2020-06-01から1ヶ月間の記事一覧
Enumeration Port Scanning webサイトを確認します。 anonymousでFTPにログイン WireShark ssh Privilege Escalation Enumeration Port Scanning $ sudo nmap -Pn -sS -sV -p- 192.168.2.113 PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.2 22/tc…
pwn coffer-overflow-0 coffer-overflow-1 coffer-overflow-2 secret-flag the-library pwn coffer-overflow-0 ソースコードも一緒に配布されるのでみてみると #include <stdio.h> #include <string.h> int main(void) { long code = 0; char name[16]; setbuf(stdout, NULL); s</string.h></stdio.h>…
nmap -Pn -sS -sV -p- 192.168.2.114 nikto -h 192.168.2.114 gobuster dir -u 192.168.2.114 -w /usr/share/dirb/wordlists/big.txt -t 50 -q -x php BurpSuite /command.php nc -lvp 5555 hydra -l jim -P pass.txt 192.168.2.114 ssh su jim su charles n…
nmap -Pn -sS -sV -p- 192.168.2.110 PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) nikto -h 192.168.2.110 + OSVDB-8193: /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: EW FileManage…
Free Flag $ file chall chall: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=518d3397ca0a0d5e98e900e3f2e2937de34e3554, not stripped $ che…
Dangerous $ file dangerous dangerous: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=2b7e7edf071a5dd08228a996ed76400783fba08c, for GNU/Linux 3.2.0, stripped $…
Reversing / Pwn Not Really AI $ file nra nra: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=de726633c6d3ec5839065e67784dcfdb3497b074, for GNU/Linux 3.2.0, not st…
Binary Exploitation Boredom $ file boredom boredom: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=99a762a8f8f05784a81b593573ca8252f44ecc7e, for GNU/Linux 3.2…
nmap -Pn -sS -sV -p- 192.168.0.35 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10 (protocol 2.0) 80/tcp open http nginx 1.10.3 31337/tcp open http Werkzeug httpd 0.11.15 (Python 3.5.3) ssh、80と31337でhttpが動いているこ…
pwn abcbof $ file abcbof abcbof: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=c0d370a13d4eef91ea21376096ca113349bda4d6, not stripped $ …
