Home » Tags

Target

Vulnhub Nullbyte

信息收集 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 ┌──(root㉿kali)-[~] └─# arp-scan 192.168.56.0/24 Interface: eth0, type: EN10MB, MAC: 00:0c:29:ef:b6:d2, IPv4: 192.168.56.107 Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan) 192.168.56.1 0a:00:27:00:00:0d (Unknown: locally administered) 192.168.56.100 08:00:27:d8:6c:85 PCS Systemtechnik GmbH 192.168.56.113 08:00:27:b5:82:c6 PCS Systemtechnik GmbH 3 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.10.0: 256 hosts scanned in 2.139 seconds (119.68 hosts/sec). 3 responded ┌──(root㉿kali)-[~] └─# nmap 192.168.56.113 -p- -sT -sV Starting Nmap 7.95 ( https://nmap.org ) at 2026-03-07 10:22 EST Nmap scan report for 192.168.56.113 Host is up (0.017s latency). Not shown: 65531 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.10 ((Debian)) 111/tcp open rpcbind 2-4 (RPC #100000) 777/tcp open ssh OpenSSH 6.7p1 Debian 5 (protocol 2.0) 45114/tcp open status 1 (RPC #100024) MAC Address: 08:00:27:B5:82:C6 (PCS Systemtechnik/Oracle VirtualBox virtual NIC) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.07 seconds ┌──(root㉿kali)-[~] └─# gobuster dir -u http://192.168.56.113/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt =============================================================== Gobuster v3.6 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Url: http://192.168.56.113/ [+] Method: GET [+] Threads: 10 [+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.6 [+] Timeout: 10s =============================================================== Starting gobuster in directory enumeration mode =============================================================== /uploads (Status: 301) [Size: 318] [--> http://192.168.56.113/uploads/] /javascript (Status: 301) [Size: 321] [--> http://192.168.56.113/javascript/] /phpmyadmin (Status: 301) [Size: 321] [--> http://192.168.56.113/phpmyadmin/] /server-status (Status: 403) [Size: 302] Progress: 220560 / 220561 (100.00%) =============================================================== Finished =============================================================== 尝试 phpmyadmin 漏洞 参考 phpmyadmin漏洞汇总-CSDN博客 ...

March 7, 2026 · 6 min · 1137 words · flash122u