安全杂谈 | 网络安全、渗透测试、信息安全技术分享

Leon

2024-11-18 (Updated: 2024-11-18)

靶场

题目描述

难度：
描述：
前置条件：

基本信息

🚀	本地机器信息	目标机器信息
IP	10.17.5.121
OS	kali

信息搜集

端口扫描

PORT   STATE SERVICE REASON  VERSION
21/tcp open  ftp     syn-ack vsftpd 3.0.3
22/tcp open  ssh     syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    syn-ack Apache httpd 2.4.41 ((Ubuntu))
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

路径枚举

ftp anenomous

Hey I just removed the old user mike because that account was compromised and for any of you who wants the creds of new account visit 127.0.0.1/dir/pass.txt and don't worry this file is only accessible by localhost(127.0.0.1), so nobody else can view it except me or people with access to the common account.

题目描述

基本信息

信息搜集

端口扫描

路径枚举

漏洞发现

漏洞利用

webshell

usershell

rootshell

知识点回顾

总结