Notes Site.

Attacking Common Services

post @ 2024-10-07

SMB

TCP 445 用于直接通过 TCP/IP 传输的 SMB(常见于 SMBv2 和 SMBv3)

TCP/UDP 137-139 用于基于 NetBIOS 的 SMB(通常为 SMBv1)

Interact

运行 | 文件夹

1
\\192.168.220.129\share\

cmd | powershell

1
2
C:\> dir \\192.168.220.129\share\
PS C:\> Get-ChildItem \\192.168.220.129\share\

Mount SMB - CMD

1
2
3
4
5
6
7
8
9
10
# 连接到文件共享并将其内容映射到驱动器号 n
C:\> net use n: \\192.168.220.129\share [/user:uname passwd]

# 统计文件数量
C:\htb> dir n: /a-d /s /b | find /c ":\"

# 查找特定文件
C:\> dir n:\*cred* /s /b
# or
C:\> findstr /s /i cred n:\*.*
Read More

File Transfer

post @ 2024-10-02

Web

Basic

1
2
3
4
5
6
php -S 0.0.0.0:port
python3 -m http.server [port]		# 默认端口为 8000
ruby -run -e httpd . [-p port]		# 默认端口为 8080

# wget http://ip/file
# curl -O http://ip/file

Nginx PUT

1
2
sudo mkdir -p /var/www/uploads/SecretUploadDirectory
sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory

/etc/nginx/sites-available/upload.conf

1
2
3
4
5
6
7
8
server {
    listen 9001;
    
    location /SecretUploadDirectory/ {
        root    /var/www/uploads;
        dav_methods PUT;
    }
}

链接到sites-enabled目录下

1
sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/

启动服务

Read More
⬆︎TOP