Putdownd’s Blog

描述 Name: It’s October: 1 Date release: 8 Apr 2020 Author: Akanksha Sachin Verma Series: It’s October Welcome to “It’s October” This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target. Goal: Get the root flag of the target. Difficulty: Easy/Medium Level Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable f...

描述 Name: MoneyBox: 1 Date release: 27 Feb 2021 Author: Kirthik_T Series: MoneyBox Difficulty : Easy Goal : 3 flags This works better with VirtualBox rather than VMware 存活 扫不到IP参考: 1https://putdown.top/archives/7051f480.html 把网卡改为ens33 12kali 192.168.169.220 靶机 192.168.169.232 靶机扫描 121 22 80 21 匿名登陆 发现图片先下载 80 扫一下目录 查看源代码 提示有个目录,访问 源代码 1这个key应该是图片解密要用到 图片解密 输入上面的key得到一个文件 1steghide extract -sf trytofind.jpg 1大概意思是 renu用户的密码太弱了 ,尝试爆破 ssh 提权 123ssh-rsa AAA...

描述 Name: Presidential: 1 Date release: 28 Jun 2020 Author: Thomas Williams Series: Presidential Web page: https://security.caerdydd.wales/presidential-ctf/ The Presidential Elections within the USA are just around the corner (November 2020). One of the political parties is concerned that the other political party is going to perform electoral fraud by hacking into the registration system, and falsifying the votes. The state of Ontario has therefore asked you (an independent penetration teste...

Name: HA: Wordy Date release: 13 Sep 2019 Author: Hacking Articles Series: HA Wordy is design for beginners to experience real life Penetration testing. This lab is completely dedicated to Web application testing and there are several vulnerabilities that should be exploited in multiple ways. Therefore, it is not only intended as a root challenge boot, the primary agenda is proactive in exploiting tops listed web application vulnerabilities. As this is a wordpress based lab, it is designed ...

描述 Name: Corrosion: 2 Date release: 21 Sep 2021 Author: Proxy Programmer Series: Corrosion Difficulty: Medium Hint: Enumeration is key. 存活 12kali 192.168.169.220靶机 192.168.169.230 靶机 1端口 22 80 8080 80 8080 目录爆破1gobuster dir -u http://192.168.169.230/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,txt,html,js,php.bak,txt.bak,html.bak,json,git,git.bak,zip,zip.bak 1http://192.168.169.230/ 80端口的没跑出来 试一下8080 1gobuster dir -u http://192.168.169.230:8...

描述 Name: Corrosion: 1 Date release: 31 Jul 2021 Author: Proxy Programmer Series: Corrosion Difficulty: Easy A easy box for beginners, but not too easy. Good Luck. Hint: Enumerate Property. nmap扫存活 12kali 192.168.169.220靶机 192.168.169.232 靶机扫描 1端口 22 80 80 1没什么有用的信息 目录扫描 tasks blog-post 1没头绪 参考别人还有目录 1gobuster dir -u http://192.168.169.232/blog-post/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,txt,html,js,php.bak,txt.bak,html.bak,json,git,git....

描述 Name: DarkHole: 2 Date release: 3 Sep 2021 Author: Jehad Alqurashi Series: DarkHole Difficulty:Hard This works better with VMware rather than VirtualBox Hint: Don’t waste your time For Brute-Force nmap扫存活 12kali 192.168.169.220靶机 192.168.169.230 nmap扫描靶机 12端口 22 80 Git repository git泄露 目录 使用git工具1https://github.com/arthaud/git-dumper 运行 git_dumper.py 1python3 git_dumper.py http://192.168.169.230/.git/ website 查看文件 1一个登录页面 需要邮箱密码 git log 1查看修改历史 1发现账号密码 1if($_POST['...

描述 Name: DarkHole: 1 Date release: 18 Jul 2021 Author: Jehad Alqurashi Series: DarkHole Difficulty: Easy It’s a box for beginners, but not easy, Good Luck Hint: Don’t waste your time For Brute-Force nmap 扫描 12kali 192.168.169.220靶机 192.168.169.232 nmap扫描靶机 1端口 22 80 访问80 目录爆破1gobuster dir -u http://192.168.169.232/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,txt,html,js,php.bak,txt.bak,html.bak,json,git,git.bak,zip,zip.bak 没什么价值 功能点测试 1注册 ad...

描述 Name: HackathonCTF: 2 Date release: 20 Jun 2021 Author: somu sen Series: HackathonCTF nmap信息收集 12kali 192.168.169.220靶机 192.168.169.230 nmap扫描靶机 121 80 7223 访问80 访问21 查看文件 1₣Ⱡ₳₲{7e3c118631b68d159d9399bda66fc684} 目录检举 访问robots.txt happy ssh爆破12用户名 : hackathonll密码 : ftp看到的 word.dir 1hydra -l hackathonll -P word.txt 192.168.169.230 ssh -s 7223 登录1[7223][ssh] host: 192.168.169.230 login: hackathonll password: Ti@gO 提权 vim提权 1sudo vim -c ':!/bin/sh'...

描述 Name: HackathonCTF: 1 Date release: 27 Oct 2020 Author: somu sen Series: HackathonCTF nmap扫描 存活 12kali 192.168.169.220靶机 192.168.169.230 扫描靶机 121 23 80 访问80端口 扫描目录 base64解密 1234c3NoLWJydXRlZm9yY2Utc3Vkb2l0Cg==ssh-bruteforce-sudoit应该是提示 ssh连接 爆破 提权 gobuster Web目录爆破 1gobuster dir -u http://192.168.169.230/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,txt,html,js,php.bak,txt.bak,html.bak,json,git,git.bak,zip,zip.bak 12345/index.html ...