MikannseのSekai

所渗透的靶机IP为192.168.56.114 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.114Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-16 02:41 UTCNmap scan report for 192.168.56.114 (192.168.56.114)Host is up (0.00036s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:E7:9A:3C (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 3.03 seconds sudo nmap -sT -sV -sC -O -p22,80 192.168.56.114 Starting Nmap ...

所渗透的靶机IP为192.168.56.113 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.113 Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-15 03:38 UTCNmap scan report for 192.168.56.113 (192.168.56.113)Host is up (0.00012s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:5E:81:8A (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 2.94 seconds sudo nmap -sT -sV -sC -O -p21,22,80 192.168 ...

所渗透的靶机IP为192.168.56.112 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.112 Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-13 13:08 UTCNmap scan report for 192.168.56.112 (192.168.56.112)Host is up (0.00011s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE21/tcp open ftp1337/tcp open wasteMAC Address: 08:00:27:87:E1:35 (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 2.88 seconds sudo nmap -sT -sV -sC -O -p21,1337 192.168.56.112 ...

所渗透的靶机IP是192.168.56.111 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.111Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-12 03:05 UTCNmap scan report for 192.168.56.111 (192.168.56.111)Host is up (0.00040s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http3000/tcp open pppMAC Address: 08:00:27:4E:6A:BE (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 3.03 seconds sudo nmap -sT -sV -sC -O -p22,80,3000 192 ...

所渗透的靶机IP为192.168.56.108 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.108Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-09 13:20 UTCNmap scan report for 192.168.56.108 (192.168.56.108)Host is up (0.00013s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh8000/tcp open http-altMAC Address: 08:00:27:28:71:8F (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 2.68 seconds sudo nmap -sT -sV -sC -O -p22,8000 192.168.56.108Starti ...

所渗透的靶机IP为192.168.56.106 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.106Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-06 06:32 UTCNmap scan report for 192.168.56.106 (192.168.56.106)Host is up (0.00029s latency).Not shown: 65529 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh25/tcp open smtp80/tcp open http110/tcp open pop3119/tcp open nntp995/tcp open pop3sMAC Address: 08:00:27:18:54:B8 (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 2.5 ...

所渗透的靶机IP为192.168.56.105 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.105[sudo] mikannse 的密码：Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-05 09:33 UTCNmap scan report for 192.168.56.105 (192.168.56.105)Host is up (0.00012s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http3260/tcp open iscsiMAC Address: 08:00:27:FA:75:8C (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 3.30 seconds sudo nmap -sT -sV - ...

所渗透的靶机是192.168.56.104 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.104[sudo] mikannse 的密码：Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-04 04:12 UTCNmap scan report for 192.168.56.104 (192.168.56.104)Host is up (0.00010s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:49:23:DF (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 3.12 seconds sudo nmap -sT -sV -sC -O -p22,80 192.168.56.104 ...

主机发现所渗透的主机是192.168.56.103 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.103Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-03 04:52 UTCNmap scan report for 192.168.56.103 (192.168.56.103)Host is up (0.00037s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:1D:38:66 (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 2.41 seconds sudo nmap -sT -sV -sC -O -p22,80 192.168.56.103 ...

主机发现sudo nmap -sn 192.168.56.0/24 192.168.56.101是靶机IP 端口扫描sudo nmap --min-rate 10000 -p- 192.168.56.101Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-02 07:22 UTCNmap scan report for 192.168.56.101 (192.168.56.101)Host is up (0.00013s latency).Not shown: 65532 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http8888/tcp open sun-answerbookMAC Address: 08:00:27:A2:36:11 (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 4.50 seconds ...

24年的第一个月啊。前半段时间总之是在复习期末考，也是非常无聊。放假之后就是一直开摆吧，这才叫假期啊，非常巴适。网安的东西也是一个月没碰了233

前言在内网渗透中经常遇到在需要利用已经拿到权限的机器来进行内网穿透来访问内网中的其他机器。于是本文用于整理和学习自己之前常用的一些方式。 先从8080端口入手，是一个shiro框架，可以用shiroattack直接一把梭拿到权限再做一个反弹shell 所用机器： VPS，并且在上面安装了msf与搭建了靶场 kali 演示靶机采用 https://github.com/CTF-Archives/Puff-Pastry 8080是开设在外网的shiroWeb框架 在内网的8081开设了thinkphp服务 详细网络拓扑见github项目 反向SSH如果能拿到ssh登录权限的话 ssh -L target-port:localhost:port1 user@ip -L参数指定目标机器上需要进行流量转发的端口转发到本机的port1 SOCAT需要在靶机上存在socat sudo socat tcp-listen:target-port,reuseaddr,fork tcp:127.0.0.1:port1 target-port:对外开放的端口，可用于代理 port1:需要转发的端口 ./s ...