当前位置:网站首页>vulnhub之momentum
vulnhub之momentum
2022-07-03 11:05:00 【梅_花_七】
目录
一、nmap全端口扫描
nmap -sT ip
二、服务版本探测
三、信息收集
1.源码检查
有一个注释,是关于AES加密的。
function viewDetails(str) {
window.location.href = "opus-details.php?id="+str;
}/*
var CryptoJS = require("crypto-js");
var decrypted = CryptoJS.AES.decrypt(encrypted, "SecretPassphraseMomentum");
console.log(decrypted.toString(CryptoJS.enc.Utf8));
*/
2.存在xss
并且在cookie下看到了一串加密字符,很显然他是让我们用AES解密他
3.在线前端代码编辑网站
codepen.io
利用已经写好的crypto-js模块,稍微改改进行AES解密
得到这个,应该是个账号-密码。
auxerre-alienum##
四、ssh登录突破边界
账号: auxerre
密码: auxerre-alienum##
拿到了一个flag.txt
五、内部信息收集
1.、etc/passwd
有redis这个账号,有redis非关系型数据库
2.查看端口服务
确认本地已启用redis数据库,不对外网开放的。
ss -pantu
六、redis非授权访问
1.开启客户端
redis_cli
执行info确认是否有未授权访问漏洞。
2.redis数据库中保存了root密码
3.切换到root
su
输入密码即可
七、scp命令
下载个图片到本机
scp -r ip:路径 ./
边栏推荐
- Unity3D学习笔记5——创建子Mesh
- GCC compilation process and dynamic link library and static link library
- R language uses the aggregate function to calculate the mean value (sum) of dataframe data grouping aggregation without setting na The result of RM calculation. If the group contains the missing value
- DS90UB949
- AI模型看看视频,就学会了玩《我的世界》:砍树、造箱子、制作石镐样样不差...
- typeScript
- After setting up ADG, instance 2 cannot start ora-29760: instance_ number parameter not specified
- Internet socket (non) blocking write/read n bytes
- Numpy np. Max and np Maximum implements the relu function
- Stm32hal library upgrades firmware based on flash analog U disk (detailed explanation)
猜你喜欢
Web安全总结
外插散点数据
The world's most popular font editor FontCreator tool
Kubernetes 三打探针及探针方式
DS90UB949
Software testing weekly (issue 78): the more confident you are about the future, the more patient you are about the present.
Numpy np. Max and np Maximum implements the relu function
Viewing binary bin files with notepad++ editor
Modular programming of single chip microcomputer
![抓包整理外篇fiddler———— 会话栏与过滤器[二]](/img/04/e9cc027d753e7049f273d866eefdce.png)
抓包整理外篇fiddler———— 会话栏与过滤器[二]
随机推荐
R language uses the aggregate function to calculate the mean value (sum) of dataframe data grouping aggregation without setting na The result of RM calculation. If the group contains the missing value
Arctangent entropy: the latest SCI paper in July 2022
Solicitation for JGG special issue: spatio-temporal omics
libvirt 中体验容器
How to become a senior digital IC Design Engineer (1-4) Verilog coding syntax: expression
R language uses grid of gridextra package The array function combines multiple visual images of the ggplot2 package horizontally, and the ncol parameter defines the number of columns of the combined g
AOSP ~ NTP ( 网络时间协议 )
. \vmware-vdiskmanager. exe -k “c:\\xxxxx.vmdk”
ArcGIS应用(二十一)Arcmap删除图层指定要素的方法
Phpcms prompt message page Jump showmessage
Numpy np. Max and np Maximum implements the relu function
Hongmeng fourth training
导师对帮助研究生顺利完成学业提出了20条劝告:第一,不要有度假休息的打算.....
How to become a senior digital IC Design Engineer (1-3) Verilog coding syntax: Verilog behavior level, register transfer level, gate level (abstract level)
【学习笔记】dp 状态与转移
R language uses grid of gridextra package The array function combines multiple visual images of the lattice package horizontally, and the ncol parameter defines the number of columns of the combined g
cgroup简介
如何将数字字符串转换为整数
PHP基础
(database authorization - redis) summary of unauthorized access vulnerabilities in redis