打靶记录(一三六)之HTBQuerier
端口扫描┌──(mikannse㉿kali)-[~]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.125Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-08 20:29 CSTWarning: 10.10.10.125 giving up on port because retransmission cap hit (10).Nmap scan report for 10.10.10.125Host is up (0.070s latency).Not shown: 64291 closed tcp ports (reset), 1230 filtered tcp ports (no-response)PORT STATE SERVICE135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1433/tcp open ms-sql-s5985/tcp open wsman ...
打靶记录(一三五)之HTBOctober
端口扫描┌──(mikannse㉿kali)-[~]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.16 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-08 09:59 CSTNmap scan report for 10.10.10.16Host is up (0.067s latency).Not shown: 65533 filtered tcp ports (no-response)PORT STATE SERVICE22/tcp open ssh80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 13.57 seconds
┌──(mikannse㉿kali)-[~]└─$ sudo nmap -sT -sV -sC -O -p22,80 10.10.10.16Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-0 ...
打靶记录(一三四)之HTBGiddy
端口扫描┌──(mikannse㉿kali)-[~]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.104Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-07 21:49 CSTNmap scan report for 10.10.10.104Host is up (0.081s latency).Not shown: 65531 filtered tcp ports (no-response)PORT STATE SERVICE80/tcp open http443/tcp open https3389/tcp open ms-wbt-server5985/tcp open wsman
┌──(mikannse㉿kali)-[~]└─$ sudo nmap -sT -sV -sC -O -p80,443,3389,5985 10.10.10.104Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-07 2 ...
HTBmisc(2)
Locked Awaymain.py
def open_chest(): with open('flag.txt', 'r') as f: print(f.read())blacklist = [ 'import', 'os', 'sys', 'breakpoint', 'flag', 'txt', 'read', 'eval', 'exec', 'dir', 'print', 'subprocess', '[', ']', 'echo', 'cat', '>', '<', '"', '\'', 'open']while True: command = input('The chest lies waiting... ') if any(b in command for b in blacklist): print('Invalid command!') continue try: exec(command) except Exception: pri ...
HTBmisc(1)编程题
Computational Recruiting给了一个端口,可以先用nc连接上去拿到题目,提交答案可以得到flag
翻译后的题干:
您将获得一个包含 N = 200 个不同潜在候选人的文件。每个候选人都有 6 种不同的技能,每个技能的得分为 1 <= s <= 10。 计算其总体价值的公式为:
_score = round(6 * (int(s) * _weight)) + 10 overall_value = round(5 * ((health * 0.18) + (agility * 0.20) + (charisma * 0.21) + (knowledge * 0.08) + (energy * 0.17) + (resourcefulness * 0.16)))
注意:这里的 round() 函数是 Python 3 的 round(),它使用了一个称为 Banker’s Rounding 的概念 6 项技能的权重为:
health_weight = 0.2、agility_weight = 0.3、charisma_weight = 0.1、knowled ...
打靶记录(一三三)之HTBCanape
端口扫描┌──(mikannse㉿kali)-[~/HTB/canape]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.70Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-05 19:53 CSTNmap scan report for canape.htb (10.10.10.70)Host is up (0.073s latency).Not shown: 65533 filtered tcp ports (no-response)PORT STATE SERVICE80/tcp open http65535/tcp open unknownNmap done: 1 IP address (1 host up) scanned in 13.47 seconds
┌──(mikannse㉿kali)-[~/HTB/canape]└─$ sudo nmap -sT -sV -sC -O -p80,65535 10.10.10.70 Starting Nmap ...
打靶记录(一三二)之HTBCraft
端口扫描┌──(mikannse㉿kali)-[~/HTB/craft]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.110Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-05 11:19 CSTWarning: 10.10.10.110 giving up on port because retransmission cap hit (10).Nmap scan report for 10.10.10.110Host is up (0.073s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh443/tcp open https6022/tcp open x11Nmap done: 1 IP address (1 host up) scanned in 10.23 seconds
┌──(mikannse㉿kali)-[~/HTB/craft]└ ...
打靶记录(一三一)之HTBEpsilon
端口扫描┌──(mikannse㉿kali)-[~/HTB/Epsilon]└─$ sudo nmap --min-rate=10000 -p- 10.10.11.134Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-04 23:25 CSTNmap scan report for 10.10.11.134Host is up (0.071s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http5000/tcp open upnpNmap done: 1 IP address (1 host up) scanned in 9.68 seconds
┌──(mikannse㉿kali)-[~/HTB/Epsilon]└─$ sudo nmap -sT -sV -sC -O -p80 22,80,5000 10.10.11.134Starting Nmap 7.9 ...
打靶记录(一三零)之HTBUnion
端口扫描┌──(mikannse㉿kali)-[~]└─$ sudo nmap --min-rate=10000 -p- 10.10.11.128Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-04 21:17 CSTNmap scan report for 10.10.11.128Host is up (0.075s latency).Not shown: 65534 filtered tcp ports (no-response)PORT STATE SERVICE80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 13.61 seconds
┌──(mikannse㉿kali)-[~]└─$ sudo nmap -sT -sV -sC -O -p80 10.10.11.128 [sudo] password for mikannse: Starting Nmap 7.94SVN ( https://nmap.org ) at 2024 ...
打靶记录(一二九)之HTBGobox
端口扫描┌──(mikannse㉿kali)-[~/HTB/gobox]└─$ sudo nmap --min-rate=10000 -p- 10.10.11.113Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-04 14:57 CSTNmap scan report for 10.10.11.113Host is up (0.064s latency).Not shown: 65528 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http4566/tcp open kwtc8080/tcp open http-proxy9000/tcp open cslistener9001/tcp open tor-orport9002/tcp filtered dynamidNmap done: 1 IP address (1 host up) scanned in 8.9 ...
打靶记录(一二八)之HTBBastion
端口扫描┌──(mikannse㉿kali)-[~/HTB/bastion]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.134 >nmap_result
┌──(mikannse㉿kali)-[~/HTB/bastion]└─$ cat nmap_result|grep open| awk -F'/' '{print $1}'|tr '\r\n' ','22,135,139,445,5985,47001,49664,49665,49666,49667,49668,49669,49670, ┌──(mikannse㉿kali)-[~/HTB/bastion]└─$ sudo nmap -sT -sV -sC -O -p22,135,139,445,5985,47001,49664,49665,49666,49667,49668,49669, ...
打靶记录(一二七)之HTBGoodGames
端口扫描┌──(mikannse㉿kali)-[~/HTB/goodgames]└─$ sudo nmap --min-rate=10000 -p- 10.10.11.130Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-03 23:30 CSTNmap scan report for 10.10.11.130Host is up (0.074s latency).Not shown: 65534 closed tcp ports (reset)PORT STATE SERVICE80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 8.51 seconds
┌──(mikannse㉿kali)-[~/HTB/goodgames]└─$ sudo nmap -sT -sV -sC -O -p80 10.10.11.130[sudo] password for mikannse: Starting Nmap 7.94SVN ( https://nma ...