hack the box-crocodile-爱代码爱编程
申请虚拟靶机,获取目标IP地址。
Task1
What nmap scanning switch employs the use of default scripts during a scan? (nmap默认扫描参数?)
-sC
Task2
What service version is found to be running on port 21? (21端口运行服务的版本?)
vsftpd 3.0.3
Task3
What FTP code is returned to us for the "Anonymous FTP login allowed" message? (FTP允许匿名访问的返回值是多少?)
230
Task4
What command can we use to download the files we find on the FTP server? (什么命令用来下载文件?)
get
Task5
What is one of the higher-privilege sounding usernames in the list we retrieved? (用户列表中哪个权限好像更高? )
admin
Task6
What version of Apache HTTP Server is running on the target host? (目标主机阿帕奇HTTP服务的版本?)
2.4.41
Task7
What is the name of a handy web site analysis plug-in we can install in our browser? (辅助分析网站的浏览器插件?)
Wappalyzer
Task8
What switch can we use with gobuster to specify we are looking for specific filetypes? (gobuster的什么参数用来查找指定类型文件?)
-x
Task9
What file have we found that can provide us a foothold on the target?
没用gobuster,使用的dirsearch。
login.php
Task10
Submit root flag
访问login.php,想到前面ftp服务获得的账号和密码,进行尝试登录,成功!
c7110277ac44d78b6a9fff2232434d16