环境准备
- 操作系统:Kali Linux 或者 Windows
- 工具:nmap,gobuster
nmap工具 [Kali 官网]
手册地址:https://www.kali.org/tools/nmap/
摘要:
Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and commandline modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.
Nmap是一种用于网络探索或安全审计的实用程序。它支持ping扫描(确定哪些主机已启动)、许多端口扫描技术、版本检测(确定在端口后面侦听的服务协议和应用程序版本)和TCP/IP指纹识别(远程主机操作系统或设备标识)。Nmap还提供灵活的目标和端口规范、诱饵/隐形扫描、sunRPC扫描等。大多数Unix和Windows平台都支持GUI和命令行模式。还支持几种流行的手持设备,包括Sharp Zaurus和iPAQ。
gobuster工具 [Kali 官网]
手册地址:https://www.kali.org/tools/gobuster/
摘要:
Gobuster is a tool used to brute-force URIs including directories and files as well as DNS subdomains.
Gobuster是一种用于暴力破解URI的工具,包括目录和文件以及DNS子域。
# gobuster dir -u http://10.129.202.36 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
任务点
TASK1
What does the acronym SQL stand for?
缩写SQL代表什么?
key:Structured Query Language
TASK2
What is one of the most common type of SQL vulnerabilities?
最常见的SQL漏洞类型是什么?
key:SQL injection
TASK3
What is the 2021 OWASP Top 10 classification for this vulnerability?
该漏洞的2021 OWASP前10名分类是什么?
key:A03:2021-Injection
TASK4
What does Nmap report as the service and version that are running on port 80 of the target?
Nmap报告的是在目标端口80上运行的服务和版本是什么?
┌──(root㉿kali)-[/home/martin/桌面]
└─# nmap -p 80 -sV 10.129.202.36
Starting Nmap 7.92 ( https://nmap.org ) at 2023-09-20 11:03 CST
Nmap scan report for 10.129.202.36
Host is up (0.34s latency).PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.38 ((Debian))Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.98 seconds
key:Apache httpd 2.4.38 ((Debian))
TASK5
What is the standard port used for the HTTPS protocol?
HTTPS协议使用的标准端口是什么?
key:443
TASK6
What is a folder called in web-application terminology?
在web应用程序术语中,文件夹的名称是什么?
key:directory
TASK7
What is the HTTP response code is given for ‘Not Found’ errors?
为“未找到”错误提供的HTTP响应代码是什么?
key:404
TASK8
Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we’re looking to discover directories, and not subdomains?
Gobuster是一种用于在Web服务器上强制执行目录的工具。我们在Gobuster中使用什么开关来指定我们要查找的是目录,而不是子域?
key:dir
TASK9
What single character can be used to comment out the rest of a line in MySQL?
MySQL中哪一个字符可以用来注释掉一行的其余部分?
key:#
TASK10
If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?
如果用户输入处理不当,可能会被解释为注释。在不知道密码的情况下,使用注释以管理员身份登录。返回的网页上的第一个单词是什么?
username:admin'#
password:1任意
key:Congratulations
Flag
key:e3d0796d002a446c0e622226f42e9672
