安鸾渗透实战平台——一句话密码破解 (250分)
漏洞环境安鸾渗透实战平台kali虚拟机题目信息这里只给了IP,不知道一句话木马的位置,直接上工具跑他的网站目录dirsearch -u 118.190.133.35:8089[04:34:35] Starting:[04:34:36] 200 -763B- /.git/branches/[04:34:36] 301 -321B- /.git->http://118.190.133.35:80
·
漏洞环境
安鸾渗透实战平台
kali虚拟机
K8_FuckOneShell(一句话webshell爆破工具)
蚁剑/菜刀
题目信息
这里只给了IP,不知道一句话木马的位置,直接上工具跑他的网站目录
dirsearch -u 118.190.133.35:8089
[04:34:35] Starting:
[04:34:36] 200 - 763B - /.git/branches/
[04:34:36] 301 - 321B - /.git -> http://118.190.133.35:8089/.git/
[04:34:36] 200 - 3KB - /.git/
[04:34:36] 200 - 73B - /.git/description
[04:34:36] 200 - 272B - /.git/config
[04:34:36] 200 - 23B - /.git/HEAD
[04:34:36] 200 - 3KB - /.git/hooks/
[04:34:36] 200 - 400B - /.git/index
[04:34:36] 200 - 950B - /.git/info/
[04:34:36] 200 - 240B - /.git/info/exclude
[04:34:36] 200 - 1KB - /.git/logs/
[04:34:36] 301 - 331B - /.git/logs/refs -> http://118.190.133.35:8089/.git/logs/refs/
[04:34:36] 301 - 339B - /.git/logs/refs/remotes -> http://118.190.133.35:8089/.git/logs/refs/remotes/
[04:34:36] 301 - 346B - /.git/logs/refs/remotes/origin -> http://118.190.133.35:8089/.git/logs/refs/remotes/origin/
[04:34:36] 301 - 337B - /.git/logs/refs/heads -> http://118.190.133.35:8089/.git/logs/refs/heads/
[04:34:36] 200 - 191B - /.git/logs/refs/heads/master
[04:34:36] 200 - 191B - /.git/logs/HEAD
[04:34:36] 200 - 191B - /.git/logs/refs/remotes/origin/HEAD
[04:34:36] 200 - 107B - /.git/packed-refs
[04:34:36] 200 - 1KB - /.git/refs/
[04:34:36] 301 - 332B - /.git/refs/heads -> http://118.190.133.35:8089/.git/refs/heads/
[04:34:36] 200 - 3KB - /.git/objects/
[04:34:36] 200 - 41B - /.git/refs/heads/master
[04:34:36] 301 - 334B - /.git/refs/remotes -> http://118.190.133.35:8089/.git/refs/remotes/
[04:34:36] 301 - 341B - /.git/refs/remotes/origin -> http://118.190.133.35:8089/.git/refs/remotes/origin/
[04:34:36] 200 - 32B - /.git/refs/remotes/origin/HEAD
[04:34:36] 301 - 331B - /.git/refs/tags -> http://118.190.133.35:8089/.git/refs/tags/
[04:34:36] 403 - 294B - /.ht_wsr.txt
[04:34:37] 403 - 297B - /.htaccess.bak1
[04:34:37] 403 - 297B - /.htaccess.orig
[04:34:37] 403 - 299B - /.htaccess.sample
[04:34:37] 403 - 297B - /.htaccess.save
[04:34:37] 403 - 298B - /.htaccess_extra
[04:34:37] 403 - 295B - /.htaccessBAK
[04:34:37] 403 - 296B - /.htaccessOLD2
[04:34:37] 403 - 295B - /.htaccess_sc
[04:34:37] 403 - 297B - /.htaccess_orig
[04:34:37] 403 - 295B - /.htaccessOLD
[04:34:37] 403 - 287B - /.htm
[04:34:37] 403 - 288B - /.html
[04:34:37] 403 - 297B - /.htpasswd_test
[04:34:37] 403 - 294B - /.httr-oauth
[04:34:37] 403 - 293B - /.htpasswds
[04:34:37] 403 - 287B - /.php
[04:34:37] 403 - 288B - /.php3
[04:34:51] 500 - 0B - /affiliate.php
[04:34:51] 500 - 0B - /api.php
[04:34:52] 500 - 0B - /article.php
[04:34:54] 403 - 309B - /cgi-bin/a1stats/a1disp.cgi
[04:34:54] 403 - 299B - /cgi-bin/logi.php
[04:34:54] 403 - 291B - /cgi-bin/
[04:34:54] 403 - 301B - /cgi-bin/awstats.pl
[04:34:54] 403 - 300B - /cgi-bin/login.cgi
[04:34:54] 403 - 299B - /cgi-bin/test-cgi
[04:34:54] 403 - 299B - /cgi-bin/test.cgi
[04:34:54] 403 - 299B - /cgi-bin/awstats/
[04:34:54] 403 - 303B - /cgi-bin/imagemap.exe?2,2
[04:34:54] 403 - 301B - /cgi-bin/htmlscript
[04:34:54] 403 - 302B - /cgi-bin/htimage.exe?2,2
[04:34:54] 403 - 302B - /cgi-bin/printenv.pl
[04:34:54] 403 - 301B - /cgi-bin/index.html
[04:34:54] 403 - 298B - /cgi-bin/php.ini
[04:34:54] 403 - 296B - /cgi-bin/login
[04:34:54] 403 - 302B - /cgi-bin/ViewLog.asp
[04:35:00] 200 - 3KB - /favicon.ico
[04:35:00] 500 - 0B - /gallery.php
[04:35:01] 200 - 12B - /index.php
[04:35:01] 200 - 12B - /index.php/login/
[04:35:01] 200 - 4KB - /htaccess.txt
[04:35:11] 302 - 0B - /search.php -> search.php?encode=YToxOntzOjE4OiJzZWFyY2hfZW5jb2RlX3RpbWUiO2k6MTY0NjIxMzcxMTt9
[04:35:11] 403 - 296B - /server-status
[04:35:11] 403 - 297B - /server-status/
[04:35:12] 200 - 470B - /robots.txt
[04:35:15] 500 - 0B - /user.php
发现有隐藏文件
上工具,用了很多,什么msf,啥的,最后只有这个工具跑出来了
华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。
更多推荐
1
0- 0
已为社区贡献2条内容
所有评论(0)