VulnHub-Seattle_V0.0.3
一、信息收集
1、主机发现
这里还是用以前写的 ARP扫描 的脚本,指定扫描的 端口 跟 IP地址段 。
root@kali:~/Desktop/valecalida's_Sript# python3 ARP_Scan.py -i eth0 10.87.51.0/24
[..] Making ARP scan...
IP: 10.87.51.1 MAC:00:50:56:c0:00:08
IP: 10.87.51.2 MAC:00:50:56:ea:29:0e
IP: 10.87.51.35 MAC:00:0c:29:58:60:d1可以直观的看到本次需要测试的靶机的 IP 为:10.87.51.35
2、端口扫描
老规矩,先上 Nmap
root@kali:~/Desktop/valecalida's_Sript# nmap -A 10.87.51.35
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-09 08:13 EDT
Nmap scan report for 10.87.51.35
Host is up (0.00099s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.16 ((Fedora) OpenSSL/1.0.2d-fips PHP/5.6.14)
|_http-server-header: Apache/2.4.16 (Fedora) OpenSSL/1.0.2d-fips PHP/5.6.14
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
MAC Address: 00:0C:29:58:60:D1 (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.10 - 4.11, Linux 3.2 - 4.9
Network Distance: 1 hop发现本次居然只开了一个 80 端口作为服务,看一下页面
使用 whatweb 扫描一下
➜ Savalen whatweb http://10.87.51.35
http://10.87.51.35 [200 OK] Apache[2.4.16], Cookies[level], Country[RESERVED][ZZ], HTTPServer[Fedora Linux][Apache/2.4.16 (Fedora) OpenSSL/1.0.2d-fips PHP/5.6.14], IP[10.87.51.35], OpenSSL[1.0.2d-fips], PHP[5.6.14], X-Powered-By[PHP/5.6.14]
