Dockerlabs

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/dance-samba ❯ nmap 172.17.0.2 -sV -A PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.5 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r-- 1 0 0 69 Aug 19 2024 nota.txt | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:172.17.0.1 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 2 | vsFTPd 3.0.5 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 a2:4e:66:7d:e5:2e:cf:df:54:39:b2:08:a9:97:79:21 (ECDSA) |_ 256 92:bf:d3:b8:20:ac:76:08:5b:93:d7:69:ef:e7:59:e1 (ED25519) 139/tcp open netbios-ssn Samba smbd 4.6.2 445/tcp open netbios-ssn Samba smbd 4.6.2 MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel Host script results: | smb2-time: | date: 2025-02-21T12:45:31 |_ start_date: N/A | smb2-security-mode: | 3:1:1: |_ Message signing enabled but not required TRACEROUTE HOP RTT ADDRESS 1 0.11 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 22.37 seconds enum4linux ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Memesploit ❯ nmap 172.17.0.2 -sV Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-21 19:06 CST Nmap scan report for 172.17.0.2 Host is up (0.0000080s latency). Not shown: 996 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) 139/tcp open netbios-ssn Samba smbd 4.6.2 445/tcp open netbios-ssn Samba smbd 4.6.2 MAC Address: 02:42:AC:11:00:02 (Unknown) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.42 seconds SMB [root@kali] /home/kali/Memesploit ❯ smbclient -L //172.17.0.2/ ⏎ Password for [WORKGROUP\root]: Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers share_memehydra Disk IPC$ IPC IPC Service (c9584cd8853e server (Samba, Ubuntu)) Reconnecting with SMB1 for workgroup listing. smbXcli_negprot_smb1_done: No compatible protocol selected by server. Protocol negotiation to server 172.17.0.2 (for a protocol between LANMAN1 and NT1) failed: NT_STATUS_INVALID_NETWORK_RESPONSE Unable to connect with SMB1 -- no workgroup available 存在一个share_memehydra的目录，但是必须要密码才能登录。 ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali ❯ nmap 172.17.0.2 -sV Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-21 15:07 CST Nmap scan report for 172.17.0.2 Host is up (0.0000080s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.4 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) MAC Address: 02:42:AC:11:00:02 (Unknown) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.45 seconds Dirsearch [root@kali] /home/kali/Psycho ❯ dirsearch -u 172.17.0.2 -t 50 /usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html from pkg_resources import DistributionNotFound, VersionConflict _|. _ _ _ _ _ _|_ v0.4.3 (_||| _) (/_(_|| (_| ) Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 50 | Wordlist size: 11460 Output File: /home/kali/Psycho/reports/_172.17.0.2/_25-02-21_15-09-17.txt Target: http://172.17.0.2/ [15:09:17] Starting: [15:09:18] 403 - 275B - /.ht_wsr.txt [15:09:18] 403 - 275B - /.htaccess.bak1 [15:09:18] 403 - 275B - /.htaccess.orig [15:09:18] 403 - 275B - /.htaccess.sample [15:09:18] 403 - 275B - /.htaccess.save [15:09:18] 403 - 275B - /.htaccess_extra [15:09:18] 403 - 275B - /.htaccess_sc [15:09:18] 403 - 275B - /.htaccessOLD [15:09:18] 403 - 275B - /.htaccessOLD2 [15:09:18] 403 - 275B - /.htm [15:09:18] 403 - 275B - /.html [15:09:18] 403 - 275B - /.htaccessBAK [15:09:18] 403 - 275B - /.htpasswds [15:09:18] 403 - 275B - /.httr-oauth [15:09:18] 403 - 275B - /.htpasswd_test [15:09:18] 403 - 275B - /.php [15:09:21] 403 - 275B - /.htaccess_orig [15:09:24] 301 - 309B - /assets -> http://172.17.0.2/assets/ [15:09:24] 200 - 458B - /assets/ [15:09:38] 403 - 275B - /server-status [15:09:38] 403 - 275B - /server-status/ Task Completed 在网页源码底部发现了一个ERROR，意味着是不是他的调用方式有什么问题？或者什么参数有问题？ ...