collect message Host discovery nmap -sP 192.168.192.0/24 Port Scan nmap -A -p- 192.168.192.195 open port 22 80 111 42989 Access port 80 Directory traversal dirsearch -u http://192.168.192.195 Sensitive directories found /wp-login.php /vendor /wordpress /wordpress/wp-content/uploads/ Found flag1 http://192.168.192.195/vendor/PATH Because the site is built for WordPress, we use the wpscan tool to scan it. Scan users wpscan […]
Tag: raven
B2R Raven: 2-target drone penetration
B2R Raven: 2-target drone penetration Video reference: ajest:https://www.zhihu.com/zvideo/1547357583714775040?utm_id=0 Original reference: ajest: https://zhuanlan.zhihu.com/p/270343652 Article directory B2R Raven: 2-target drone penetration 1 Start the target machine and check that the network card for mac is 00:0C:29:C6:C5:8F 2 Display information: 3 Quickly scan all host information 4 The kernel information is not scanned, use nmap to continue scanning. […]
004-Raven2_vulnhub target drone whole process
004-Raven2:phpmailer + mysql-udf Article directory 004-Raven2:phpmailer + mysql-udf 1.nmap port scanning 2. Basic scanning of nmap vulnerability scripts 3.dirb basic directory scanning 4.wpscan basic information scanning 5.Vendor directory information collection 6.Metasploit seeks to exploit CVE-2016-10033 7. Establish an interactive shell through python 8. Primary shell information collection 9. Find the mysql database root account password […]
Target drone Raven2 / UDF privilege escalation
Raven2 Information collection Survival detection Detailed scan Background scanning dirsearch -u http://10.4.7.135 -x 403 # Filter background pages with status code 403 Webshell Vulnerability discovery Access the scanned background page /vendor page Found that the website uses PHPMailer PHPMailer is a PHP library for sending emails. It provides a simple and flexible way to send […]
Vulnhub series target drone-Raven2
Article directory Raven2 Penetration Testing 1. Information collection 1.1 Host detection 1.2 Port scanning 1.3 Directory blasting 2. Vulnerability detection 3. Exploiting vulnerabilities 3.1 msfconsole 3.2 Interactive shell 4. Privilege escalation Raven2 Penetration Test 1. Information collection 1.1 Host detection arp-scan -l 1.2 Port Scan nmap -p- -A 192.168.188.213 A port scan using the nmap […]
Vulnhub series target drone—Raven2
Article directory Raven2 Penetration Testing collect message Elevate privileges UDF script MySQL privilege escalation SUID privilege escalation Raven2 Penetration Test Information collection View live hosts arp-scan -l Find the target host. Scan the port, status, service type, and version information on the target host nmap -A 192.168.160.47 The target opens ports 22, 80, and 111 […]
Vulnhub Target DroneRaven: 2
Article directory collect message host discovery port scan directory scan User enumeration Vulnerability discovery exploit UDF script MySQL privilege escalation SUID privilege escalation Target drone documentation: Raven: 2 Download address: Download (Mirror) Information collection Target machine MAC address: 00:0C:29:15:7F:17 Host discovery sudo nmap -sn 192.168.8.0/24 sudo arp-scan -l Port Scan sudo nmap –min-rate 10000 -p- […]
[Learning to infiltrate the target machine – Raven2 (mysql-udf privilege escalation)]
Raven2 target drone collect message Host Information Collection host ip host open port Host open port service detailed version nmap vulnerability detection web information collection port 80 Get an initial foothold on the system sudo -l View scheduled tasks View the permissions and account information of the password file Find the s-bit files that the […]
Vulnhub’s Raven2 shooting range (MySQL’s UDF privilege escalation)
Directory 0. Knowledge points 0.1 CVE-2016-10033 (PHPMailer remote command execution) 0.2 UDF privilege escalation in MySQL 1. Environment preparation 2. Information Collection 2.1 Host Discovery 2.2 Open port scanning 2.3 Port service, system version scanning 2.4 Default vulnerability script detection 2.5 Web site information collection 2.5.1 Visit the site to view the frame of the […]
vulnhub-RAVEN: 2 (MYSQL-UDF privilege escalation, manual privilege escalation/tool automatic privilege escalation)
Mirror download: Raven: 2 ~ VulnHub Experimental environment: kali: 192.168.78.128 vulnhub mirror: 192.168.78.133 1. Kali checks the local ip address in order to use nmap to scan the surviving host in the ip segment 2. nmap scans the IP segment and finds that the IP address of the target machine is 192.168.78.133 4. Visit http:192.168.78.133/ […]