最近笔者整理各类靶机,发现部分靶机没有做过记录,因此借此对lampiao靶机渗透思路进行一次总结,以此完善笔记。 一、导入Lampiao靶机后选择NET模式开启kali也选择NET模式Kali的ip为 192.168.56.129扫描C段寻找靶机地址. 二、发现靶机ip为 192.168.56.130开启了22,80端口,访问80端口. 三、没有可利用的信息,通过NMAP扫描主机开放的所有端口. 四、访问1898端口. 五、先对对目录进行扫描. 六、通过扫描获取到了程序版本为Drupal 7.54. 七、以及存在目录遍历,但未找到可利用的信息. 八、安装文件存在,但需要删除已经存在的数据库才可以再次安装.



Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884