OVAS

靶场拓扑图 Nmap [root@Hacking] /home/kali/Desktop ❯ nmap 192.242.168.203 -A -p- PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 27:bb:30:76:e1:47:ab:24:f0:89:5a:05:10:66:e4:7e (RSA) | 256 ab:df:49:e1:14:43:b1:75:ad:2f:6f:61:37:eb:24:ac (ECDSA) |_ 256 58:ed:00:9a:e5:37:1b:e6:f5:6c:d5:a3:c7:f0:32:67 (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Laravel |_http-server-header: Apache/2.4.41 (Ubuntu) 65534/tcp open unknown | fingerprint-strings: | DNSStatusRequestTCP, DNSVersionBindReqTCP, FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NCP, NotesRPC, RPCCheck, RTSPRequest, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServer, TerminalServerCookie, WMSRequest, X11Probe, afp, giop, ms-sql-s, oracle-tns: |_ Auth decrypt failed Laravel 80端口开放了Laravel服务，并且网页底部有版本信息 用nuclei扫一下，扫出来了CVE-2021-3129可以直接RCE ...