Dockerlabs

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/swiss ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-25 19:53 CST Nmap scan report for realgob.dl (172.17.0.2) Host is up (0.00026s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: |_ 256 f1:2d:b0:54:e3:57:94:c8:3a:1a:7a:ba:d8:2d:7e:f9 (ECDSA) 80/tcp open tcpwrapped |_http-server-header: Apache/2.4.58 (Ubuntu) |_http-title: \xF0\x9F\x91\x8B Mario \xC3\x81lvarez Fer\xC5\x84andez MAC Address: 02:42:AC:11:00:02 (Unknown) No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.94SVN%E=4%D=2/25%OT=22%CT=1%CU=40368%PV=Y%DS=1%DC=D%G=Y%M=0242A OS:C%TM=67BDAF4F%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=107%TI=Z%CI=Z%I OS:I=I%TS=A)SEQ(SP=107%GCD=2%ISR=107%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M5B4ST11NW7 OS:%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST1 OS:1)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40% OS:W=FAF0%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R= OS:Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T2(R=Y%DF=N%T=40%W=0%S=O%A=Z%F=R% OS:O=%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF= OS:Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=% OS:RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%I OS:PL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.25 ms realgob.dl (172.17.0.2) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.18 seconds ffuf 扫描得到一个file参数可以进行读取文件 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-25 16:15 CST Nmap scan report for 172.17.0.2 Host is up (0.000089s latency). Not shown: 999 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) |_http-server-header: Apache/2.4.58 (Ubuntu) |_http-title: Apple Store MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop TRACEROUTE HOP RTT ADDRESS 1 0.09 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.98 seconds Dirsearch [root@kali] /home/kali ❯ dirsearch -u 172.17.0.2 -t 50 -i 200 /usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html from pkg_resources import DistributionNotFound, VersionConflict _|. _ _ _ _ _ _|_ v0.4.3 (_||| _) (/_(_|| (_| ) Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 50 | Wordlist size: 11460 Output File: /home/kali/reports/_172.17.0.2/_25-02-25_16-19-18.txt Target: http://172.17.0.2/ [16:19:18] Starting: [16:19:35] 200 - 631B - /login.php [16:19:41] 200 - 626B - /register.php [16:19:47] 200 - 405B - /uploads/ [16:19:48] 200 - 0B - /vendor/composer/autoload_static.php [16:19:48] 200 - 1KB - /vendor/composer/LICENSE [16:19:48] 200 - 520B - /vendor/ [16:19:48] 200 - 0B - /vendor/autoload.php [16:19:48] 200 - 0B - /vendor/composer/autoload_classmap.php [16:19:48] 200 - 0B - /vendor/composer/autoload_psr4.php [16:19:48] 200 - 0B - /vendor/composer/ClassLoader.php [16:19:48] 200 - 3KB - /vendor/composer/installed.json [16:19:48] 200 - 0B - /vendor/composer/autoload_namespaces.php [16:19:48] 200 - 0B - /vendor/composer/autoload_real.php Task Completed 可以看到存在uploads目录 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/chatme ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-24 19:54 CST Nmap scan report for 172.17.0.2 Host is up (0.000088s latency). Not shown: 999 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http nginx 1.24.0 (Ubuntu) |_http-title: ChatMe - The Best Online Chat Solution |_http-server-header: nginx/1.24.0 (Ubuntu) MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.09 ms 172.17.0.2 网页中存在chat.chatme.dl，将其添加到**/etc/hosts** ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Report ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-25 18:34 CST Nmap scan report for 172.17.0.2 Host is up (0.000076s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 58:46:38:70:8c:d8:4a:89:93:07:b3:43:17:81:59:f1 (ECDSA) |_ 256 25:99:39:02:52:4b:80:3f:aa:a8:9a:d4:8e:9a:eb:10 (ED25519) 80/tcp open http Apache httpd 2.4.58 |_http-server-header: Apache/2.4.58 (Ubuntu) |_http-title: Did not follow redirect to http://realgob.dl/ 3306/tcp open mysql MySQL 5.5.5-10.11.8-MariaDB-0ubuntu0.24.04.1 | mysql-info: | Protocol: 10 | Version: 5.5.5-10.11.8-MariaDB-0ubuntu0.24.04.1 | Thread ID: 8 | Capabilities flags: 63486 | Some Capabilities: LongColumnFlag, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, Support41Auth, IgnoreSigpipes, ConnectWithDatabase, SupportsTransactions, InteractiveClient, Speaks41ProtocolNew, FoundRows, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, ODBCClient, SupportsCompression, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments | Status: Autocommit | Salt: SMf;1&jb.[aWoKfBUf~i |_ Auth Plugin Name: mysql_native_password MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: Host: 172.17.0.2; OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.08 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.89 seconds 将realgob.dl添加到**/etc/hosts** ...

Box Info OS Linux Difficulty Hard Nmap 10.10.10.2 [root@kali] /home/kali/grandma ❯ nmap 10.10.10.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-24 14:29 CST Nmap scan report for 10.10.10.2 Host is up (0.000093s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 f0:d4:14:46:ad:c7:15:dd:09:8d:5a:c9:4c:a0:41:86 (ECDSA) |_ 256 88:8f:11:21:2a:29:72:fb:60:cb:39:c7:97:05:aa:9d (ED25519) 80/tcp open http Apache httpd 2.4.58 |_http-server-header: Apache/2.4.58 (Ubuntu) |_http-title: Did not follow redirect to http://grandma.dl/ 5000/tcp open http aiohttp 3.9.1 (Python 3.12) | http-title: Hospital - Calendar |_Requested resource was /static/index.html |_http-server-header: Python/3.12 aiohttp/3.9.1 MAC Address: 02:42:0A:0A:0A:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: Host: 172.17.0.2; OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.09 ms 10.10.10.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 14.88 seconds 将grandma.dl添加到**/etc/hosts** ...

Box Info OS Linux Difficulty Hard Nmap [root@kali] /home/kali ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-23 21:13 CST Nmap scan report for 172.17.0.2 Host is up (0.00011s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0) | ssh-hostkey: | 256 8c:5c:7b:fe:79:92:7a:f9:85:ec:a5:b9:27:25:db:85 (ECDSA) |_ 256 ba:69:95:e3:df:7e:42:ec:69:ed:74:9e:6b:f6:9a:06 (ED25519) 80/tcp open http Apache httpd 2.4.59 ((Debian)) |_http-title: Did not follow redirect to http://norc.labs/?password-protected=login&redirect_to=http%3A%2F%2F172.17.0.2%2F |_http-server-header: Apache/2.4.59 (Debian) MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.11 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 15.22 seconds 将norc.labs添加到**/etc/hosts** ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/Desktop ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-22 10:42 CST Nmap scan report for 172.17.0.2 Host is up (0.000085s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0) | ssh-hostkey: | 256 2c:ea:4a:d7:b4:c3:d4:e2:65:29:6c:12:c4:58:c9:49 (ECDSA) |_ 256 a7:a4:a4:2e:3b:c6:0a:e4:ec:bd:46:84:68:02:5d:30 (ED25519) 80/tcp open http Apache httpd 2.4.61 ((Debian)) |_http-title: Login Page |_http-server-header: Apache/2.4.61 (Debian) MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.09 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.98 seconds 进入网页是一个登录页面，尝试使用常见的默认账户登陆失败。 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Rutas ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-22 19:23 CST Nmap scan report for 172.17.0.2 Host is up (0.000066s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.5 | ftp-anon: Anonymous FTP login allowed (FTP code 230) | -rw-r--r-- 1 0 0 0 Jul 11 2024 hola_disfruta |_-rw-r--r-- 1 0 0 293 Jul 11 2024 respeta.zip | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:172.17.0.1 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 4 | vsFTPd 3.0.5 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 7.7p1 Ubuntu 3ubuntu13.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 63:16:54:2a:05:1d:8e:43:53:55:8b:d5:4e:35:c9:1f (ECDSA) |_ 256 21:24:77:5d:f8:2f:b2:64:ec:42:8b:0b:ef:f0:46:1b (ED25519) 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) |_http-title: Apache2 Ubuntu Default Page: It works |_http-server-header: Apache/2.4.58 (Ubuntu) MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.07 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.49 seconds FTP 存在匿名登录，并且可以下载文件 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Veveno ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-22 16:04 CST Nmap scan report for 172.17.0.2 Host is up (0.000089s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 3ubuntu13 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 89:9c:7b:99:95:b6:e8:03:5a:6a:d4:69:69:4a:8d:35 (ECDSA) |_ 256 ec:ec:90:44:4e:66:64:22:f6:8b:cd:29:d2:b5:60:6a (ED25519) 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) |_http-server-header: Apache/2.4.58 (Ubuntu) |_http-title: Apache2 Ubuntu Default Page: It works MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.09 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.95 seconds Gobuster [root@kali] /home/kali/Veveno ❯ gobuster dir -u "http://172.17.0.2/" -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 -x php,html ⏎ =============================================================== Gobuster v3.6 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Url: http://172.17.0.2/ [+] Method: GET [+] Threads: 50 [+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.6 [+] Extensions: php,html [+] Timeout: 10s =============================================================== Starting gobuster in directory enumeration mode =============================================================== /uploads (Status: 301) [Size: 310] [--> http://172.17.0.2/uploads/] /.html (Status: 403) [Size: 275] /.php (Status: 403) [Size: 275] /problems.php (Status: 200) [Size: 10671] /index.html (Status: 200) [Size: 10671] /.php (Status: 403) [Size: 275] /.html (Status: 403) [Size: 275] /server-status (Status: 403) [Size: 275] Progress: 661680 / 661683 (100.00%) 可以看到存在一个problems.php，但是回显和index.html是一样的，猜测需要构造一个参数 ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/walkingcms ❯ nmap 172.17.0.2 -sV -A Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-22 09:39 CST Nmap scan report for 172.17.0.2 Host is up (0.000090s latency). Not shown: 999 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.57 ((Debian)) |_http-server-header: Apache/2.4.57 (Debian) |_http-title: Apache2 Debian Default Page: It works MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop TRACEROUTE HOP RTT ADDRESS 1 0.09 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.87 seconds 进入网页后是apache的默认页面 ...