MikannseのSekai

Task1打开access.log 根据User-agent都能找到，但是格式有点奇葩 nmap, hydra, sqlmap, curl, and feroxbuster /rest/user/login端点被hydra疯狂爆破 /rest/products/search被sqlmap攻击，参数是q /ftp端点允许下载服务器上的网站备份文件 Task2product reviews 产品评价 直接搜索”POST /rest/user/login HTTP/1.0” 200” Yay,11/Apr/2021:09:16:31 +0000 直接查看最后一条sql攻击，email password(没有id) 查看ftp协议，www-data.bak coupons_2013.md.bak 查看vsftpd.log ftp,anonymous 查看auth.log ssh,www-data 碎碎念没啥好说的

TASK1打开流量包，发现了一堆TCP和FTP协议的流量，所以是攻击的是FTP服务 爆破工具，所以是hydra 跟踪TCP流，用户名是jenny 筛选出ftp协议，并且找到显示登陆成功的那个响应，找到密码是password123 同样能找到工作目录是/var/www/html 后门服务是shell.php “ftp-data” 是指FTP（文件传输协议）数据通道上的数据包。FTP协议通常使用两个通道进行通信：命令通道（control channel）和数据通道（data channel）。命令通道用于发送控制命令，而数据通道用于传输实际的文件数据。 “ftp-data” 数据包是在数据通道上传输的文件数据的捕获。 筛选ftp-data协议，可以找到上传的php的webshell，可以找到 http://pentestmonkey.net/tools/php-reverse-shell (非常著名的pentestmonkey) 跟踪GETshell.php之后的TCP流，第一个命令执行的是whoami 主机名是wir3，在shell中每一行开头就是 python3 -c ‘import ...

端口扫描nmap --min-rate=10000 -p- 10.10.148.95Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-17 02:42 UTCNmap scan report for ip-10-10-148-95.eu-west-1.compute.internal (10.10.148.95)Host is up (0.0030s latency).Not shown: 65533 filtered tcp ports (no-response)PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 02:38:DE:53:EB:89 (Unknown)Nmap done: 1 IP address (1 host up) scanned in 13.40 seconds nmap -sT -sV -sC -O -p22,80 10.10.148.95Starting Nmap 7.93 ( https://nmap.org ) at 2 ...

端口扫描nmap --min-rate=10000 -p- 10.10.69.42Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-12 01:26 UTCNmap scan report for ip-10-10-69-42.eu-west-1.compute.internal (10.10.69.42)Host is up (0.0046s latency).Not shown: 65513 filtered tcp ports (no-response), 19 filtered tcp ports (admin-prohibited)PORT STATE SERVICE22/tcp open ssh8080/tcp open http-proxyMAC Address: 02:48:8D:30:46:3B (Unknown)Nmap done: 1 IP address (1 host up) scanned in 13.40 seconds nmap -sT -sC -sV -O -p22,8080 ...

主机发现nmap -sn 10.200.130.0/24 Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-11 05:05 UTCNmap scan report for ip-10-200-130-10.eu-west-1.compute.internal (10.200.130.10)Host is up (0.0015s latency).Nmap scan report for ip-10-200-130-101.eu-west-1.compute.internal (10.200.130.101)Host is up (0.0046s latency).Nmap scan report for ip-10-200-130-102.eu-west-1.compute.internal (10.200.130.102)Host is up (0.0046s latency).Nmap scan report for ip-10-200-130-103.eu-west-1.compute.intern ...

端口扫描nmap --min-rate=10000 -p- 10.10.150.223Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-09 10:27 UTCNmap scan report for ip-10-10-150-223.eu-west-1.compute.internal (10.10.150.223)Host is up (0.0025s latency).Not shown: 65531 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind36473/tcp open unknownMAC Address: 02:04:33:21:A6:4F (Unknown)Nmap done: 1 IP address (1 host up) scanned in 3.84 seconds nmap -sT -sC -sV -O -p22,80,111,364 ...

端口扫描nmap --min-rate=10000 -p- 10.10.194.47Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-07 12:14 UTCNmap scan report for ip-10-10-194-47.eu-west-1.compute.internal (10.10.194.47)Host is up (0.027s latency).Not shown: 65529 closed tcp ports (reset)PORT STATE SERVICE7/tcp open echo21/tcp open ftp22/tcp open ssh23/tcp open telnet80/tcp open http61337/tcp open unknownMAC Address: 02:0A:D4:98:3C:7F (Unknown)Nmap done: 1 IP address (1 host up) scanned in 7.35 seconds n ...

形容词一二类形容词一类形容词以“い”结尾的形容词，谓语后面要加“です” 否定形式: 将词尾的“い”变成”く“再加上”ないです”或“ありません” 作谓语的过去式: 将词尾的”い”变成”かった”再加上”です”。 过去式否定形式： 把词尾的”い”变成”くなかったです”或者”くありませんでした” 二类形容词二类形容词是不以”い”结尾的形容词。做谓语时要在后面加上”です”。过去式是”でした” て形一类形容词是将词尾的”い”变为”くて” 二类形容词直接后面加”で” なりますなります表示性质或状态的变化 一类形将词尾”い”变成”く”再加なります 暖かい→暖かくなります 二类形二类型/名词后直接加上になります 动词三类动词动词的”ます”形去掉”ます“ 一类动词：最后一个音位于”い”段的动词绝大部分 二类动词：最后一个音位于”え”段的动词 三类动词：“来ます”，“します”，”勉強します“，”卒業します“等使用”します“的动词 基本形一类： 去掉ます、い段变う段 二类： 去掉ます加上る 三类 来る、する 句式表示能力名词（人）动词基本形＋ことができます スミスさんはピアノを弾くことができます 表示一个动词 ...

端口扫描nmap --min-rate=10000 -p- 10.10.156.65Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-05 13:59 UTCNmap scan report for ip-10-10-156-65.eu-west-1.compute.internal (10.10.156.65)Host is up (0.0060s latency).Not shown: 65530 closed tcp ports (reset)PORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http5900/tcp open vnc8890/tcp open ddi-tcp-3MAC Address: 02:5B:3A:A9:84:27 (Unknown)Nmap done: 1 IP address (1 host up) scanned in 3.44 seconds nmap -sT -sV -sC -O -p21,22 ...

11月也是非常快速地就过去了。毕竟一半时间都被该死地军训给占了，也是非常的累非常浪费时间，不过也许以后回忆起来还是会比较怀念的吧。不过在那期间也是好好地在HTB学了些缓冲区溢出还有一些别的，HTB还是非常详细的。然后这个月也是沉迷于键政，也算是极大的开拓了视野吧，非常有趣(bushi。然后月末也就是在准备半期考。不得不说python黑帽子那本书写的真不错！

端口扫描nmap --min-rate=10000 -p- 10.10.212.161Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-05 03:27 UTCNmap scan report for ip-10-10-212-161.eu-west-1.compute.internal (10.10.212.161)Host is up (0.0044s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE21/tcp open ftp22/tcp open sshMAC Address: 02:77:28:55:D0:B3 (Unknown)Nmap done: 1 IP address (1 host up) scanned in 3.46 seconds nmap -sT -sV -sC -O -p21,22 10.10.212.161Starting Nmap 7.93 ( https://nmap.org ) at 2023-12 ...

端口扫描sudo nmap --min-rate 10000 -p- 10.10.201.190Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-04 03:43 UTCNmap scan report for 10.10.201.190Host is up (0.38s latency).Not shown: 65529 filtered tcp ports (no-response)PORT STATE SERVICE22/tcp open ssh80/tcp open http139/tcp open netbios-ssn445/tcp open microsoft-ds3000/tcp open ppp5000/tcp open upnpNmap done: 1 IP address (1 host up) scanned in 22.91 seconds sudo nmap -sT -sV -sC -O -p22,80,139,445,3000,5000 10.10.201.190 ...