信息搜集
本机ip: 10.10.16.18 目标ip: 10.10.11.39
端口扫描
❯ cat naabu.txt
10.10.11.39:80
10.10.11.39:135
10.10.11.39:53
10.10.11.39:139
10.10.11.39:445
10.10.11.39:88
10.10.11.39:389
kali@kali ~/Documents/htb/University
❯ awk -F ':' '{print $2}'
^C⏎ kali@kali ~/Documents/htb/University [130]
❯ awk -F ':' '{print $2}' naabu.txt
80
135
53
139
445
88
389
kali@kali ~/Documents/htb/University
❯ awk -F ':' '{print $2}' naabu.txt|paste -sd ',' -
80,135,53,139,445,88,389
kali@kali ~/Documents/htb/University
❯ nmap -sCV -p 80,135,53,139,445,88,389 .10.11.39 -oN namp.txt -T4
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-14 03:57 EST
Failed to resolve ".10.11.39".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.20 seconds
kali@kali ~/Documents/htb/University
❯ nmap -sCV -p 80,135,53,139,445,88,389 10.10.11.39 -oN namp.txt -T4
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-14 03:57 EST
Nmap scan report for 10.10.11.39
Host is up (0.49s latency).
PORT STATE SERVICE VERSION
53/tcp open domain Simple DNS Plus
80/tcp open http nginx 1.24.0
|_http-server-header: nginx/1.24.0
|_http-title: Did not follow redirect to http://university.htb/
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2024-11-14 15:44:28Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: university.htb0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2024-11-14T15:44:56
|_ start_date: N/A
|_clock-skew: 6h46m53s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 45.90 seconds
⏎
http
dirsearch -u http://university.htb webshell
https://github.com/c53elyas/CVE-2023-33733