HackMyVm Dentacare Walkthrough

靶机下载地址:https://hackmyvm.eu/machines/machine.php?vm=Dentacare

扫描端口,开放了22、80和8000。

└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.136
PORT     STATE SERVICE VERSION                                                                                                                                                
22/tcp   open  ssh     OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)                                                                                                          
| ssh-hostkey:                                                                                                                                                                
|   256 e7:ce:f2:f6:5d:a7:47:5a:16:2f:90:07:07:33:4e:a9 (ECDSA)                                                                                                               
|_  256 09:db:b7:e8:ee:d4:52:b8:49:c3:cc:29:a5:6e:07:35 (ED25519)                                                                                                             
80/tcp   open  http    Werkzeug/3.0.2 Python/3.11.2                                                                                                                           
|_http-server-header: Werkzeug/3.0.2 Python/3.11.2                                                                                                                            
|_http-title: DentaCare Corporation                                                                                                                                           
| fingerprint-strings:                                                                                                                                                        
...
8000/tcp open  http    Apache httpd 2.4.57
|_http-title: 403 Forbidden
|_http-server-header: Apache/2.4.57 (Debian)

继续阅读

VulNyx Express Walkthrough

这是我第一次玩VulNyx的靶机,这个靶机还是很有意思的,涉及到了GET/POST的变化、SSRF、SSTI,解题思路很有意思,所以记录下来。靶机的下载地址为https://vulnyx.com/file/Express.php。

扫描端口,显示22和80。

└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.134
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)
| ssh-hostkey: 
|   256 65:bb:ae:ef:71:d4:b5:c5:8f:e7:ee:dc:0b:27:46:c2 (ECDSA)
|_  256 ea:c8:da:c8:92:71:d8:8e:08:47:c0:66:e0:57:46:49 (ED25519)
80/tcp open  http    Apache httpd 2.4.62 ((Debian))
|_http-server-header: Apache/2.4.62 (Debian)
|_http-title: Apache2 Debian Default Page: It works
MAC Address: 08:00:27:88:F1:F0 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

继续阅读

HackMyVm Smol Walkthrough

靶机地址:https://hackmyvm.eu/machines/machine.php?vm=Smol

直接使用IP地址访问出错,地址栏显示www.smol.hmv,把这个地址加入/etc/hosts。扫描端口:

└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.130
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-24 16:03 CST
Nmap scan report for www.smol.hmv (192.168.56.130)
Host is up (0.00028s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 44:5f:26:67:4b:4a:91:9b:59:7a:95:59:c8:4c:2e:04 (RSA)
|   256 0a:4b:b9:b1:77:d2:48:79:fc:2f:8a:3d:64:3a:ad:94 (ECDSA)
|_  256 d3:3b:97:ea:54:bc:41:4d:03:39:f6:8f:ad:b6:a0:fb (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-generator: WordPress 6.3
|_http-title: AnotherCTF
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:BF:B5:36 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

继续阅读

HackMyVm Lookup Walkthrough

靶机地址https://hackmyvm.eu/machines/machine.php?vm=Lookup

直接访问报错,需要在/etc/hosts里设置域名lookup.hmv,再次访问主页显示一个登录页面。

扫描目录没有发现什么敏感文件,也没有什么漏洞,sql注入也不行。只能尝试爆破,先尝试爆出用户名。这里要注意wfuzz的语法,特别是要用多个-H加入必要的头信息。

└─$ wfuzz -c -w /usr/share/wordlists/seclists/Usernames/Names/names.txt   -H 'Host: lookup.hmv' -H 'Origin: http://lookup.hmv' -H 'Referer: http://lookup.hmv' -d "username=FUZZ&password=123456"  --hh 74  http://lookup.hmv/login.php 
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer                         *
********************************************************

Target: http://lookup.hmv/login.php
Total requests: 10177

=====================================================================
ID           Response   Lines    Word       Chars       Payload                                                                                                                                     
=====================================================================

000000086:   200        0 L      8 W        62 Ch       "admin"                                                                                                                                     
000004897:   200        0 L      8 W        62 Ch       "jose"                                                                                                                                      

Total time: 0
Processed Requests: 10177
Filtered Requests: 10175
Requests/sec.: 0

继续阅读

HackmyVm Universe Walkthrough

靶机下载地址为:https://hackmyvm.eu/machines/machine.php?vm=Universe

用nmap扫描常用端口,发现21、22。

└─$ nmap -sV -sC -Pn   192.168.56.125                                                                                                                 

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
22/tcp open  ssh     OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)
| ssh-hostkey: 
|   256 95:d6:5d:68:a3:38:f7:74:87:b3:99:20:f8:be:45:4d (ECDSA)
|_  256 11:77:31:ae:36:4e:22:45:9c:89:8f:5e:e6:01:83:0d (ED25519)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

继续阅读

HackmyVm HackingToys Walkthrough

靶机下载地址:https://hackmyvm.eu/machines/machine.php?vm=HackingToys

扫描端口,开了22和3000.

nmap -sV -sC -Pn  -oN port.log 192.168.56.123
...
PORT     STATE SERVICE  VERSION
22/tcp   open  ssh      OpenSSH 9.2p1 Debian 2+deb12u2 (protocol 2.0)
| ssh-hostkey: 
|   256 e7:ce:f2:f6:5d:a7:47:5a:16:2f:90:07:07:33:4e:a9 (ECDSA)
|_  256 09:db:b7:e8:ee:d4:52:b8:49:c3:cc:29:a5:6e:07:35 (ED25519)
3000/tcp open  ssl/ppp?
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=FR
| Not valid before: 2024-05-20T15:36:20
|_Not valid after:  2038-01-27T15:36:20
...

继续阅读

华为《HarmonyOS第一课》“从网络获取数据 ”代码示例中的本机服务器设置

这是华为关于HarmonyOS开发系列课程中的一课,需要构建一个本地新闻服务端,然后开发客户端去访问并获得数据。
关于如何构建服务端,程序代码的README中介绍的比较简短,测试时需要构建局域网环境:测试本Codelab时要确保运行服务端代码的电脑和测试机连接的是同一局域网下的网络,您可以用您的手机开一个个人热点,然后将测试机和运行服务端代码的电脑都连接您的手机热点进行测试。
这种方式比较麻烦,实际上调试代码时,大多时候是通过模拟器来实现,并不需要通过手机实机开热点。下面是简短步骤。

继续阅读