Linux

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/dance-samba ❯ nmap 172.17.0.2 -sV -A PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.5 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r-- 1 0 0 69 Aug 19 2024 nota.txt | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:172.17.0.1 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 2 | vsFTPd 3.0.5 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 a2:4e:66:7d:e5:2e:cf:df:54:39:b2:08:a9:97:79:21 (ECDSA) |_ 256 92:bf:d3:b8:20:ac:76:08:5b:93:d7:69:ef:e7:59:e1 (ED25519) 139/tcp open netbios-ssn Samba smbd 4.6.2 445/tcp open netbios-ssn Samba smbd 4.6.2 MAC Address: 02:42:AC:11:00:02 (Unknown) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel Host script results: | smb2-time: | date: 2025-02-21T12:45:31 |_ start_date: N/A | smb2-security-mode: | 3:1:1: |_ Message signing enabled but not required TRACEROUTE HOP RTT ADDRESS 1 0.11 ms 172.17.0.2 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 22.37 seconds enum4linux ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Memesploit ❯ nmap 172.17.0.2 -sV Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-21 19:06 CST Nmap scan report for 172.17.0.2 Host is up (0.0000080s latency). Not shown: 996 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) 139/tcp open netbios-ssn Samba smbd 4.6.2 445/tcp open netbios-ssn Samba smbd 4.6.2 MAC Address: 02:42:AC:11:00:02 (Unknown) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.42 seconds SMB [root@kali] /home/kali/Memesploit ❯ smbclient -L //172.17.0.2/ ⏎ Password for [WORKGROUP\root]: Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers share_memehydra Disk IPC$ IPC IPC Service (c9584cd8853e server (Samba, Ubuntu)) Reconnecting with SMB1 for workgroup listing. smbXcli_negprot_smb1_done: No compatible protocol selected by server. Protocol negotiation to server 172.17.0.2 (for a protocol between LANMAN1 and NT1) failed: NT_STATUS_INVALID_NETWORK_RESPONSE Unable to connect with SMB1 -- no workgroup available 存在一个share_memehydra的目录，但是必须要密码才能登录。 ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali ❯ nmap 172.17.0.2 -sV Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-21 15:07 CST Nmap scan report for 172.17.0.2 Host is up (0.0000080s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.4 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.58 ((Ubuntu)) MAC Address: 02:42:AC:11:00:02 (Unknown) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.45 seconds Dirsearch [root@kali] /home/kali/Psycho ❯ dirsearch -u 172.17.0.2 -t 50 /usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html from pkg_resources import DistributionNotFound, VersionConflict _|. _ _ _ _ _ _|_ v0.4.3 (_||| _) (/_(_|| (_| ) Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 50 | Wordlist size: 11460 Output File: /home/kali/Psycho/reports/_172.17.0.2/_25-02-21_15-09-17.txt Target: http://172.17.0.2/ [15:09:17] Starting: [15:09:18] 403 - 275B - /.ht_wsr.txt [15:09:18] 403 - 275B - /.htaccess.bak1 [15:09:18] 403 - 275B - /.htaccess.orig [15:09:18] 403 - 275B - /.htaccess.sample [15:09:18] 403 - 275B - /.htaccess.save [15:09:18] 403 - 275B - /.htaccess_extra [15:09:18] 403 - 275B - /.htaccess_sc [15:09:18] 403 - 275B - /.htaccessOLD [15:09:18] 403 - 275B - /.htaccessOLD2 [15:09:18] 403 - 275B - /.htm [15:09:18] 403 - 275B - /.html [15:09:18] 403 - 275B - /.htaccessBAK [15:09:18] 403 - 275B - /.htpasswds [15:09:18] 403 - 275B - /.httr-oauth [15:09:18] 403 - 275B - /.htpasswd_test [15:09:18] 403 - 275B - /.php [15:09:21] 403 - 275B - /.htaccess_orig [15:09:24] 301 - 309B - /assets -> http://172.17.0.2/assets/ [15:09:24] 200 - 458B - /assets/ [15:09:38] 403 - 275B - /server-status [15:09:38] 403 - 275B - /server-status/ Task Completed 在网页源码底部发现了一个ERROR，意味着是不是他的调用方式有什么问题？或者什么参数有问题？ ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/Titanic ❯ nmap titanic.htb -sV -T4 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.52 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel ReadAnyFiles 进入titanic.htb，点击Book Now，使用burpsuite进行抓包发现一个download路由 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali ❯ nmap cat.htb PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Dirsearch 存在git泄露 用git-dumper获取到源码 [root@kali] /home/kali/Cat ❯ git-dumper http://cat.htb/.git/ ./catgit XSS 在view_cat.php中发现存在XSS的可能性 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Backfire ❯ nmap backfire.htb -sV -Pn -T4 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u4 (protocol 2.0) 443/tcp open ssl/http nginx 1.22.1 5000/tcp filtered upnp 8000/tcp open http nginx 1.22.1 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 访问backfire.htb:8000可以得到两个文件 ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/Headless ❯ nmap headless.htb Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 5000/tcp open upnp 进入5000端口查看，自动跳转到一个support路由 Dirsearch [root@kali] /home/kali/Headless ❯ dirsearch -u headless.htb:5000 Target: http://headless.htb:5000/ Starting: 401 - 317B - /dashboard 200 - 2KB - /support Task Completed 进入dashboard，发现需要身份认证 ...

Box Info OS Linux Difficulty Hard Nmap [root@kali] /home/kali/Yummy ❯ nmap yummy.htb -sSCV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-23 16:55 CST Nmap scan report for yummy.htb (10.10.11.36) Host is up (0.095s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 a2:ed:65:77:e9:c4:2f:13:49:19:b0:b8:09:eb:56:36 (ECDSA) |_ 256 bc:df:25:35:5c:97:24:f2:69:b4:ce:60:17:50:3c:f0 (ED25519) 80/tcp open http Caddy httpd |_http-title: Yummy |_http-server-header: Caddy Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.45 seconds 开放端口：22、80 ...

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/UnderPass ❯ nmap underpass.htb -sSCV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-22 11:26 CST Nmap scan report for underpass.htb (10.10.11.48) Host is up (0.12s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 48:b0:d2:c7:29:26:ae:3d:fb:b7:6b:0f:f5:4d:2a:ea (ECDSA) |_ 256 cb:61:64:b8:1b:1b:b5:ba:b8:45:86:c5:16:bb:e2:a2 (ED25519) 80/tcp open http Apache httpd 2.4.52 ((Ubuntu)) |_http-server-header: Apache/2.4.52 (Ubuntu) |_http-title: Apache2 Ubuntu Default Page: It works Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 22.04 seconds TCP开放端口：22、80 ...

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Instant ❯ nmap instant.htb -sSCV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-20 11:39 CST Nmap scan report for instant.htb (10.10.11.37) Host is up (0.097s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 31:83:eb:9f:15:f8:40:a5:04:9c:cb:3f:f6:ec:49:76 (ECDSA) |_ 256 6f:66:03:47:0e:8a:e0:03:97:67:5b:41:cf:e2:c7:c7 (ED25519) 80/tcp open http Apache httpd 2.4.58 |_http-title: Instant Wallet |_http-server-header: Apache/2.4.58 (Ubuntu) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.72 seconds 开放端口：22、80 ...