Bizness
信息
Difficulty: Easy
Operating System: Linux
nmap 信息搜集
Nmap scan report for 10.10.11.252
Host is up (0.38s latency).
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 3e21d5dc2e61eb8fa63b242ab71c05d3 (RSA)
| 256 3911423f0c250008d72f1b51e0439d85 (ECDSA)
|_ 256 b06fa00a9edfb17a497886b23540ec95 (ED25519)
80/tcp open http nginx 1.18.0
|_http-title: Did not follow redirect to https://bizness.htb/
|_http-server-header: nginx/1.18.0
443/tcp open ssl/http nginx 1.18.0
|_http-title: Did not follow redirect to https://bizness.htb/
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=UK
| Not valid before: 2023-12-14T20:03:40
|_Not valid after: 2328-11-10T20:03:40
| tls-nextprotoneg:
|_ http/1.1
|_http-server-header: nginx/1.18.0
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
40081/tcp open tcpwrapped
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
探测 web 服务
添加 hosts 记录
10.10.11.252 bizness.htb
尝试直接访问 bizness.htb
在页面底部发现
Powered by Apache OFBiz
经过查询,发现存在 CVE-2023-49070,Apache OFBiz 的反序列化命令执行漏洞