Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali ❯ nmap Chemistry.htb -sS -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-17 20:11 CST Nmap scan report for Chemistry.htb (10.10.11.38) Host is up (0.10s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 5000/tcp open upnp Nmap done: 1 IP address (1 host up) scanned in 1.78 seconds 开放端口:22、5000 ...
Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Heal ❯ nmap -sSCV -Pn heal.htb Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-15 17:29 CST Nmap scan report for heal.htb (10.10.11.46) Host is up (0.085s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 68:af:80:86:6e:61:7e:bf:0b:ea:10:52:d7:7a:94:3d (ECDSA) |_ 256 52:f4:8d:f1:c7:85:b6:6f:c6:5f:b2:db:a6:17:68:ae (ED25519) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-title: Heal |_http-server-header: nginx/1.18.0 (Ubuntu) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.40 seconds 开放端口:22、80 ...
Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali ❯ nmap -sSCV -Pn LinkVortex.htb Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-08 21:44 CST Nmap scan report for LinkVortex.htb (10.10.11.47) Host is up (0.088s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 3e:f8:b9:68:c8:eb:57:0f:cb:0b:47:b9:86:50:83:eb (ECDSA) |_ 256 a2:ea:6e:e1:b6:d7:e7:c5:86:69:ce:ba:05:9e:38:13 (ED25519) 80/tcp open http Apache httpd |_http-server-header: Apache | http-title: BitByBit Hardware |_Requested resource was http://linkvortex.htb/ | http-robots.txt: 4 disallowed entries |_/ghost/ /p/ /email/ /r/ |_http-generator: Ghost 5.58 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 20.62 seconds Subdomain Fuzz [root@kali] /home/kali/LinkVortex ❯ ffuf -u http://linkvortex.htb/ -w ./fuzzDicts/subdomainDicts/main.txt -H "Host:FUZZ.linkvortex.htb" -mc 200 ⏎ /'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ \ \_\ \ \_\ \ \____/ \ \_\ \/_/ \/_/ \/___/ \/_/ v2.1.0-dev ________________________________________________ :: Method : GET :: URL : http://linkvortex.htb/ :: Wordlist : FUZZ: /home/kali/LinkVortex/fuzzDicts/subdomainDicts/main.txt :: Header : Host: FUZZ.linkvortex.htb :: Follow redirects : false :: Calibration : false :: Timeout : 10 :: Threads : 40 :: Matcher : Response status: 200 ________________________________________________ dev [Status: 200, Size: 2538, Words: 670, Lines: 116, Duration: 73ms] :: Progress: [167378/167378] :: Job [1/1] :: 500 req/sec :: Duration: [0:05:55] :: Errors: 46 :: 发现存在:dev.linkvortex.htb,添加到/etc/hosts ...
Box Info OS Linux Difficulty Easy Nmap Scan nmap alert.htb -sC -sV -T4 -Pn 开放端口:22、80,httpserver是Apache 进入80端口的网页,发现存在Markdown文件上传 ...
Box Info OS Linux Difficulty Medium Git Hack 我在trickster的主域名发现了一个shop的子域名网站 这个shop看起来像是使用PrestaShop搭建,我搜索了一下相关的漏洞,无法直接使用 ...
Box Info OS Linux Difficulty Easy Nmap Scan 开放端口:22、80 并且注意到80端口上有一个重定向,添加到/etc/hosts Register 注意到有/login路由,使用简单的密码组合登陆失败,猜测存在/register路由 ...
Box Info OS Linux Difficulty Hard Nmap Scan 开放端口:22、80、8080 caption.htb:80👇是一个登陆界面 caption.htb:8080👇注意到是一个Gitbucket的服务 ...
Box Info OS Linux Difficulty Easy Basic Scan Nmap Dirsearch 找到一些敏感文件 进入login.php,发现pluck的版本是4.7.18 CVE-2023-50564 查询相关漏洞之后,发现RCE需要先上传文件。 ...
Box Info OS Linux Difficulty Medium Basic Scan Nmap nmap -A -O monitorsthree.htb 开放端口:22、80、8084 Web server:nginx 1.18.0 Dirsearch dirsearch -u monitorsthree.htb -t 50 发现:login.php Subdomain Fuzzing ffuf -w main.txt -u http://monitorsthree.htb -H "Host:FUZZ.monitorsthree.htb" -ac ...
Box Info OS Linux Difficulty Medium Basic Scan Nmap nmap -A -O blurry.htb 开放端口:22、80 Web Server:nginx 1.18.0 Dirsearch Subdomain Fuzzing 子域名:app、files、chat app.blurry.htb👇 ...