Notes Site.

curl

post @ 2024-09-07 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Usage: curl [options...] <url>
-X,	--request <method>          设置请求方法
-d,	--data <data>               POST data
-H,	--header <header>           设置请求头
-A,	--user-agent <name>         设置User-Agent
-b, --cookie <data|file>        设置Cookie
-u,	--user <user:passwd>        Server user and passwd
-I, --head                      输出响应头
-i, --include                   输出响应包
-o,	--output <file>             写入文件
-O,	--remote-name               下载文件
-T,	--upload-file <file>        上传文件(PUT)
-F,	--form <file=@/file;type=*;filename=*; | field=value>    上传文件(POST)
-s,	--silent                    Silent mode, 无进度或错误信息
-k,	--insecure                  忽略 SSL 证书验证
-L,	--location                  跟随重定向
-v,	--verbose                   显示详细信息
--http2                         启用HTTP/2支持
--retry <1-5>                   设置重试次数
--max-time <seconds>            设置执行超时时间
--connect-timeout <seconds>     设置连接超时时间
--trace -                       查看请求的所有细节 (包括请求体和响应体)
-x,	--proxy	<<http|socks5>://[user:passwd@]host:port>    设置代理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 上传表单
curl -X POST -F "file=@/path/to/your/file.txt" http://example.com/upload
# [-H "Content-Type: multipart/form-data"]
# -F 选项会自动设置 Content-Type: multipart/form-data

# 上传多个表单
curl -X POST -F "file1=@/path/to/file1.txt" -F "file2=@/path/to/file2.txt" http://example.com/upload

# 上传流文件
curl -X POST --data-binary @/path/to/file.bin http://example.com/upload
# [-H "Content-Type: application/octet-stream"]

# Json格式
curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' http://example.com/api

# data数据
curl -X POST -d "key1=value1&key2=value2" http://example.com/api

# 授权请求头
-H "Authorization: Bearer YOUR_TOKEN"

Read More

HTB Runner

post @ 2024-08-02

Runner (Linux · Medium)

CVE-2023-42793 + CVE-2024-21626

枚举

nmap

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
nmap -A -T4 -Pn 10.10.11.13

Nmap scan report for runner.htb (10.10.11.13)
Host is up (0.51s latency).
Not shown: 979 closed tcp ports (conn-refused)
PORT      STATE    SERVICE       VERSION
22/tcp    open     ssh           OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA)
|_  256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519)
43/tcp    filtered whois
80/tcp    open     http          nginx 1.18.0 (Ubuntu)
|_http-title: Runner - CI/CD Specialists
|_http-server-header: nginx/1.18.0 (Ubuntu)
84/tcp    filtered ctf
1053/tcp  filtered remote-as
1119/tcp  filtered bnetgame
1145/tcp  filtered x9-icue
1272/tcp  filtered cspmlockmgr
1503/tcp  filtered imtc-mcs
1971/tcp  filtered netop-school
2383/tcp  filtered ms-olap4
3851/tcp  filtered spectraport
6510/tcp  filtered mcer-port
7007/tcp  filtered afs3-bos
8000/tcp  open     nagios-nsca   Nagios NSCA
| http-methods: 
|_  Supported Methods: OPTIONS
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
8087/tcp  filtered simplifymedia
9917/tcp  filtered unknown
20222/tcp filtered ipulse-ics
32782/tcp filtered unknown
49154/tcp filtered unknown
52869/tcp filtered unknown
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

80

1
2
3
4
5
6
7
8
9
curl http://10.10.11.13 -I

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 13 Aug 2024 10:00:10 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://runner.htb/

添加hosts

1
echo "10.10.11.13 runner.htb" | sudo tee -a /etc/host

ffuf

Read More
⬆︎TOP