点击标题即可进入对应靶机下载地址1.medium_socnet扫描发现5000端口的web页面和后台admin页面python代码执行一个反弹shell获得webshell而且是root权限，发现是在docker容器内部（cat/proc/1/cgroup查看初始进程id号发现有docker证明一定处于docker容器内部）foriin$(seq110);doping-c1172.17.0.$i;done扫描内网存活ip用venom进行内网穿透将该docker机映射到kai，然后挂上socket5代理，使用proxychains进行代理，就可以使用nmap等工具对内网进行探测探测发现内网的17

点击标题即可进入对应靶机下载地址1.medium_socnet扫描发现5000端口的web页面和后台admin页面python代码执行一个反弹shell获得webshell而且是root权限，发现是在docker容器内部（cat/proc/1/cgroup查看初始进程id号发现有docker证明一定处于docker容器内部）foriin$(seq110);doping-c1172.17.0.$i;done扫描内网存活ip用venom进行内网穿透将该docker机映射到kai，然后挂上socket5代理，使用proxychains进行代理，就可以使用nmap等工具对内网进行探测探测发现内网的17

PowerGrid识别目标主机IP地址(kali㉿kali)-[~/Desktop/Vulnhub/PowerGrid]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/Reppackets,from3hosts.Totalsize:180_____________________________________________________________________________IPAtMACAddressC

PowerGrid识别目标主机IP地址(kali㉿kali)-[~/Desktop/Vulnhub/PowerGrid]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/Reppackets,from3hosts.Totalsize:180_____________________________________________________________________________IPAtMACAddressC

vulnhub靶场渗透实战15-matrix-breakout-2-morpheus靶机搭建：vulnhub上是说vbox里更合适。可能有vbox版本兼容问题，我用的vmware导入。靶场下载地址：https://download.vulnhub.com/matrix-breakout/matrix-breakout-2-morpheus.ova网络模式：桥接。一：信息收集2；访问端口信息。三位一体不会玩。3；目录爆破一下，继续寻找。4；文件爆破一下，ffuf-uhttp://192.168.1.35/FUZZ-w/usr/share/dirbuster/wordlists/directory

vulnhub靶场渗透实战15-matrix-breakout-2-morpheus靶机搭建：vulnhub上是说vbox里更合适。可能有vbox版本兼容问题，我用的vmware导入。靶场下载地址：https://download.vulnhub.com/matrix-breakout/matrix-breakout-2-morpheus.ova网络模式：桥接。一：信息收集2；访问端口信息。三位一体不会玩。3；目录爆破一下，继续寻找。4；文件爆破一下，ffuf-uhttp://192.168.1.35/FUZZ-w/usr/share/dirbuster/wordlists/directory

HackNos1识别目标主机IP地址(kali㉿kali)-[~/Vulnhub/HackNos1]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/Reppackets,from3hosts.Totalsize:180_____________________________________________________________________________IPAtMACAddressCountLenMAC

HackNos1识别目标主机IP地址(kali㉿kali)-[~/Vulnhub/HackNos1]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/Reppackets,from3hosts.Totalsize:180_____________________________________________________________________________IPAtMACAddressCountLenMAC

Player1识别目标主机IP地址kali㉿kali)-[~/Desktop/Vulnhub/Player]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/Reppackets,from3hosts.Totalsize:180_____________________________________________________________________________IPAtMACAddressCountLe

Player1识别目标主机IP地址kali㉿kali)-[~/Desktop/Vulnhub/Player]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/Reppackets,from3hosts.Totalsize:180_____________________________________________________________________________IPAtMACAddressCountLe