Tag:Target plane

  • Let’s hit the target 01


    0x00 introduction to target Target address:BoredHackerBlog: Social Network ~ VulnHub Target difficulty: medium Recommended virtual machine: VirtualBox 0x01 content introduction Attack methods involved Host discovery Port scan Service discovery Path crawling Code injection Shell script Intranet information collection Intranet penetration Vulnerability exploitation Password cracking Local rights raising Attack code modification 0x02 environment construction Download the […]

  • Let’s hit the target 02


    0x00 introduction to target Target address:BoredHackerBlog: Cloud AV ~ VulnHub Target difficulty: low (ideas and skills) Recommended virtual machine: VirtualBox 0x01 content introduction Attack methods involved Port scan Web investigation SQL injection Command injection Password explosion Code audit NC series Local rights raising brief introduction Although the difficulty level is low, from the perspective of […]

  • Vulnhub target collection


    Click the title to enter the corresponding target address 1. medium_socnet Scan the web page and background admin page of 5000 port Python code executes a rebound shell to obtain webshell and root permission. It is found inside the docker container(cat /proc/1/cgroupCheck the initial process ID number and find that there is a docker, which […]

  • Let’s hit the target 03


    0x00 introduction to target Target address:Chronos: 1 ~ VulnHub Difficulty level: medium (very clever idea) Recommended virtual machine: VirtualBox 0x01 content introduction Attack methods involved Port scan Web investigation Command injection Data encoding and decoding Search method Framework vulnerability exploitation Code audit NC series Local rights raising brief introduction In this lesson, I introduced my […]

  • Vulnhub’s earth


    Target address:https://www.vulnhub.com/entry/the-planets-earth,755/ Kali IP: After downloading the ova file, import it directly through VirtualBox. information gathering Target IP and port Scan the target through ARP scan: arp-scan -I eth1 -l Nmap scan TCP port: nmap -sC -sV -p- Direct access to port 80/443, no actual content. Observe that 443 has made a DNS resolution, […]

  • vulnhub-earth


    1. Information collection 1.1 find the target host IP General skills of vulnhub shooting range here our shooting range is in NAT mode, so it must be within a network segment set by ourselves. The address of NAT machine here is The network segment is So we can scan nmap directly But […]

  • Vulnhub-dc-4 target aircraft actual combat


    preface Target download address:https://www.vulnhub.com/entry/dc-4,313/ Kali address: Target address: I Information discovery 1. host discovery Use the following commands netdiscover -r The following figure shows the address of our target plane. 2. host scanning Here, use the nmap tool to scan. The command is as follows. nmap -A -T4 -O -p 0-65535 […]

  • 20211913-feng xinru-2021-2022-2 Experiment 4 of network attack and defense practice


    1、 Experimental content Understand several attacks of TCP / IP protocol stack through experiments: ARP cache spoofing attack, ICMP redirection attack, SYN Flood attack, TCP RST attack and TCP session hijacking attack. 2、 Experimental steps 1. ARP cache spoofing attack View the configuration of the attacker Kali View target 1 – metasploitable_ Configuration of Ubuntu […]

  • 20211907 Liu Changhe 2021-2022-2 the fourth operation of network attack and defense practice


    Experimental principleARP spoofing attack: ARP is an early network protocol, and rfc826 was published in 1980. The early Internet adopted the trust model, which was used in scientific research and universities. It pursued function and speed without considering network security. ARP spoofing is to illegally claim that it is the MAC address of an IP […]

  • Vulnhub target – me and my girl friend: 1


    Actual combat of vulnhub target 1. Target address https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/ 2. First look at the description (requirements) Through this, we can know that we need to find the “thing” hidden by Alice. Maybe it’s flag!! This is a primary difficulty. Our goal is to get two flags. Where are they??? Find it yourself 3. Host, port […]

  • Target penetration exercise 59-digitalworld local:snakeoil


    Target description Target address:https://www.vulnhub.com/entry/digitalworldlocal-snakeoil,738/ Description Recently, Good Tech Inc. has decided to change their application development process. However, their applications look broken and too basic. Is this an application full of snakeoil, or are they insecure too? This goes beyond PEN-200, and some web application development expertise could be helpful. If you MUST have hints […]

  • Target penetration exercise 61 Chronos


    Target description Target address:https://www.vulnhub.com/entry/chronos-1,735/ Description Difficulty : medium This works better with VirtualBox rather than VMware 1、 Build the target environment Attack aircraft Kali: IP address: Target plane: IP address: Note: the IP addresses of the target and Kali only need to be in the same LAN (the same network segment, that is, […]