MikannseのSekai

端口扫描┌──(mikannse㉿kali)-[~/HTB/mantis]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.52Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-26 20:24 CSTWarning: 10.10.10.52 giving up on port because retransmission cap hit (10).Nmap scan report for 10.10.10.52Host is up (0.078s latency).Not shown: 65463 closed tcp ports (reset), 45 filtered tcp ports (no-response)PORT STATE SERVICE53/tcp open domain88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open l ...

端口扫描┌──(mikannse㉿kali)-[~/HTB/silo]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.82Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-25 10:15 CSTNmap scan report for 10.10.10.82Host is up (0.065s latency).Not shown: 65520 closed tcp ports (reset)PORT STATE SERVICE80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1521/tcp open oracle5985/tcp open wsman47001/tcp open winrm49152/tcp open unknown49153/tcp open unknown49154/tcp open unknown ...

端口扫描┌──(mikannse㉿kali)-[~/HTB/CrimeStoppers]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.80Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-22 23:21 CSTNmap scan report for 10.10.10.80Host is up (0.082s latency).Not shown: 65521 filtered tcp ports (no-response), 13 filtered tcp ports (host-prohibited)PORT STATE SERVICE80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 13.49 seconds ┌──(mikannse㉿kali)-[~/HTB/CrimeStoppers]└─$ sudo nmap -sT -sC -sV -O -p80 10.10.10.80 Startin ...

端口扫描┌──(mikannse㉿kali)-[~/vulnhub/ica1]└─$ sudo nmap --min-rate=10000 -p- 192.168.56.136Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-22 15:32 CSTNmap scan report for 192.168.56.136Host is up (0.00063s latency).Not shown: 65531 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http3306/tcp open mysql33060/tcp open mysqlxMAC Address: 08:00:27:20:F6:7B (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 19.67 seconds ┌──(mikanns ...

192.168.56.134 端口扫描┌──(mikannse㉿kali)-[~/vulnhub/thales]└─$ sudo nmap --min-rate=10000 -p- 192.168.56.134Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-22 14:04 CSTNmap scan report for 192.168.56.134Host is up (0.00024s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh8080/tcp open http-proxyMAC Address: 08:00:27:33:F9:BE (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 21.09 seconds ┌──(mikannse㉿kali)-[~/vulnhub/thal ...

简介您会注意到，我们最近将许多关键服务器基础设施从 MSSP 的域 Forela.local 转移到 Northpole.local。我们实际上设法从 MSSP 购买了一些二手服务器，他们确认这些服务器和圣诞节一样安全！但事实似乎并非如此，圣诞节注定要失败，攻击者似乎像叮当作响的雪橇铃一样隐蔽，或者他们根本不想躲藏！！！！！！我们在所有 TinkerTech 工作站和服务器上都发现了格林奇的恶意字条！圣诞节似乎注定要失败。请帮助我们从实施这次恶意攻击的人那里恢复过来！请注意 - 这些 Sherlock 是按顺序构建的！ 给了一张提醒的纸条，一份由KAPE取证工具导出的数据，还有被加密后的可疑文件 使用hayabusa能够将事件目录导出成时间线.csv https://github.com/Yamato-Security/hayabusa PS D:\wangan\ctf\sherlock\hayabusa> .\hayabusa-2.17.0-win-x64.exe csv-timeline -d .\DC01.northpole.local-KAPE\uploads\auto\ ...

端口扫描┌──(mikannse㉿kali)-[~/HTB/sizzle]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.103 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-21 11:52 CSTNmap scan report for 10.10.10.103Host is up (0.16s latency).Not shown: 65507 filtered tcp ports (no-response)PORT STATE SERVICE21/tcp open ftp53/tcp open domain80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap443/tcp open https445/tcp open microsoft-d ...

端口扫描┌──(mikannse㉿kali)-[~/HTB/blackfield]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.192Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-19 22:57 CSTNmap scan report for 10.10.10.192Host is up (0.079s latency).Not shown: 65525 filtered tcp ports (no-response)PORT STATE SERVICE53/tcp open domain88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap445/tcp open microsoft-ds593/tcp open http-rpc-epmap3268/tcp open globalcatLDAP5985/tcp ...

介绍哦不！我们的 IT 管理员有点傻乎乎的，ByteSparkle 把他的 VPN 配置文件留在了我们精美的私人 S3 位置！这些卑鄙的攻击者可能已经获得了我们内部网络的访问权限。我们认为他们入侵了我们的一个 TinkerTech 工作站。我们的安全团队设法获取了您的内存转储 - 请对其进行分析并回答问题！圣诞老人正在等待……请注意 - 这些 Sherlock 是按顺序构建的！ 是一个内存镜像，但是vol2跑不出来，可能win的版本比较高，用vol3 ┌──(mikannse㉿kali)-[~/Desktop]└─$ vol3 -f ./santaclaus.bin windows.info<SNIP>Variable ValueKernel Base 0xf8055be18000DTB 0x1aa000Symbols file:///home/mikannse/tools/other/volatility3/volatility3/symbols/windows/ntkrnlmp.pdb/CA8E2F01B822EDE6357898BFBF8 ...

端口扫描┌──(mikannse㉿kali)-[~/HTB/celestial]└─$ sudo nmap --min-rate=10000 -p- 10.10.10.85Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-16 11:40 CSTNmap scan report for 10.10.10.85Host is up (0.074s latency).Not shown: 64359 closed tcp ports (reset), 1175 filtered tcp ports (no-response)PORT STATE SERVICE3000/tcp open pppNmap done: 1 IP address (1 host up) scanned in 12.83 seconds ┌──(mikannse㉿kali)-[~/HTB/celestial]└─$ sudo nmap -sT -sC -sV -O -p3000 10.10.10.85Starting Nmap 7.94SVN ( ...

端口扫描┌──(mikannse㉿kali)-[~]└─$ sudo nmap --min-rate=10000 -p- 192.168.56.118Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-15 19:07 CSTNmap scan report for jangow.hub (192.168.56.118)Host is up (0.00043s latency).Not shown: 65533 filtered tcp ports (no-response)PORT STATE SERVICE21/tcp open ftp80/tcp open httpMAC Address: 08:00:27:9F:53:41 (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 13.40 seconds ┌──(mikannse㉿kali)-[~]└─$ sudo nmap -sT -sC -sV -O -p21 ...

端口扫描┌──(mikannse㉿kali)-[~/vulnhub]└─$ sudo nmap --min-rate=10000 -p- 192.168.56.132Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-15 21:06 CSTNmap scan report for 192.168.56.132Host is up (0.0012s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:49:EE:4D (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 50.29 seconds ┌──(mikannse㉿kali)-[~/vulnhub]└─$ sudo nmap -sT -sC -sV -O -p22,80 19 ...