Algernon | EPICFS <> BLOG

Algernon

2901 min

2025-3-10

Source

https://portal.offsec.com/labs/practice

Date

Mar 9, 2025 → Mar 9, 2025

Tag

Nmap

Brute Force

Web Exploitation

192.168.151.65

Nmap

notion image

Service scan Timing: About 16.67% done; ETC: 01:03 (0:00:30 remaining) Nmap scan report for 192.168.151.65 Host is up (0.052s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd 80/tcp open http Microsoft IIS httpd 10.0 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 9998/tcp open http Microsoft IIS httpd 10.0 Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 56.53 seconds

80, 9998

notion image

80

notion image

9998

nothing can found, and dir burte force are keeping scanning, try try ftp

21

notion image

可以登录，Logs里面有个文件很感兴趣，拿下来看看

notion image

可以确定，用户名为admin

💡

目录扫描也结束了，没有发现什么有用的地方，那么接下来的思路就是用户爆破。

9998 admin burte force

先尝试弱密码

不成功，并且会被强制锁次数

notion image

查看console，发现他是经过API去验证的，尝试绕过UI直接经API去burte force

notion image

notion image

notion image

提示domain没有找到但是我们目前不知道domain是什么

notion image

找到网页托管程序的版本，试试看能不能找到poc

notion image

尝试使用poc，成功进入

notion image

成功进入

notion image

你好！我是

EPICFS

EPICFS

目前成就:

✨证书✨

CISP - 注册信息安全专业人员

AZ900 - Microsoft Azure 基础知识

Blue Team level one - 蓝队 1 级初级安全操作认证

CRTP - Certified Red Team Professional

📖正在📖

OSCP - Offensive Security Certified Professional

交流频道

加入我们的社群讨论分享

点击加入社群

Latest posts

⁴

⁴

⁴

⁴

³

³

¹

¹

云计算基础

¹

¹

¹

文章数:

7

建站天数:

226 天