VulnVM-Interceptor
Box Info OS Linux Difficulty Hard Nmap [root@kali] /home/kali/Interceptor ❯ nmap 192.168.56.123 -sV -A -p- PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 80/tcp open http Apache httpd 2.4.62 ((Debian)) |_http-title: Apache2 Debian Default Page: It works |_http-server-header: Apache/2.4.62 (Debian) Gobuster [root@kali] /home/kali/Interceptor ❯ gobuster dir -u http://192.168.56.123 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt =============================================================== Gobuster v3.6 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Url: http://192.168.56.123 [+] Method: GET [+] Threads: 10 [+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.6 [+] Extensions: php,html,txt [+] Timeout: 10s =============================================================== Starting gobuster in directory enumeration mode =============================================================== /.html (Status: 403) [Size: 279] /.php (Status: 403) [Size: 279] /index.html (Status: 200) [Size: 10701] /wordpress (Status: 301) [Size: 320] [--> http://192.168.56.123/wordpress/] /backup (Status: 301) [Size: 317] [--> http://192.168.56.123/backup/] /.html (Status: 403) [Size: 279] /.php (Status: 403) [Size: 279] /server-status (Status: 403) [Size: 279] /fping.php (Status: 200) [Size: 1958] Progress: 882240 / 882244 (100.00%) =============================================================== Finished =============================================================== Crack ZIP 在**/backup里发现一个压缩包,应该是涉及到了/fping**这个路由的。 ...