duangsuse 先把目标指向 🌶🐔 mcteam.com

🌚 fx 告诉我 Metasploit 的一个 Java GUI 客户端是恶意软件 🌚

他们还有商业版的, 和 burp suite 一样

burp 真好用 🌚...

那个主机视图不能用

Armitage 的功能废掉一半, 回去用 msfconsole 算了

用 WebDav 的那个 buffer ovf
第一次看起来好像正常，但最后没会话
后来告诉我 WebDav 响应不正常
RHOST = www.mcteam.info
RPORT = 333

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <https://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <https://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

charity100.org (🌶🐔)
21: FTP Pure-FTPd
25: SMTP?
53: domain ISC BIND 9.8.2rc1 (RHEL 6)
80: http Apache (WordPress 4.8.6) (robots.txt)
110: pop3 Dovecot pop3d
143: imap Dovecot imapd
443: ssl Apache (robots.txt) (cPanel)
voukgroup.org server.voukgroup.org
DNS:charity100.org, DNS:charity100.voukgroup.org, DNS:cpanel.charity100.org, DNS:mail.charity100.org, DNS:webdisk.charity100.org, DNS:webmail.charity100.org, DNS:www.charity100.org, DNS:www.charity100.voukgroup.org

465:ssl/smtp Exim smtpd 4.89_1
587: ^
993: Dovecot imapd
995: Dovecot pop3d
3306: mysql
Linux 2.6 RHEL6

从应用层开始找洞
Apache HTTP
PHP
WordPress

有趣: https://voukgroup.org/ ...
https://www.masterlo.com/