r0ckyzzz's Blog.

HTB靶机Lame、Leagcy、Bashed、Popcorn通关笔记

OSCP HTB
Word count: 268Reading time: 1 min
2020/04/02 Share

HTB靶机Lame、Leagcy、Bashed、Popcorn通关笔记

Lame

nmap 扫描

upload successful
版本合适 直接用msf拿下

upload successful

upload successful

Legacy

nmap

upload successful
直接用ms17010 打进去在administrator的桌面找到root.txt

upload successful

Bashed

nmap

upload successful
80端口

upload successful

在dev文件夹找到phpbash.php文件 开始搞事

upload successful

找到一个user.txt

upload successful

用提权辅助脚本

upload successful
提权成功

upload successful
拿到flag

upload successful

Popcorn

nmap

upload successful

dirb扫目录真的好慢啊
换成了gobuster 30线程扫描快多了

upload successful
是一个网站

upload successful
注册了个test test的账号

upload successful
发现有个上传点 只能上传种子文件 不能上传php文件

upload successful
随便上传一个种子文件

upload successful

又出现了一个上传点

upload successful

通过修改content-type绕过了 上传php成功

upload successful

连接shell

upload successful
拿到user.txt

upload successful
拿到数据库账号密码

upload successful
torrent:SuperSecret!!
md5破解不出来

upload successful

辅助脚本

upload successful

提权成功拿到flag

upload successful

总结

今天开了htb的会员,开始打htb的靶机了,遇到的主要是网络问题,肯定不想vulnhub的靶机那样在本地那么流畅,正在想办法解决,目前是挂着代理来打

Author:r0ckyzzz

原文链接:http://r0cky.xyz/2020/04/02/HTB%E9%9D%B6%E6%9C%BALame%E3%80%81Leagcy%E3%80%81Bashed%E3%80%81Popcorn%E9%80%9A%E5%85%B3%E7%AC%94%E8%AE%B0/

发表日期:April 2nd 2020, 5:30:00 pm

更新日期:April 2nd 2020, 5:34:17 pm

版权声明:本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

CATALOG
  1. 1. HTB靶机Lame、Leagcy、Bashed、Popcorn通关笔记
  2. 2. Lame
  3. 3. Legacy
    1. 3.1. ¶Bashed
    2. 3.2. ¶Popcorn
    3. 3.3. ¶总结
Total : 37
2021
2020
Security security ctf vulnhub Vulnhub OSCP vulhub Linux环境变量 HTB htb