Category:Information Security

  • Nezuko: 1 Vulnhub Walkthrough

    Time:2019-9-16

      Download address: https://www.vulnhub.com/entry/nezuko-1,352/ Virtual Machine Start, Set IP Address DHCP Acquisition   Host Discovery Scan:   Host level scanning: ╰─ nmap -p1-65535 -A 10.10.202.155Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-06 11:01 CSTNmap scan report for 10.10.202.155Host is up (0.00058s latency).Not shown: 65532 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 […]

  • AI: Web: 1 Vulnhub Walkthrough

    Time:2019-9-15

    Download link: https://www.vulnhub.com/entry/ai-web-1,353/   Host Discovery Scan:   Host Port Scanning   http://10.10.202.158/   Directory Scan: ╰─ sudo python3 dirsearch.py -u http://10.10.202.158 -e .php [17:11:29] 200 – 141B – /index.html[17:11:37] 200 – 82B – /robots.txt   Catalog detection is performed separately: ╰─ sudo python3 dirsearch.py -u http://10.10.202.158/m3diNf0/ -e .php [17:12:31] 200 –   84KB – /m3diNf0/info.php […]

  • Vulnerability Reproduction Defense Repair for CVE 2019-0708

    Time:2019-9-14

    CVE-2019-0708 Windows was exposed again as a high-risk remote vulnerability CVE-2019-0708, which has great destructive power. Once the vulnerability is successfully exploited, an attacker can execute arbitrary code on the target system, including acquiring sensitive information, executing remote code, launching denial of service attacks and so on. What’s more, the vulnerability can be triggered without […]

  • AI: Web: 2 Vulnhub Walkthrough

    Time:2019-9-13

    Target download link: https://www.vulnhub.com/entry/ai-web-2,357 Host port scan:     Attempt to inject SQL, no injection vulnerabilities found, registered to create an account http://10.10.202.160/userpage.php   Under Vulnerability Library Search: XuezhuLi FileSharing – Directory Traversal https://www.exploit-db.com/exploits/40009     Let’s take a look at the catalogue. ╰─ sudo python3 dirsearch.py -u http://10.10.202.160/ -e .php     Let’s try […]

  • Dc: 7 Vulnhub Walkthrough

    Time:2019-9-12

    Target Machine Download Address: https://www.vulnhub.com/entry/dc-7,356/ Host Scan:   http://10.10.202.161/   Google Search:     SSH login   The above analysis shows that the script is executed every three minutes by root, and the user of www-data has write permission, so we need to find a way to get this permission and write shell rebound.   […]

  • Sunset: Nightfall Vulnhub Walkthrough

    Time:2019-9-11

    Target Link: https://www.vulnhub.com/entry/sunset-nightfall,355/ Host Scan: ╰─ nmap -p- -A 10.10.202.162Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-09 14:23 CSTNmap scan report for 10.10.202.162Host is up (0.0013s latency).Not shown: 65529 closed portsPORT STATE SERVICE VERSION21/tcp open ftp pyftpdlib 1.5.5| ftp-syst: | STAT: | FTP server status:| Connected to: 10.10.202.162:21| Waiting for username.| TYPE: ASCII; STRUcture: File; […]

  • List of Linux Operations and Maintenance Security Practices

    Time:2019-9-10

    Security Protection of Linux Operation and Maintenance Documents will be updated at any time, the latest update time: 20190901 This document is a canActual operationOfReal time updateOfLinux Operations and Maintenance SecurityRelevant Implementation List for Linux Operations and Maintenance-related Safety Protection Plan > Implementation > Inspection > Improvement 1 Security Principle Before implementing the safety measures, […]