Hackmyvm

HackMyVM-Newbee

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/debian ❯ nmap 192.168.237.155 -sV -A -p- -T4 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u5 (protocol 2.0) | ssh-hostkey: | 256 92:6e:6d:b0:bd:08:1e:db:9d:56:0e:f8:15:25:ca:21 (ECDSA) |_ 256 88:d7:08:bd:a2:95:75:cc:71:06:47:ae:fd:d3:8b:b9 (ED25519) 80/tcp open http Apache httpd 2.4.62 ((Debian)) |_http-server-header: Apache/2.4.62 (Debian) |_http-title: PHPJabbers.com | Free Food Store Website Template MAC Address: 00:0C:29:0A:FF:81 (VMware) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel ParamScan 访问80端口，在网页注释中发现存在GET参数 ...

HackMyVm-easypwn

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali ❯ nmap 192.168.56.105 -sV -A -Pn -T4 -p- Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-03 14:36 CST Nmap scan report for 192.168.56.105 Host is up (0.00024s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0) | ssh-hostkey: | 2048 93:a4:92:55:72:2b:9b:4a:52:66:5c:af:a9:83:3c:fd (RSA) | 256 1e:a7:44:0b:2c:1b:0d:77:83:df:1d:9f:0e:30:08:4d (ECDSA) |_ 256 d0:fa:9d:76:77:42:6f:91:d3:bd:b5:44:72:a7:c9:71 (ED25519) 80/tcp open http Apache httpd 2.4.59 ((Debian)) |_http-title: Don't Hack Me |_http-server-header: Apache/2.4.59 (Debian) 6666/tcp open irc? | fingerprint-strings: | Help, Socks4, Socks5: | Hackers, get out of my machine | beast2: |_ start: 11 |_irc-info: Unable to open connection 6666端口只能用nc连接，进入80端口发现需要扫描目录 ...

HackMyVm-DC02

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali ❯ nmap 192.168.56.126 -sV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-02 18:44 CST Nmap scan report for 192.168.56.126 Host is up (0.00028s latency). Not shown: 989 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-03-02 23:47:04Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped MAC Address: 08:00:27:4E:CF:21 (Oracle VirtualBox virtual NIC) Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.84 seconds 把SOUPEDECODE.LOCAL、DC01.SOUPEDECODE.LOCAL添加到**/etc/hosts** ...

HackMyVM-DC03

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali/Desktop ❯ nmap 192.168.56.103 -sSV -Pn -A -T4 PORT STATE SERVICE VERSION 53/tcp open domain? 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-03-02 03:01:34Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped MAC Address: 08:00:27:46:72:D1 (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2022|11|2016 (97%) OS CPE: cpe:/o:microsoft:windows_server_2016 Aggressive OS guesses: Microsoft Windows Server 2022 (97%), Microsoft Windows 11 21H2 (91%), Microsoft Windows Server 2016 (91%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required |_clock-skew: 14h59m36s | smb2-time: | date: 2025-03-02T03:03:53 |_ start_date: N/A |_nbstat: NetBIOS name: DC01, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:46:72:d1 (Oracle VirtualBox virtual NIC) 把DC01.SOUPEDECODE.LOCAL添加到**/etc/hosts** ...