![[Meachines] [Medium] Querier XLSM宏+MSSQL NTLM哈希窃取(…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/b421a60698df149fb78f89585f7011-400x280-c.jpg "[Meachines] [Medium] Querier XLSM宏+MSSQL NTLM哈希窃取(…缩略图")
信息收集IP AddressOpening Ports10.10.10.125TCP:135, 139, 445, 1433, 5985, 47001, 49664, 49665,…
![[Meachines] [Medium] Jeeves Jenkins-RCE+KeePass-Cr…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/5b8d756637a993ab1d9a64d7d54a18-400x280-c.jpg "[Meachines] [Medium] Jeeves Jenkins-RCE+KeePass-Cr…缩略图")
信息收集IP AddressOpening Ports10.10.10.63TCP:80,135,445,50000$ nmap -p- 10.10.10.63 --min-rat…
![[Meachines] [Insane] Jail BOF+Socket Re-Use+NFS UI…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/f53cbd17d83ae5e1313b8357563c1a-400x280-c.jpg "[Meachines] [Insane] Jail BOF+Socket Re-Use+NFS UI…缩略图")
概要总的来说这个靶机局限性很强,流量出入口只能是22,2049,7411。无法在靶机建立反向shell到kali(root用户防火墙过滤策略)。你需要通过这个极其狭小的空间进行权限…
![[Meachines] [Hard] Falafel SQLMAP 登入页面盲注+文件截断上传+MC…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/c4644430151d8f5ec4216411cf74e2-400x280-c.jpg "[Meachines] [Hard] Falafel SQLMAP 登入页面盲注+文件截断上传+MC…缩略图")
信息收集IP AddressOpening Ports10.10.10.73TCP:22,80$ nmap -p- 10.10.10.73 --min-rate 1000 -sC …
![[Meachines] [Hard] Quick HTTP3(QUIC)+ESI-Injection…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/229e37e9b2bcc5b54de2caeb8263ed-400x280-c.jpg "[Meachines] [Hard] Quick HTTP3(QUIC)+ESI-Injection…缩略图")
信息收集IP AddressOpening Ports10.10.10.186TCP:22,9001$ nmap -p- 10.10.10.186 --min-rate 1000 …
![[Meachines] [Medium] Nest .NET 逆向工程+Notepad配置泄露+VB…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/2425c44480c836c23a8256351e3ca3-400x280-c.jpg "[Meachines] [Medium] Nest .NET 逆向工程+Notepad配置泄露+VB…缩略图")
信息收集IP AddressOpening Ports10.10.10.178TCP:445,4386$ nmap -p- 10.10.10.178 --min-rate 1000…
![[Meachines] [Easy] Netmon FTP匿名登录+PRTG 网络监控RCE权限提升缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/bbfd5fae68ecdf0ce75fa7447e27f9-400x280-c.jpg "[Meachines] [Easy] Netmon FTP匿名登录+PRTG 网络监控RCE权限提升缩略图")
信息收集IP AddressOpening Ports10.10.10.152TCP:21,135,139,139,445,5985$ nmap -p- 10.10.10.152 …
![[Meachines] [Medium] Bart Server Monitor+Internal …缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/8eb4e05a8e5a96c646d1b74b66fe53-400x280-c.jpg "[Meachines] [Medium] Bart Server Monitor+Internal …缩略图")
信息收集IP AddressOpening Ports10.10.10.81TCP:80$ nmap -p- 10.10.10.81 --min-rate 1000 -sC -sV…
![[Meachines] [Medium] Cascade DC域+SMB+ldap查询+TightV…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/ce5ba2f15ebe1a31cb81d16532e400-400x280-c.jpg "[Meachines] [Medium] Cascade DC域+SMB+ldap查询+TightV…缩略图")
信息收集IP AddressOpening Ports10.10.10.182TCP:53, 88, 135, 389, 445, 636, 3268, 3269, 5985$ n…
![[Meachines] [Easy] Sauna DC域+AS-REP+TGT票证窃取+AutoLo…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2024/09/65df2c9603c99bbee09cf4806ac1f3-400x280-c.jpg "[Meachines] [Easy] Sauna DC域+AS-REP+TGT票证窃取+AutoLo…缩略图")
信息收集IP AddressOpening Ports10.10.10.175TCP:53,80,88,135,139,389,445,464,593,3268,3269,5985…