当前位置:网站首页>[network attack and defense training exercises]
[network attack and defense training exercises]
2022-07-06 01:32:00 【Yang Yiran Yang Xiong】
Training one
1、 Via local PC Medium penetration test platform Kali Use Nmap Scan the target HTTP Service port , And take the version information number in the scanning result as Flag Submit
Apache httpd 2.2.15 ((CentOS))
2、 In the local PC Medium penetration test platform Kali Access target Web page , Determine why the target website login verification is performed by
Front end validation
3、 In the local PC Medium penetration test platform Kali Use Nmap Scan the target HTTP Service port , The port status in the scanning result is taken as Flag Submit
open
4、 In the local PC Medium penetration test platform Kali Access target Web page , Determine the server language of the target website ( Capitalization )
PHP
5、 In the local PC Medium penetration test platform Kali Access target Web page , The file name of the background login page ( example :admin.php) As Flag Submit
login.php
6、 In the local PC Medium penetration test platform Kali Access target Web page , Use SQL Inject universal password to bypass login , Take the injected parameter name as Flag Submit
7、 In the local PC Medium penetration test platform Kali Access target Web page , Find the administrator user in the interface after successful login , And use the administrator mailbox as Flag Submit
8、 In the local PC Medium penetration test platform Kali Access target Web page , Find the dashboard in the interface after successful login , And take the lowest value in the instrument cluster as Flag Submit
12034
9、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Judge the database used by the target , And use the database name as Flag Submit ( A lowercase letter )
mysql
10、 In the local PC Medium penetration test platform Kali Use SQL Inject the scanning tool to the target HTTP The service is carried out SQL Injection test , After successful injection, find the database used by the current website , And take the database name as Flag Submit
mainpage
Training two
1、 In the local PC Medium penetration test platform Kali Access target Web page , Find the upload point in the interface after successful login , Submit the parameter name to be modified
Content-Type
2、 Using tools locally weevely Generate a file named backdoor.php The back door file , The password for 123456, And take the fixed characters in the command as Flag Submit
weevely generate 123456 backdoor.php
3、 In the local PC Medium penetration test platform Kali Access target Web page , Combining tools BurpSuite Upload the generated backdoor file , And take the name of the uploaded file directory as Flag Submit
avatar/
Training three
1、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , utilize an instrument weevely Connect the backdoor file , And look for flag file , Take its content as Flag Submit ;
w1r91mdxeidy4hh5
2、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , utilize an instrument weevely Connect the backdoor file , View the current user and user group , And use it as Flag Submit ;( example :root/root)
apache/apache
3、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , utilize an instrument weevely Connect the backdoor file , Collect system information , And regard this command as Flag Submit ;
:system_info
4、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , utilize an instrument weevely Connect the backdoor file , Check out the website php Version number , And take the version number as Flag Submit ;( example :5.1.1)
5.3.3
5、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Connect to the database and count the number of databases submitted to the website
5
6、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , utilize an instrument weevely Connect the backdoor file , Find the database configuration file used by the website , Use the account and password connected to the database as Flag Submit ;( example :username/password)
root/ca368418d
7、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Using tools msfvenom Generate elf back door , Upload to the target server , And make use of msf The listening module bounces tcp Session monitoring , And use the command of the listening module as Flag Submit ;( example :use exploit/xxxx/xxxx)
use exploit/multi/handler
8、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , And will MSF The default listening port number of the listening module is Flag Submit
4444
9、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , And will Linux Change the command keyword of permission as Flag Submit
chmod
10、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , And check the system version information after obtaining the permission of the target system , Take the system kernel number as Flag Submit
2.6.32-431.el6.x86_64
11、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , adopt searchsploit The tool analyzes the kernel version of the target system , Find exploitable rights raising loopholes , And its CVE Number as Flag Submit ;( example :CVE-2011-0834)
CVE-2016-5195
12、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , adopt searchsploit Search for dirty cow vulnerabilities , And put the dirty cow hole again exploit db Number in as Flag Submit
40839
13、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Take advantage of the dirty cow loophole to raise rights locally , And will searchsploit In the example, the command to compile the vulnerability is Flag Submit
gcc -pthread dirty.c -o dirty -lcrypt
14、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , And take the user name generated after the dirty cow vulnerability is successfully authorized as Flag Submit
firefart
Training four
1、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , After obtaining the rebound session, use meterpreter Establish the target target ssh Port forwarding , And use the keyword of this command as Flag Submit ;( A lowercase letter )
portfwd
2、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Check the current user permissions after using the dirty cow vulnerability to locally raise rights , And take the current user name and user group name as Flag Submit ;( example :root/root)
firefart/root
3、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Check the administrator user directory after using the dirty cow vulnerability to locally raise rights , And put Flag File contents as Flag Submit ;
Oukkgggw8ff2a333
4、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Check this machine after using the dirty cow vulnerability to raise rights locally ip Address and use it as Flag Submit ;
192.168.110.1
5、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , After taking advantage of the dirty cow loophole to raise rights locally, find and analyze ssh Log files , And will find ssh Log file absolute path as Flag Submit ;
/var/log/secure
6、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , Analyze the log traffic of the target website after obtaining the permission of the target website , And analyze 192.168.1.238 IP What is your operating system ;( A lowercase letter )
linux
7、 In the local PC Medium penetration test platform Kali Yes Web The target machine is tested for penetration , After taking advantage of the dirty cow loophole to raise rights locally, find and analyze web Service log files and look for intranet segments , Take the found intranet segment as Flag Submit ;( example :172.16.10.0/24)
192.168.223.0/24
Training five
1、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web The target is set as a springboard machine and then used nmap The scanning tool scans the intranet segment where it is located , And open the network segment 80 The host address of the port is Flag Submit , If there are more than one , use / Space and arrange in ascending order ;( example :1/5/6)
1/3
2、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web The target is set as a springboard machine and then used nmap Scan tool to build in the intranet OA The target machine of the system carries out system service and version scanning penetration test , And display the operation in the result 80 The service version information string corresponding to the port is used as flag Value submission ;
nginx 1.18.0 (Ubuntu)
3、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, access the intranet OA System , take OA The submission method of the system login page form is FLAG Submit ;( notes : A lowercase letter )
post
In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, access the intranet OA System , take OA The name of the form submitted on the system login page is FLAG Submit ;( notes : A lowercase letter )
myform
5、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, access the intranet OA System , take OA The system login page is submitted to action Address as FLAG Submit ; ( example :admin.php)
login.php
6、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, access the intranet OA System , take OA On the system login page FLAG Copy submit ;
hji1719yommvppa4
Training six
1、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, access the intranet OA System , Follow the prompts to use python in requests Library blasting administrator account password , And will request Submitted in module post The requested method name is flag Submit ;( example :requests.put())
requests.post()
2、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, access the intranet OA System , Follow the prompts to use python in requests Library blasting administrator account password , And take the blasted account and password as Flag Submit ;( example :root/toor)
admin/75395
Training 7
1、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Log in to the intranet OA After the system , Look for ways that the website can use , And take the name of this utilization method as Flag Submit ;( example : Command execution )
File contains
2、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Log in to the intranet OA After the system , Exploit the vulnerability to read the website release directory flag.txt As the content of Flag Submit ;
97toa17y3mcf4ybs
3、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Log in to the intranet OA After the system , Find the file upload vulnerability and upload the one sentence Trojan horse , And put the administrator's Avatar url Address as Flag Submit ;
http://192.168.223.1/avatar/admin.png
4、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Log in to the intranet OA After the system , Find the file upload vulnerability and upload the one sentence Trojan horse , And will upload vulnerabilities in the process Content-Type The value that needs to be modified as FLAG Submit ;( example :image/gief)
image/png
5、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Log in to the intranet OA After the system , Find the file upload vulnerability and upload the one sentence Trojan horse , And combined with another vulnerability to parse a sentence Trojan , find OA Configuration file of system connection database , And take the name of the configuration file as Flag Submit ;( example :config.php)
dbconnect.php
6、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Log in to the intranet OA After the system , Find the file upload vulnerability and upload the one sentence Trojan horse , And use the file containing vulnerability to parse the one sentence Trojan , find OA Configuration file of system connection database , And take the account and password connected to the database as Flag Submit ;( example :root/toor)
oa/144d993ba34367792dfe58370935c4b5
Training eight
1、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , stay Web The target is connected to the intranet DB The server , And will mysql Parameters for connecting to the remote server and ip As Flag Submit ;( example :-h 172.16.2.3)
-h 192.168.223.3
2、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , stay Web The target is connected to the intranet DB The server , And use after logging in successfully select Statement to view the database version number , And will query the necessary mysql Function name as Flag Submit ;
version()
3、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , stay Web The target is connected to the intranet DB The server , And use after logging in successfully select Statement to view the database version number , And take the version number as Flag Submit ;
5.1.71
4、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet ,Web The target is connected to the intranet DB The server , And use select Statement view DB Server website publishing directory flag.txt file , And take the website publishing directory as Flag Submit ;
/var/www/html/
5、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet ,Web The target is connected to the intranet DB The server , And use select Statement view DB Server website publishing directory flag.txt file , And take its content as Flag Submit ;
y4rseppfoxbe4lbq
Practical training IX
1、 In the local PC Penetration test platform Kali in , Use the command to initialize msf database , And use the command as FLAG Submit
msfdb init
2、 In the local PC Penetration test platform Kali in , open msf, Use db_import Import the scan results into the database , And view the imported data , Use the command to view the imported data as FLAG Submit ;
hosts
3、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web The target is set as a springboard machine and then used msfconsole The tool scans the intranet segment where it is located for eternal blue vulnerabilities , And use the full scan module name as Flag Submit ( Inclusion path )
auxiliary/scanner/smb/smb_ms17_010
4、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web The target is set as a springboard machine and then used msfconsole The tool scans the intranet segment where it is located for eternal blue vulnerabilities , And take the command of executing scanning as Flag Submit
run
5、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web The target is set as a springboard machine and then used msfconsole The tool scans the intranet segment where it is located for eternal blue vulnerabilities , The number of hosts with this vulnerability after scanning is taken as Flag Submit
1
6、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web The target is set as a springboard machine and then used msfconsole/exploit The tool scans the intranet segment where it is located for eternal blue vulnerabilities , And will scan those with this vulnerability IP Address as Flag Submit
192.168.223.2
7、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , And will MSF In the local PC Medium penetration test platform Kali Penetration testing of the intranet , Take the disclosure time of the eternal blue attack module as Flag Submit
2017-03-14
8、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, use the eternal blue loophole to target winserver Server attacks , After the attack is successful, the computer name of the target server is taken as Flag Submit
WIN-9IFC3S45I08
9、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, use the eternal blue loophole to target winserver Server attacks , And after the successful attack in meterpreter Open the remote desktop service of the target in the terminal , Use this command as Flag Submit
run getgui -e
11、 In the local PC Medium penetration test platform Kali Penetration testing of the intranet , By way of Web After the target machine is set as a springboard machine, use the eternal blue loophole to target winserver Server attacks , And will be located on the user's desktop after the successful attack flag.txt File contents as Flag Submit
69iu0sp1j7e0g0k3
边栏推荐
- MCU lightweight system core
- A Cooperative Approach to Particle Swarm Optimization
- 一圖看懂!為什麼學校教了你Coding但還是不會的原因...
- Leetcode skimming questions_ Verify palindrome string II
- 伦敦银走势中的假突破
- Huawei Hrbrid interface and VLAN division based on IP
- Unity VR solves the problem that the handle ray keeps flashing after touching the button of the UI
- [Jiudu OJ 09] two points to find student information
- 记一个 @nestjs/typeorm^8.1.4 版本不能获取.env选项问题
- 电气数据|IEEE118(含风能太阳能)
猜你喜欢
Redis-字符串类型
Basic operations of databases and tables ----- non empty constraints
Cookie concept, basic use, principle, details and Chinese transmission
Huawei Hrbrid interface and VLAN division based on IP
Basic operations of database and table ----- delete data table
A Cooperative Approach to Particle Swarm Optimization
Yii console method call, Yii console scheduled task
Folio. Ink is a free, fast and easy-to-use image sharing tool
Loop structure of program (for loop)
【Flask】官方教程(Tutorial)-part3:blog蓝图、项目可安装化
随机推荐
Kotlin basics 1
关于softmax函数的见解
[pat (basic level) practice] - [simple mathematics] 1062 simplest fraction
How to get the PHP version- How to get the PHP Version?
module ‘tensorflow. contrib. data‘ has no attribute ‘dataset
【Flask】响应、session与Message Flashing
【全網最全】 |MySQL EXPLAIN 完全解讀
Leetcode1961. 检查字符串是否为数组前缀
500 lines of code to understand the principle of mecached cache client driver
NLP第四范式:Prompt概述【Pre-train,Prompt(提示),Predict】【刘鹏飞】
Cadre du Paddle: aperçu du paddlelnp [bibliothèque de développement pour le traitement du langage naturel des rames volantes]
Spir - V premier aperçu
【Flask】官方教程(Tutorial)-part3:blog蓝图、项目可安装化
VMware Tools installation error: unable to automatically install vsock driver
c#网页打开winform exe
一图看懂!为什么学校教了你Coding但还是不会的原因...
Electrical data | IEEE118 (including wind and solar energy)
SCM Chinese data distribution
[flask] response, session and message flashing
Basic operations of database and table ----- delete data table