VulnVM-Get
Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali ❯ nmap 192.168.55.11 -sV -A -p- Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u5 (protocol 2.0) | ssh-hostkey: | 256 69:dc:67:49:10:2a:a4:26:a8:9f:c4:5d:a3:b8:a1:3e (ECDSA) |_ 256 6a:2b:e4:44:29:78:62:fb:61:0b:09:2f:9c:bc:18:c6 (ED25519) 80/tcp open http Apache httpd 2.4.62 ((Debian)) |_http-title: Apache2 Debian Default Page: It works |_http-server-header: Apache/2.4.62 (Debian) Feroxbuster [root@kali] /home/kali ❯ feroxbuster -u 'http://192.168.55.11/' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php ___ ___ __ __ __ __ __ ___ |__ |__ |__) |__) | / ` / \ \_/ | | \ |__ | |___ | \ | \ | \__, \__/ / \ | |__/ |___ by Ben "epi" Risher 🤓 ver: 2.11.0 ───────────────────────────┬────────────────────── 🎯 Target Url │ http://192.168.55.11/ 🚀 Threads │ 50 📖 Wordlist │ /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 👌 Status Codes │ All Status Codes! 💥 Timeout (secs) │ 7 🦡 User-Agent │ feroxbuster/2.11.0 💉 Config File │ /etc/feroxbuster/ferox-config.toml 🔎 Extract Links │ true 💲 Extensions │ [php] 🏁 HTTP methods │ [GET] 🔃 Recursion Depth │ 4 ───────────────────────────┴────────────────────── 🏁 Press [ENTER] to use the Scan Management Menu™ ────────────────────────────────────────────────── 403 GET 9l 28w 278c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter 404 GET 9l 31w 275c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter 200 GET 0l 0w 0c http://192.168.55.11/contact.php 200 GET 25l 127w 10359c http://192.168.55.11/icons/openlogo-75.png 200 GET 368l 933w 10701c http://192.168.55.11/ [####################] - 19s 220551/220551 0s found:3 errors:0 [####################] - 18s 220546/220546 12201/s http://192.168.55.11/ 其中contact.php并没有任何回显,尝试参数爆破 ...