Calamity(web rce) 12345678922/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 2048 b6:46:31:9c:b5:71:c5:96:91:7d:e4:63:16:f9:59:a2 (RSA)| 256 10:c4:09:b9:48:f1:8c:45:2 2019-03-21 training training
cronOS(域名查询) 123456Discovered open port 22/tcp on 10.10.10.13 Discovered open port 53/udp on 10.10.10.13 Discovered open port 80/tcp on 10.10 2019-03-16 training training
Nibbles(sudo no pass ) 端口扫描nmap -sS -Pn 10.10.10.75 -vv 12345678**22/tcp open ssh syn-ack ttl 63**30/tcp filtered unknown no-response**80/tcp open http syn-ack ttl 63**646/tcp 2019-03-14 training training
Carrier(snmp泄露敏感信息) scan12345678910111222/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 2048 15:a4:28:77:ee:13:07:06:34:09:86:fd:6f:cc:4c:e2 (RSA)| 256 37:be:de:07:0f:10:bb:2b: 2019-03-12 training training command execution
snmp&snmpwalk 161端口——snmp协议参考资料: http://www.freebuf.com/vuls/133517.html http://www.cnblogs.com/LittleHann/p/3834860.html SNMP = simple network manage protocol = 简单网络管理协议 一个路由器,用SNMP协议报告带宽利用率、冲突率等信息。当snmp协议 配置不当, 2019-03-11 tools tools
Irked(suid提权) info:1234567891011121314nmap -sS -Pn IP22/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u4 (protocol 2.0)80/tcp open http Apache httpd 2.4.10 ((Debian))111/tcp open rpcbind 2-4 (RPC #100000)22/t 2019-03-10 training training
Lazy(密码学相关) 1234567891022/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)| ssh-hostkey: | 1024 e1:92:1b:48:f8:9b:63:96:d4:e5:7a:40:5f:a4:c8:33 (DSA)| 2048 af:a0:0f:26:cd:1a:b5 2019-03-09 training training
03-08-sql-inject scan123480/tcp open http cloudflare443/tcp open ssl/https cloudflare8080/tcp open http-proxy cloudflare8443/tcp open ssl/https-alt cloudflare 确认为一个web server,有云防护,不允许直接ip访问 pin 2019-03-08 record sql
Bastard(drupal插件导致远程代码执行) 10.10.10.9 scan12380/tcp open http Microsoft IIS httpd 7.5135/tcp open msrpc Microsoft Windows RPC49154/tcp open msrpc Microsoft Windows RPC webcms: drupal 7 Drupal 以权限划分用户可见页面,当使用超级管理员 2019-03-05 training training cms windows
读后感·互联网企业安全高级指南 上一篇:如何寻找一家靠谱的公司 引子第二份实习由于想要毕业以后,做信息安全服务or渗透测试相关的工作,学校课程又比较少,我又去找了一份实习。实习还是有一些收获,虽然不是技术方面,但我不禁想要谈谈工作相关的话题。 公司名字具体叫什么,我就不说了。当初面试的时候,我问A先生(技术负责人),是否有大佬带实习生。公司的人敷衍塞责过去了,说这点东西都还要人带-。-…..顺便diss了我的技术水平。 我以为是 2019-03-04 View View