TryHackMe -- Vulnversity

v4ler1an 发布于 2024-01-02 收录于 Pentesting

THM - Vulnversity

Reconnaissance

Scan the box; how many ports are open?

nmap扫描，同时扫一下服务：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17


┌──(v4ler1an㉿kali)-[~/tmp]
└─$ sudo nmap -T4 -sV 10.10.189.32
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-05 20:51 EST
Nmap scan report for localhost (10.10.189.32)
Host is up (0.35s latency).
Not shown: 994 closed tcp ports (reset)
PORT     STATE SERVICE     VERSION
21/tcp   open  ftp         vsftpd 3.0.3
22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu Linux; protocol 2.0)
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
3128/tcp open  http-proxy  Squid http proxy 3.5.12
3333/tcp open  http        Apache httpd 2.4.18 ((Ubuntu))
Service Info: Host: VULNUNIVERSITY; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.45 seconds

What version of the squid proxy is running on the machine?

squid proxy的版本，使用-sV参数直接确定扫描的端口对应的服务，3.5.12。

/2024/01/thm-vulnerability_capstone/thm.jpeg

TryHackMe -- Vulnerability Caspstone

v4ler1an 发布于 2024-01-01 收录于 Pentesting

THM – Vulnerability Caspstone

What is the name of the application running on the vulnerable machine?

先扫一下常规端口：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


┌──(v4ler1an㉿kali)-[~]
└─$ sudo nmap -sV -T4  -Pn  10.10.217.113
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-05 01:33 EST
Nmap scan report for localhost (10.10.217.113)
Host is up (0.36s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.22 seconds

80端口和22端口，先看80端口：

TryHackMe -- Net Sec Challenge

v4ler1an 发布于 2024-01-01 收录于 Pentesting

TryHackMe – Net Sec Challenge

/2023/11/vulnhub_walkthrough-matrix-breakout-2-morpheus/vulnhub.png

Vulnhub Matrix-breakout-2-Morpheus

v4ler1an 发布于 2023-11-12 收录于 Web

Vulnhub Training Walkthrough – Matrix-breakout-2-Morpheus

Vulnhub Empire Breakout

v4ler1an 发布于 2023-11-11 收录于 Web

Vulnhub Training Waklthrough – Empire Breakout

/2023/11/vulnhub_empire_hackmeplease/vulnhub.png

Vulnhub HackMePlease

v4ler1an 发布于 2023-11-11 收录于 Web

Vulnhub Training Walkthrough – HackMePlease

Vulnhub Empire LupinOne

v4ler1an 发布于 2023-11-11 收录于 Web

Vulnhub Training Waklthrough – Empire LupinOne

Vulnhub Evilbox

v4ler1an 发布于 2023-11-10 收录于 Web

Vulnhub Training Waklthrough – Evilbox。

Vulnhub Hackme

v4ler1an 发布于 2023-11-09 收录于 Web

Vulnhub Training – Hackme

Knowledge

sqlmap - SQL Injection Scanner
webshell - php-reverse-shell.php

1. Environment Setup

OVA Download Link：https://download.vulnhub.com/hackme/hackme.ova

Just download it and run in vmware, the environment OS is ubunutu 18.04, so it work well in VMware.

2. Reconnaisence

1. IP Address

scan ip:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


┌──(v4ler1an㉿kali)-[~/Documents/tools/proxy]
└─$ sudo arp-scan -l
[sudo] password for v4ler1an:
Interface: eth0, type: EN10MB, MAC: 00:0c:29:9d:5b:9e, IPv4: 172.16.86.138
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
172.16.86.1	5e:52:30:c9:b7:65	(Unknown: locally administered)
172.16.86.2	00:50:56:fd:f8:ec	VMware, Inc.
172.16.86.146	00:0c:29:41:bf:50	VMware, Inc.
172.16.86.254	00:50:56:f4:42:e0	VMware, Inc.

8 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.393 seconds (106.98 hosts/sec). 4 responded

Target IP is 172.16.86.146.

Vulnhub Deathnote

v4ler1an 发布于 2023-11-08 收录于 Web

Knowledge

wpscan - WordPress Scanner
hydra – ssh username and password brute force

1. Environment Setup

常规设置，如果使用vmware的话就需要配置一下网络。

2. Reconnaisence

1. IP Address

arp-scan扫一下：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


┌──(v4ler1an㉿kali)-[~/Documents/tmp]
└─$ sudo arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:9d:5b:9e, IPv4: 172.16.86.138
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
172.16.86.1	5e:52:30:c9:b7:65	(Unknown: locally administered)
172.16.86.2	00:50:56:fd:f8:ec	VMware, Inc.
172.16.86.145	00:0c:29:54:62:bc	VMware, Inc.
172.16.86.254	00:50:56:e8:1f:a8	VMware, Inc.

8 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.370 seconds (108.02 hosts/sec). 4 responded

2. Port Info

nmap扫下端口信息：

人世纷乱，出入平安。

THM - Vulnversity

Reconnaissance

Scan the box; how many ports are open?

What version of the squid proxy is running on the machine?

THM – Vulnerability Caspstone

What is the name of the application running on the vulnerable machine?

Knowledge

1. Environment Setup

2. Reconnaisence

1. IP Address

Knowledge

1. Environment Setup

2. Reconnaisence

1. IP Address

2. Port Info