Tag:Target plane

  • Let’s hit the target 01

    Time:2022-7-30

    0x00 introduction to target Target address:BoredHackerBlog: Social Network ~ VulnHub Target difficulty: medium Recommended virtual machine: VirtualBox 0x01 content introduction Attack methods involved Host discovery Port scan Service discovery Path crawling Code injection Shell script Intranet information collection Intranet penetration Vulnerability exploitation Password cracking Local rights raising Attack code modification 0x02 environment construction Download the […]

  • Let’s hit the target 02

    Time:2022-7-28

    0x00 introduction to target Target address:BoredHackerBlog: Cloud AV ~ VulnHub Target difficulty: low (ideas and skills) Recommended virtual machine: VirtualBox 0x01 content introduction Attack methods involved Port scan Web investigation SQL injection Command injection Password explosion Code audit NC series Local rights raising brief introduction Although the difficulty level is low, from the perspective of […]

  • Vulnhub target collection

    Time:2022-7-23

    Click the title to enter the corresponding target address 1. medium_socnet Scan the web page and background admin page of 5000 port Python code executes a rebound shell to obtain webshell and root permission. It is found inside the docker container(cat /proc/1/cgroupCheck the initial process ID number and find that there is a docker, which […]

  • Let’s hit the target 03

    Time:2022-7-13

    0x00 introduction to target Target address:Chronos: 1 ~ VulnHub Difficulty level: medium (very clever idea) Recommended virtual machine: VirtualBox 0x01 content introduction Attack methods involved Port scan Web investigation Command injection Data encoding and decoding Search method Framework vulnerability exploitation Code audit NC series Local rights raising brief introduction In this lesson, I introduced my […]

  • Vulnhub’s earth

    Time:2022-7-11

    Target address:https://www.vulnhub.com/entry/the-planets-earth,755/ Kali IP:192.168.56.104 After downloading the ova file, import it directly through VirtualBox. information gathering Target IP and port Scan the target through ARP scan: arp-scan -I eth1 -l Nmap scan TCP port: nmap -sC -sV -p- 192.168.56.104 Direct access to port 80/443, no actual content. Observe that 443 has made a DNS resolution, […]

  • vulnhub-earth

    Time:2022-7-10

    1. Information collection 1.1 find the target host IP General skills of vulnhub shooting range here our shooting range is in NAT mode, so it must be within a network segment set by ourselves. The address of NAT machine here is 10.1.1.1 The network segment is 10.1.1.0 So we can scan nmap 10.1.1.0/24 directly But […]

  • Vulnhub-dc-4 target aircraft actual combat

    Time:2022-6-3

    preface Target download address:https://www.vulnhub.com/entry/dc-4,313/ Kali address: 192.168.75.108 Target address: 192.168.75.207 I Information discovery 1. host discovery Use the following commands netdiscover -r 192.168.75.108 The following figure shows the address of our target plane. 2. host scanning Here, use the nmap tool to scan. The command is as follows. nmap -A -T4 -O -p 0-65535 192.168.75.207 […]

  • 20211913-feng xinru-2021-2022-2 Experiment 4 of network attack and defense practice

    Time:2022-5-19

    1、 Experimental content Understand several attacks of TCP / IP protocol stack through experiments: ARP cache spoofing attack, ICMP redirection attack, SYN Flood attack, TCP RST attack and TCP session hijacking attack. 2、 Experimental steps 1. ARP cache spoofing attack View the configuration of the attacker Kali View target 1 – metasploitable_ Configuration of Ubuntu […]

  • 20211907 Liu Changhe 2021-2022-2 the fourth operation of network attack and defense practice

    Time:2022-4-29

    Experimental principleARP spoofing attack: ARP is an early network protocol, and rfc826 was published in 1980. The early Internet adopted the trust model, which was used in scientific research and universities. It pursued function and speed without considering network security. ARP spoofing is to illegally claim that it is the MAC address of an IP […]

  • Vulnhub target – me and my girl friend: 1

    Time:2022-4-27

    Actual combat of vulnhub target 1. Target address https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/ 2. First look at the description (requirements) Through this, we can know that we need to find the “thing” hidden by Alice. Maybe it’s flag!! This is a primary difficulty. Our goal is to get two flags. Where are they??? Find it yourself 3. Host, port […]

  • Target penetration exercise 59-digitalworld local:snakeoil

    Time:2022-4-24

    Target description Target address:https://www.vulnhub.com/entry/digitalworldlocal-snakeoil,738/ Description Recently, Good Tech Inc. has decided to change their application development process. However, their applications look broken and too basic. Is this an application full of snakeoil, or are they insecure too? This goes beyond PEN-200, and some web application development expertise could be helpful. If you MUST have hints […]

  • Target penetration exercise 61 Chronos

    Time:2022-4-21

    Target description Target address:https://www.vulnhub.com/entry/chronos-1,735/ Description Difficulty : medium This works better with VirtualBox rather than VMware 1、 Build the target environment Attack aircraft Kali: IP address: 192.168.9.7 Target plane: IP address: 192.168.9.58 Note: the IP addresses of the target and Kali only need to be in the same LAN (the same network segment, that is, […]