https://fushuling.com/index.php/2024/01/06/%e6%98%a5%e7%a7%8b%e4%ba%91%e5%a2%83-hospital/ 春秋云境-Hospital – S1mh0’s Blog 春

Exchangesflag01扫一下 ──(kali㉿kali)-[~/桌面/tools/tools/fscan_all_version] └─$ ./fscan -h 39.98.109.189 ___

Certifyflag01┌──(kali㉿kali)-[~/桌面/tools/tools/fscan_all_version] └─$ ./fscan -h 39.98.107.120 ___

brute4roadflag01cd "/mnt/d/软件工具/渗透/tools/tools/fscan_all_version/fscan_all_version" ┌──(q1n9㉿LAPTOP-3H92FD9J)-[/mnt/d/软

timeflag0139.98.107.186 cd "/mnt/d/软件工具/渗透/tools/tools/fscan_all_version/fscan_all_version" q1n9@LAPTOP-3H92FD9J:/mnt/d

Tsclientcsflag1 弱密码：sa 1qaz!QAZ 1433mssql端口开放，于是能用mdut java -jar Multiple.Database.Utilization.Tools-2.1.1-jar-with

easyGooGooVVVY从Jenkins RCE看Groovy代码注入-先知社区 def process = "".class.forName('java.lang.Runtime') .getMethod('getRunti

Initialflag1先用fscan扫一下 ./fscan -h 39.99.138.127 -nobr(-nobr设置不爆破弱口令) 172.22.1.15扫出来有poc-yaml-thinkphp5023-method-rce