[网络协议] OWASP Juice Shop 学习二主动侦察 2

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 网络协议 -> OWASP Juice Shop 学习二主动侦察 2 -> 正文阅读

[网络协议]OWASP Juice Shop 学习二主动侦察 2

OWASP Juice Shop 学习二主动侦察 2

- 第三阶段：有针对性的扫描（接）
- - 使用 nikto 进行Web服务进行扫描
  - 使用浏览器开发者工具

第三阶段：有针对性的扫描（接）

使用 nikto 进行Web服务进行扫描

[root@192 program]# ./nikto.pl -h 192.168.31.202
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.31.202
+ Target Hostname:    192.168.31.202
+ Target Port:        80
+ Start Time:         2022-04-16 08:11:57 (GMT-7)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ Retrieved access-control-allow-origin header: *
+ No CGI Directories found (use '-C all' to force check all possible dirs)
line: /ftp/
+ Entry '/ftp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ "robots.txt" contains 1 entry which should be manually viewed.
+ /database.cer: Potentially interesting backup/cert file found. 
+ /192_168_31_202.tgz: Potentially interesting backup/cert file found. 
+ /192.168.alz: Potentially interesting backup/cert file found. 
+ /19216831202.tar.bz2: Potentially interesting backup/cert file found. 
+ /202.tgz: Potentially interesting backup/cert file found. 
+ /192168.jks: Potentially interesting backup/cert file found. 
+ /192.168.egg: Potentially interesting backup/cert file found. 
+ /dump.war: Potentially interesting backup/cert file found. 
+ /archive.egg: Potentially interesting backup/cert file found. 
+ /backup.alz: Potentially interesting backup/cert file found. 
+ /database.egg: Potentially interesting backup/cert file found. 
+ /site.tar.lzma: Potentially interesting backup/cert file found. 
+ /31.cer: Potentially interesting backup/cert file found. 
+ /202.pem: Potentially interesting backup/cert file found. 
+ /192_168_31_202.tar.bz2: Potentially interesting backup/cert file found. 
+ /backup.jks: Potentially interesting backup/cert file found. 
+ /192.168.31.jks: Potentially interesting backup/cert file found. 
+ /site.tar.bz2: Potentially interesting backup/cert file found. 
+ /19216831202.alz: Potentially interesting backup/cert file found. 
+ /192.cer: Potentially interesting backup/cert file found. 
+ /192_168_31_202.jks: Potentially interesting backup/cert file found. 
+ /202.jks: Potentially interesting backup/cert file found. 
+ /19216831.tar.lzma: Potentially interesting backup/cert file found. 
+ /site.war: Potentially interesting backup/cert file found. 
+ /19216831.tar.bz2: Potentially interesting backup/cert file found. 
+ /192168.pem: Potentially interesting backup/cert file found. 
+ /168.egg: Potentially interesting backup/cert file found. 
+ /202.tar: Potentially interesting backup/cert file found. 
+ /backup.tar: Potentially interesting backup/cert file found. 
+ /168.tgz: Potentially interesting backup/cert file found. 
+ /archive.alz: Potentially interesting backup/cert file found. 
+ /backup.tar.lzma: Potentially interesting backup/cert file found. 
+ /192.168.31.tar.lzma: Potentially interesting backup/cert file found. 
+ /database.tgz: Potentially interesting backup/cert file found. 
+ /192.168.31.alz: Potentially interesting backup/cert file found. 
+ /192.168.31.202.tar.bz2: Potentially interesting backup/cert file found. 
+ /192_168_31_202.pem: Potentially interesting backup/cert file found. 
+ /database.tar.lzma: Potentially interesting backup/cert file found. 
+ /192.168.31.war: Potentially interesting backup/cert file found. 
+ /19216831.war: Potentially interesting backup/cert file found. 
+ /192_168_31_202.cer: Potentially interesting backup/cert file found. 
+ /192168.tgz: Potentially interesting backup/cert file found. 
+ /19216831.tar: Potentially interesting backup/cert file found. 
+ /19216831.egg: Potentially interesting backup/cert file found. 
+ /192.168.31.202.tar.lzma: Potentially interesting backup/cert file found. 
+ /dump.tgz: Potentially interesting backup/cert file found. 
+ /202.cer: Potentially interesting backup/cert file found. 
+ /dump.cer: Potentially interesting backup/cert file found. 
+ /192168.egg: Potentially interesting backup/cert file found. 
+ /19216831.pem: Potentially interesting backup/cert file found. 
+ /database.alz: Potentially interesting backup/cert file found. 
+ /192.168.31.202.war: Potentially interesting backup/cert file found. 
+ /31.tgz: Potentially interesting backup/cert file found. 
+ /31.pem: Potentially interesting backup/cert file found. 
+ /192168.tar.bz2: Potentially interesting backup/cert file found. 
+ /202.egg: Potentially interesting backup/cert file found. 
+ /31.tar.bz2: Potentially interesting backup/cert file found. 
+ /archive.tar.lzma: Potentially interesting backup/cert file found. 
+ /192_168_31_202.egg: Potentially interesting backup/cert file found. 
+ /backup.tgz: Potentially interesting backup/cert file found. 
+ /31.tar.lzma: Potentially interesting backup/cert file found. 
+ /168.pem: Potentially interesting backup/cert file found. 
+ /192.168.31.pem: Potentially interesting backup/cert file found. 
+ /dump.tar: Potentially interesting backup/cert file found. 
+ /192.168.31.tgz: Potentially interesting backup/cert file found. 
+ /31.jks: Potentially interesting backup/cert file found. 
+ /192.168.31.202.tgz: Potentially interesting backup/cert file found. 
+ /19216831202.egg: Potentially interesting backup/cert file found. 
+ /31.war: Potentially interesting backup/cert file found. 
+ /192.jks: Potentially interesting backup/cert file found. 
+ /backup.cer: Potentially interesting backup/cert file found. 
+ /192.pem: Potentially interesting backup/cert file found. 
+ /192168.war: Potentially interesting backup/cert file found. 
+ /31.egg: Potentially interesting backup/cert file found. 
+ /site.jks: Potentially interesting backup/cert file found. 
+ /202.tar.bz2: Potentially interesting backup/cert file found. 
+ /192.tar: Potentially interesting backup/cert file found. 
+ /19216831.jks: Potentially interesting backup/cert file found. 
+ /168.cer: Potentially interesting backup/cert file found. 
+ /168.war: Potentially interesting backup/cert file found. 
+ /31.alz: Potentially interesting backup/cert file found. 
+ /database.tar.bz2: Potentially interesting backup/cert file found. 
+ /backup.tar.bz2: Potentially interesting backup/cert file found. 
+ /168.alz: Potentially interesting backup/cert file found. 
+ /192.168.31.202.tar: Potentially interesting backup/cert file found. 
+ /19216831.alz: Potentially interesting backup/cert file found. 
+ /archive.tar.bz2: Potentially interesting backup/cert file found. 
+ /168.jks: Potentially interesting backup/cert file found. 
+ /backup.war: Potentially interesting backup/cert file found. 
+ /site.pem: Potentially interesting backup/cert file found. 
+ /dump.alz: Potentially interesting backup/cert file found. 
+ /192.168.war: Potentially interesting backup/cert file found. 
+ /19216831202.tar: Potentially interesting backup/cert file found. 
+ /backup.egg: Potentially interesting backup/cert file found. 
+ /192.168.31.202.egg: Potentially interesting backup/cert file found. 
+ /19216831.cer: Potentially interesting backup/cert file found. 
+ /dump.tar.lzma: Potentially interesting backup/cert file found. 
+ /archive.cer: Potentially interesting backup/cert file found. 
+ /database.jks: Potentially interesting backup/cert file found. 
+ /202.war: Potentially interesting backup/cert file found. 
+ /database.pem: Potentially interesting backup/cert file found. 
+ /192_168_31_202.tar.lzma: Potentially interesting backup/cert file found. 
+ /192.alz: Potentially interesting backup/cert file found. 
+ /192_168_31_202.tar: Potentially interesting backup/cert file found. 
+ /192168.cer: Potentially interesting backup/cert file found. 
+ /19216831.tgz: Potentially interesting backup/cert file found. 
+ /site.cer: Potentially interesting backup/cert file found. 
+ /dump.egg: Potentially interesting backup/cert file found. 
+ /192.egg: Potentially interesting backup/cert file found. 
+ /192.war: Potentially interesting backup/cert file found. 
+ /192168.tar: Potentially interesting backup/cert file found. 
+ /dump.jks: Potentially interesting backup/cert file found. 
+ /192.tar.bz2: Potentially interesting backup/cert file found. 
+ /192_168_31_202.war: Potentially interesting backup/cert file found. 
+ /202.tar.lzma: Potentially interesting backup/cert file found. 
+ /192.tgz: Potentially interesting backup/cert file found. 
+ /19216831202.jks: Potentially interesting backup/cert file found. 
+ /19216831202.tar.lzma: Potentially interesting backup/cert file found. 
+ /archive.tar: Potentially interesting backup/cert file found. 
+ /192.168.tar: Potentially interesting backup/cert file found. 
+ /site.tgz: Potentially interesting backup/cert file found. 
+ /site.egg: Potentially interesting backup/cert file found. 
+ /192.168.jks: Potentially interesting backup/cert file found. 
+ /192.168.31.202.pem: Potentially interesting backup/cert file found. 
+ /19216831202.cer: Potentially interesting backup/cert file found. 
+ /31.tar: Potentially interesting backup/cert file found. 
+ /19216831202.pem: Potentially interesting backup/cert file found. 
+ /192.168.31.tar: Potentially interesting backup/cert file found. 
+ /192_168_31_202.alz: Potentially interesting backup/cert file found. 
+ /dump.tar.bz2: Potentially interesting backup/cert file found. 
+ /192.168.31.egg: Potentially interesting backup/cert file found. 
+ /192168.alz: Potentially interesting backup/cert file found. 
+ /archive.pem: Potentially interesting backup/cert file found. 
+ /168.tar.bz2: Potentially interesting backup/cert file found. 
+ /backup.pem: Potentially interesting backup/cert file found. 
+ /archive.tgz: Potentially interesting backup/cert file found. 
+ /192168.tar.lzma: Potentially interesting backup/cert file found. 
+ /19216831202.tgz: Potentially interesting backup/cert file found. 
+ /192.tar.lzma: Potentially interesting backup/cert file found. 
+ /archive.jks: Potentially interesting backup/cert file found. 
+ /dump.pem: Potentially interesting backup/cert file found. 
+ /202.alz: Potentially interesting backup/cert file found. 
+ /site.alz: Potentially interesting backup/cert file found. 
+ /192.168.31.tar.bz2: Potentially interesting backup/cert file found. 
+ /192.168.31.202.cer: Potentially interesting backup/cert file found. 
+ /archive.war: Potentially interesting backup/cert file found. 
+ /192.168.tar.bz2: Potentially interesting backup/cert file found. 
+ /192.168.cer: Potentially interesting backup/cert file found. 
+ /192.168.tgz: Potentially interesting backup/cert file found. 
+ /192.168.31.202.jks: Potentially interesting backup/cert file found. 
+ /192.168.31.202.alz: Potentially interesting backup/cert file found. 
+ /192.168.31.cer: Potentially interesting backup/cert file found. 
+ /site.tar: Potentially interesting backup/cert file found. 
+ /database.war: Potentially interesting backup/cert file found. 
+ /168.tar: Potentially interesting backup/cert file found. 
+ /database.tar: Potentially interesting backup/cert file found. 
+ /19216831202.war: Potentially interesting backup/cert file found. 
+ /192.168.pem: Potentially interesting backup/cert file found. 
+ /192.168.tar.lzma: Potentially interesting backup/cert file found. 
+ /168.tar.lzma: Potentially interesting backup/cert file found. 
+ OSVDB-3092: /ftp/: This might be interesting.
+ OSVDB-3092: /public/: This might be interesting.
+ /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php: NextGEN Gallery LFI, see https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/
+ /wordpress/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php: NextGEN Gallery LFI, see https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/
+ ERROR: Error limit (20) reached for host, giving up. Last error: 
+ SCAN TERMINATED:  2 error(s) and 167 item(s) reported on remote host
+ End Time:           2022-04-16 08:13:52 (GMT-7) (115 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

从运行结果分析，
OSVDB-3092: /ftp/: This might be interesting.
OSVDB-3092: /public/: This might be interesting.

/ftp目录
使用浏览器访问 /ftp，解锁 “ Confidential Document ” 成就，1星级难度。

/backup/cert目录
使用浏览器访问 /backup/cert，解锁 “ Error Handling ” 成就，1星级难度。

score-board 记分牌

使用浏览器开发者工具

Chrome 浏览器，按 F12 开发者工具，访问http://192.168.31.202/，点击网络->全部-> application-configuration->预览，展开Json 中的securityTxt -> acknowledgements，发现隐藏页面 “/#/score-board”。

Chrome 浏览器，按 F12 开发者工具，访问 http://192.168.31.202/#/score-board ，显示计分板页面。
解锁 “ Score Board ” 成就，1星级难度。