[OSCP] Nmap nse-vulnerability-scripts
- 보안/OSCP
- 2024. 10. 24.
반응형
필요한 CVE코드를 검색
#wget https://raw.githubusercontent.com/<repository_path>/CVE-2021-41773.nse
위 명령어를 통해 디렉토리에 복사
#sudo cp CVE-2021-41773.nse /usr/share/nmap/scripts/
NSE 스크립트에 복사
#sudo nmap --script-updatedb
NSE DB 업데이트
#curl -k -x get "URL"
명령어를 통해 해당 passwd에 접근 (마지막 사용자 확인)
- Follow the steps above and use the vuln NSE script category against VM #1. Listing 5 shows that the target is vulnerable to CVE-2021-41773, but the redacted output omits multiple additional found CVEs. Enter one of the other found CVEs from 2021.
--> CVE-2021-41524 - Capstone Labs: Follow the steps above to perform the vulnerability scan with the custom NSE script on VM #1. Copy the link from the script output after Verify arbitrary file read: and use it as a parameter for curl. This will retrieve the content of /etc/passwd of the target machine and display it. Be aware that you need to use http instead of https while keeping port 443 when you paste the link. Embed the last username of the file in the braces of "OS{}" and provide it as the answer to this exercise.
--> OS{d47834a7b719fc8696ea3f320da05e8e}
반응형
'보안 > OSCP' 카테고리의 다른 글
| [OSCP] Enumerating and Abusing APIs (0) | 2024.10.29 |
|---|---|
| [OSCP] Directory Brute Force with Gobuster (0) | 2024.10.28 |
| [OSCP] Information Gathering - SNMP enumeration (0) | 2024.10.24 |
| [OSCP] Information Gathering - SMTP enumeration (0) | 2024.10.23 |
| [OSCP] Information Gathering - SMB enumeration (0) | 2024.10.22 |