyVm Smol Walkthrough
靶机地址:https://hackmyvm.eu/machines/machine.php?vm=Smol。
直接使用IP地址访问出错,地址栏显示www.smol.hmv
,把这个地址加入/etc/hosts。扫描端口:
└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.130
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-24 16:03 CST
Nmap scan report for www.smol.hmv (192.168.56.130)
Host is up (0.00028s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 44:5f:26:67:4b:4a:91:9b:59:7a:95:59:c8:4c:2e:04 (RSA)
| 256 0a:4b:b9:b1:77:d2:48:79:fc:2f:8a:3d:64:3a:ad:94 (ECDSA)
|_ 256 d3:3b:97:ea:54:bc:41:4d:03:39:f6:8f:ad:b6:a0:fb (ED25519)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-generator: WordPress 6.3
|_http-title: AnotherCTF
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:BF:B5:36 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel