MikannseのSekai

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描sudo nmap --min-rate 10000 -p- 192.168.162.147 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-09 11:24 CSTNmap scan report for 192.168.162.147Host is up (0.00046s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http3306/tcp open mysqlMAC Address: 00:0C:29:2C:C9:48 (VMware) sudo nmap -sT -sV -sC -O -p22,80,3306 192.168.162.147 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-09 11:25 CSTNmap ...

目标复现CVE-2016-4437shiro反序列化漏洞 环境搭建在centos的虚拟机中使用docker搭建vulhub,下载，然后unzip https://github.com/vulhub/vulhub/archive/master.zip cd vulhub-master/shiro/CVE-2016-4437 sudo docker compose up -d 复现端口默认开设在8080,浏览器中访问http://ip:8080 有一个登录框，登陆抓包,发送到repeater将Cookie改为 remember Me=1发包之后如果响应包中有rememberMe=deleteMe，则可以确认网站时apache shiro搭建的 https://pan.baidu.com/s/1kvQEMrMP-PZ4K1eGwAP0_Q?pwd=zbgp 利用shiroattack自动化工具。记住要在命令行里打开，右键打开会出一些问题。输入URL，爆破密码，利用链。如果没问题，就可以命令执行了。

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描sudo nmap --min-rate 10000 -p- 192.168.162.146 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-08 21:26 CSTNmap scan report for 192.168.162.146Host is up (0.00055s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE21/tcp open ftp80/tcp open httpMAC Address: 00:0C:29:92:2A:A9 (VMware) sudo nmap -sT -sV -sC -O -p21,80 192.168.162.146Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-08 21:26 CSTNmap scan report for 192.168.162.146Ho ...

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描sudo nmap --min-rate 10000 -p- 192.168.162.144 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-05 21:04 CSTNmap scan report for 192.168.162.144Host is up (0.00079s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE1337/tcp open waste3306/tcp open mysqlMAC Address: 00:0C:29:7C:45:00 (VMware) sudo nmap -sT -sV -sC -O -p1337,3306 192.168.162.144 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-05 21:04 CSTNmap scan report for 1 ...

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描sudo nmap --min-rate 10000 -p- 192.168.162.143 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-03 21:51 CSTNmap scan report for 192.168.162.143Host is up (0.00060s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 00:0C:29:39:48:43 (VMware) sudo nmap -sT -sV -sC -O -p22,80 192.168.162.143 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-03 21:52 CSTNmap scan report for 192.168.16 ...

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描sudo nmap --min-rate 10000 -p- 192.168.162.142 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-01 16:56 CSTNmap scan report for 192.168.162.142Host is up (0.00050s latency).Not shown: 65531 closed tcp ports (reset)PORT STATE SERVICE21/tcp open ftp80/tcp open http2211/tcp open emwin8888/tcp open sun-answerbookMAC Address: 00:0C:29:03:AB:DC (VMware) sudo nmap -sT -sV -sC -O -p21,80,2211,8888 192.168.162.142Starting Nmap 7.94 ( https://nmap.or ...

安装docker-compose sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose mkdir gzctf && cd gzctf 根据 https://docs.ctf.gzti.me/quick-start 创建appsettings.json和docker-compose.yml 管理员账户密码要大于6位数 docker-compose.yml删掉ks8那行 { "AllowedHosts": "*", "ConnectionStrings": { "Database": "Host=db:54 ...

说明本文讲的是利用linux云服务器安装Mcsmanager面板，并利用docker来运行1.20.1纯净版少量玩家的服务器。 前提准备一台云服务器选购服务器，我选的是6h8g8mbps的centos7服务器 在云服务器管理界面开放23333,24444,25565三个端口的入口安全组 一个MC服务端核心我选择的是paper服务端，相对来说适合普通配置的服务器 https://papermc.io/downloads/paper 安装我是在/root目录下安装mcmanager，一个方便管理和应用MC服务器的Web应用 sudo wget -qO- https://gitee.com/mcsmanager/script/raw/master/setup_cn.sh | bash 因为我是选择安装在虚拟化容器中，所以安装docker curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun 换源 yum install vim && vim /etc/docker/daemon.json 添 ...

现在在前往学校的列车上记下这篇八月杂谈。作为个人认为2023年的夏天尾巴的八月，也终于要结束了吗。这个月比起上个月更加丰富，比起上个月除了日复一日的学车还有每天几乎一模一样的作息，还增加了许多不同的元素。虽然开始看了安德烈纪德的《人间食粮》，但是没能看完呢。网安的学习开始脱离thm整了一些，进度开始放慢下来来研究一些别的东西。然后就是重新开始学习吉他编曲，对这门乐器又有了更深的理解，虽然还是没能在这个暑假把一首歌编完，但是对于编曲的理解也是一直在变化，争取这个学期编完（）。说回《人间食粮》，这个暑假甚至对整个人生的理解也有所改变呢，对于人生的“瞬间”与“整体”。总之，新学期，请多指教！

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描 sudo nmap -sT -sV -sC -O -p22,80 192.168.162.132Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-23 12:30 CSTNmap scan report for 192.168.162.132 (192.168.162.132)Host is up (0.00048s latency). PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:| 3072 57:b1:f5:64:28:98:91:51:6d:70:76:6e:a5:52:43:5d (RSA)| 256 cc:64:fd:7c:d8:5e:48:8a:28:98:91:b9:e4:1e:6d:a8 (ECDSA)|_ 256 9e:77:0 ...

端口扫描 sudo nmap -sT -sV -sC -O -p80,3389 10.10.40.131 -PnStarting Nmap 7.94 ( https://nmap.org ) at 2023-08-18 20:38 CSTNmap scan report for 10.10.40.131 (10.10.40.131)Host is up (0.28s latency).PORT STATE SERVICE VERSION80/tcp open http Microsoft IIS httpd 10.0|_http-server-header: Microsoft-IIS/10.0|_http-title: IIS Windows Server| http-methods: |_ Potentially risky methods: TRACE3389/tcp open ms-wbt-server Microsoft Terminal Services| rdp-ntlm-info: | Target_Name: RET ...

主机发现sudo nmap -sn 192.168.162.0/24 端口扫描 Web 每个目录都看一下,dashboard.html页面可以文件上传，并且调用了main.js文件，可以看一下上传逻辑源码 随便传张图片提示没有被上传，看main.js也分析不出什么东西，也许上传逻辑在ajax.php中而不在main.js。看了下WP，原来还有个ajax.php.bak的备份文件可以被目录爆破出来。下载.bak文件，大致的意思是我们要有管理员的cookie的话就可以上传php文件了否则只能上传txt，还需要有一个值为val1d(不是valid啊)的secure的表单字段，并且上传成功会返回1。试着上传一个php反弹shell。 Getshell先用python生成大写字母的字典 import string# 生成包含A-Z大写字母的字典，并每个字母之间换行dictionary = '\n'.join(string.ascii_uppercase)# 将字典保存到文件with open("dictionary.txt", "w") as file: file.write(dict ...