This is Tike Map O_o , If you need to contact me, please find my contact information, a phone number, or an email, from the information leaked in the website article.
The journey is continuing......
Read more
HTB-Signed
之前打了没写,今天重新打一遍 有初始凭据 As is common in real life Windows penetration tests, you will start the Signed box with credentials for the following account which can be used to access the MSSQL service: scott / Sm230#C5NatH 域名解析 echo "10.10.11.90 signed.htb DC01.signed.htb" >
脚本小子指南--Nuclei一把梭
Nuclei 介绍 在https://github.com/projectdiscovery/nuclei 本质上是一个poc机,也就是根据yaml格式的模版配置,进行特定的自动化测试并检测回显等来判断是否存在漏洞 其本身自带的模版库就很优秀了https://github.com/projectdiscovery/nuclei-templates 无需自己准备 操作 参数介绍 nuclei -update //更新工具 nuclei -ut //更新模版 nuclei -target 指定目标(url/域名/ip段) nuclei -l 指定目标文件,url或者域名 实用参数 -t 运行指定的模版或模版目录(可以跟多个-t参数) -stats 实时统计 -s 根据严重程度选择模版(info,low,medium,high,critical) -debug 显示所有请求和响应(适合调试测试自定义模版的时候,
HTB-MonitorsFour
写host echo "10.10.11.98 monitorsfour.htb DC01.monitorsfour.htb" >> /etc/hosts; Nmap 80端口一个网站,不是什么主流框架 Dirsearch 有一个.env泄露 DB_HOST=mariadb DB_PORT=3306 DB_NAME=monitorsfour_db DB_USER=monitorsdbuser DB_PASS=f37p2j8f4t0r 不过3306端口没有开在外网 里面的contact有一个报错 user有信息 这里尝试一下传一下token参数,GET传参时发现字母或者除0以外的数字都没反应 传0的时候回显出了信息 [{"id":2,"
HTB-Eighteen
原始凭据 As is common in real life Windows penetration tests, you will start the Eighteen box with credentials for the following account: kevin / iNa2we6haRj2gaw! 设置域名解析 echo "10.10.11.95 eighteen.htb DC01.eighteen.htb" >> /etc/hosts Nmap 扫描发现有80端口和1443端口(Mssql) Mssql 给的凭据是Mssql的,80 web端测试后发现没东西呀,后台也登不上。先看看mssql,