Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Environment ❯ nmap Environment.htb -sV -A PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u5 (protocol 2.0) | ssh-hostkey: | 256 5c:02:33:95:ef:44:e2:80:cd:3a:96:02:23:f1:92:64 (ECDSA) |_ 256 1f:3d:c2:19:55:28:a1:77:59:51:48:10:c4:4b:74:ab (ED25519) 80/tcp open http nginx 1.22.1 |_http-title: Save the Environment | environment.htb |_http-server-header: nginx/1.22.1 Dirsearch [root@kali] /home/kali/Environment ❯ dirsearch -u http://environment.htb _|. _ _ _ _ _ _|_ v0.4.3 (_||| _) (/_(_|| (_| ) Extensions: php, asp, aspx, jsp, html, htm | HTTP method: GET | Threads: 25 | Wordlist size: 12289 Target: http://environment.htb/ [07:23:08] Scanning: [07:23:23] 403 - 555B - /admin/.config [07:23:23] 403 - 555B - /admin/.htaccess [07:23:39] 403 - 555B - /administrator/.htaccess [07:23:43] 403 - 555B - /admpar/.ftppass [07:23:43] 403 - 555B - /admrev/.ftppass [07:23:46] 403 - 555B - /app/.htaccess [07:23:52] 403 - 555B - /bitrix/.settings.bak [07:23:52] 403 - 555B - /bitrix/.settings [07:23:52] 403 - 555B - /bitrix/.settings.php.bak [07:23:54] 301 - 169B - /build -> http://environment.htb/build/ [07:23:54] 403 - 555B - /build/ [07:24:15] 403 - 555B - /ext/.deps [07:24:15] 200 - 0B - /favicon.ico [07:24:26] 200 - 4KB - /index.php [07:24:26] 200 - 2KB - /index.php/login/ [07:24:31] 403 - 555B - /lib/flex/varien/.project [07:24:31] 403 - 555B - /lib/flex/uploader/.actionScriptProperties [07:24:31] 403 - 555B - /lib/flex/varien/.flexLibProperties [07:24:31] 403 - 555B - /lib/flex/varien/.actionScriptProperties [07:24:31] 403 - 555B - /lib/flex/uploader/.flexProperties [07:24:31] 403 - 555B - /lib/flex/uploader/.project [07:24:31] 403 - 555B - /lib/flex/uploader/.settings [07:24:31] 403 - 555B - /lib/flex/varien/.settings [07:24:34] 200 - 2KB - /login [07:24:34] 200 - 2KB - /login/ [07:24:35] 302 - 358B - /logout/ -> http://environment.htb/login [07:24:35] 302 - 358B - /logout -> http://environment.htb/login [07:24:36] 403 - 555B - /mailer/.env [07:25:01] 403 - 555B - /resources/sass/.sass-cache/ [07:25:01] 403 - 555B - /resources/.arch-internal-preview.css [07:25:02] 200 - 24B - /robots.txt [07:25:12] 301 - 169B - /storage -> http://environment.htb/storage/ [07:25:12] 403 - 555B - /storage/ [07:25:19] 403 - 555B - /twitter/.env [07:25:21] 405 - 244KB - /upload/ [07:25:22] 405 - 244KB - /upload [07:25:24] 403 - 555B - /vendor/ Task Completed Env Bypass 进入登录页,进行抓包,可以看到直接带出了报错信息
...