Vulnhub之Hacker Fest 2019靶机详细测试过程 - ToB企服应用市场:ToB评测及商务社交产业平台

https://www.vulnhub.com/entry/hacker-fest-2019,378/

复制代码

(kali㉿kali)-[~/Vulnhub/HF2019]
└─$ sudo netdiscover -i eth1 -r 192.168.56.0/24
Currently scanning: 192.168.56.0/24 | Screen View: Unique Hosts
3 Captured ARP Req/Rep packets, from 3 hosts. Total size: 180
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.56.1 0a:00:27:00:00:05 1 60 Unknown vendor
192.168.56.100 08:00:27:69:f3:d5 1 60 PCS Systemtechnik GmbH
192.168.56.254 08:00:27:47:72:31 1 60 PCS Systemtechnik GmbH

复制代码

┌──(kali㉿kali)-[~/Vulnhub/HF2019]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.254 -oN nmap_full_scan
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-21 20:25 EDT
Nmap scan report for inplainsight (192.168.56.254)
Host is up (0.00019s latency).
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -rw-rw-r-- 1 ftp ftp 420 Nov 30 2017 index.php
| -rw-rw-r-- 1 ftp ftp 19935 Sep 05 2019 license.txt
| -rw-rw-r-- 1 ftp ftp 7447 Sep 05 2019 readme.html
| -rw-rw-r-- 1 ftp ftp 6919 Jan 12 2019 wp-activate.php
| drwxrwxr-x 9 ftp ftp 4096 Sep 05 2019 wp-admin
| -rw-rw-r-- 1 ftp ftp 369 Nov 30 2017 wp-blog-header.php
| -rw-rw-r-- 1 ftp ftp 2283 Jan 21 2019 wp-comments-post.php
| -rw-rw-r-- 1 ftp ftp 3255 Sep 27 2019 wp-config.php
| drwxrwxr-x 8 ftp ftp 4096 Sep 29 2019 wp-content
| -rw-rw-r-- 1 ftp ftp 3847 Jan 09 2019 wp-cron.php
| drwxrwxr-x 20 ftp ftp 12288 Sep 05 2019 wp-includes
| -rw-rw-r-- 1 ftp ftp 2502 Jan 16 2019 wp-links-opml.php
| -rw-rw-r-- 1 ftp ftp 3306 Nov 30 2017 wp-load.php
| -rw-rw-r-- 1 ftp ftp 39551 Jun 10 2019 wp-login.php
| -rw-rw-r-- 1 ftp ftp 8403 Nov 30 2017 wp-mail.php
| -rw-rw-r-- 1 ftp ftp 18962 Mar 28 2019 wp-settings.php
| -rw-rw-r-- 1 ftp ftp 31085 Jan 16 2019 wp-signup.php
| -rw-rw-r-- 1 ftp ftp 4764 Nov 30 2017 wp-trackback.php
|_-rw-rw-r-- 1 ftp ftp 3068 Aug 17 2018 xmlrpc.php
| ftp-syst:
| STAT:
| FTP server status:
| Connected to 192.168.56.206
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 4
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
| ssh-hostkey:
| 2048 b72e8fcb12e4e8cd931e730f51ce486c (RSA)
| 256 70f444eba85554382d6d7589bbec7ee7 (ECDSA)
|_ 256 7c0eabfe537e8722f85adfc9da7f9079 (ED25519)
80/tcp open http Apache httpd 2.4.25 ((Debian))
|_http-server-header: Apache/2.4.25 (Debian)
|_http-generator: WordPress 5.2.3
|_http-title: Tata intranet – Just another WordPress site
10000/tcp open ssl/http MiniServ 1.890 (Webmin httpd)
| http-robots.txt: 1 disallowed entry
|_/
| ssl-cert: Subject: commonName=*/organizationName=Webmin Webserver on Linux-Debian
| Not valid before: 2019-09-09T13:32:42
|_Not valid after: 2024-09-07T13:32:42
|_http-title: Login to Webmin
|_ssl-date: TLS randomness does not represent time
MAC Address: 08:00:27:47:72:31 (Oracle VirtualBox virtual NIC)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 45.08 seconds

复制代码