靶机渗透lazysysteemadmin

最新推荐文章于 2024-08-19 02:06:54 发布
最新推荐文章于 2024-08-19 02:06:54 发布
阅读量402 收藏 9
点赞数 4
文章标签: 服务器 网络 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/XYpangSJ/article/details/137612197
版权

前期工作

查看本机ip

 查询靶机ip 

靶机ip:192.168.87.141

扫下端口

看下网站

先无脑使用wpscan搜索漏洞

wpscan -url XX(ip)/wordpress

wpscan教程:【网安神器篇】——WPScan漏洞扫描工具-CSDN博客

┌──(root💀kali)-[~]
└─# wpscan --url http://192.168.87.141/wordpress
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.18
                               
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

[+] URL: http://192.168.87.141/wordpress/ [192.168.87.141]
[+] Started: Wed Apr 10 01:14:37 2024

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - Server: Apache/2.4.7 (Ubuntu)
 |  - X-Powered-By: PHP/5.5.9-1ubuntu4.22
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: http://192.168.87.141/wordpress/xmlrpc.php
 | Found By: Link Tag (Passive Detection)
 | Confidence: 100%
 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: http://192.168.87.141/wordpress/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Registration is enabled: http://192.168.87.141/wordpress/wp-login.php?action=register
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Upload directory has listing enabled: http://192.168.87.141/wordpress/wp-content/uploads/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: http://192.168.87.141/wordpress/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 4.8.1 identified (Insecure, released on 2017-08-02).
 | Found By: Rss Generator (Passive Detection)
 |  - http://192.168.87.141/wordpress/?feed=rss2, <generator>https://wordpress.org/?v=4.8.1</generator>
 |  - http://192.168.87.141/wordpress/?feed=comments-rss2, <generator>https://wordpress.org/?v=4.8.1</generator>

[+] WordPress theme in use: twentyfifteen
 | Location: http://192.168.87.141/wordpress/wp-content/themes/twentyfifteen/
 | Last Updated: 2024-04-02T00:00:00.000Z
 | Readme: http://192.168.87.141/wordpress/wp-content/themes/twentyfifteen/readme.txt
 | [!] The version is out of date, the latest version is 3.7
 | Style URL: http://192.168.87.141/wordpress/wp-content/themes/twentyfifteen/style.css?ver=4.8.1
 | Style Name: Twenty Fifteen
 | Style URI: https://wordpress.org/themes/twentyfifteen/
 | Description: Our 2015 default theme is clean, blog-focused, and designed for clarity. Twenty Fifteen's simple, st...
 | Author: the WordPress team
 | Author URI: https://wordpress.org/
 |
 | Found By: Css Style In Homepage (Passive Detection)
 |
 | Version: 1.8 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - http://192.168.87.141/wordpress/wp-content/themes/twentyfifteen/style.css?ver=4.8.1, Match: 'Version: 1.8'

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:00 <=====================================> (137 / 137) 100.00% Time: 00:00:00

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Wed Apr 10 01:14:52 2024
[+] Requests Done: 186
[+] Cached Requests: 5
[+] Data Sent: 48.314 KB
[+] Data Received: 21.195 MB
[+] Memory used: 260.281 MB
[+] Elapsed time: 00:00:15

没扫出什么漏洞

信息搜集

drib扫一下

┌──(root💀kali)-[~]
└─# dirb http://192.168.87.141/                                                                               130 ⨯

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Wed Apr 10 01:40:57 2024
URL_BASE: http://192.168.87.141/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://192.168.87.141/ ----
==> DIRECTORY: http://192.168.87.141/apache/                                                                       
+ http://192.168.87.141/index.html (CODE:200|SIZE:36072)                                                           
+ http://192.168.87.141/info.php (CODE:200|SIZE:77268)                                                             
==> DIRECTORY: http://192.168.87.141/javascript/                                                                   
==> DIRECTORY: http://192.168.87.141/old/                                                                          
==> DIRECTORY: http://192.168.87.141/phpmyadmin/                                                                   
+ http://192.168.87.141/robots.txt (CODE:200|SIZE:92)                                                              
+ http://192.168.87.141/server-status (CODE:403|SIZE:294)                                                          
==> DIRECTORY: http://192.168.87.141/test/                                                                         
==> DIRECTORY: http://192.168.87.141/wordpress/                                                                    
==> DIRECTORY: http://192.168.87.141/wp/                                                                           
                                                                                                                   
---- Entering directory: http://192.168.87.141/apache/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/javascript/ ----
==> DIRECTORY: http://192.168.87.141/javascript/jquery/                                                            
                                                                                                                   
---- Entering directory: http://192.168.87.141/old/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/ ----
+ http://192.168.87.141/phpmyadmin/favicon.ico (CODE:200|SIZE:18902)                                               
+ http://192.168.87.141/phpmyadmin/index.php (CODE:200|SIZE:8263)                                                  
==> DIRECTORY: http://192.168.87.141/phpmyadmin/js/                                                                
+ http://192.168.87.141/phpmyadmin/libraries (CODE:403|SIZE:301)                                                   
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/                                                            
+ http://192.168.87.141/phpmyadmin/phpinfo.php (CODE:200|SIZE:8265)                                                
+ http://192.168.87.141/phpmyadmin/setup (CODE:401|SIZE:460)                                                       
==> DIRECTORY: http://192.168.87.141/phpmyadmin/themes/                                                            
                                                                                                                   
---- Entering directory: http://192.168.87.141/test/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/ ----
+ http://192.168.87.141/wordpress/index.php (CODE:301|SIZE:0)                                                      
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/                                                           
==> DIRECTORY: http://192.168.87.141/wordpress/wp-content/                                                         
==> DIRECTORY: http://192.168.87.141/wordpress/wp-includes/                                                        
+ http://192.168.87.141/wordpress/xmlrpc.php (CODE:405|SIZE:42)                                                    
                                                                                                                   
---- Entering directory: http://192.168.87.141/wp/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/javascript/jquery/ ----
+ http://192.168.87.141/javascript/jquery/jquery (CODE:200|SIZE:252879)                                            
+ http://192.168.87.141/javascript/jquery/version (CODE:200|SIZE:5)                                                
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/js/ ----
==> DIRECTORY: http://192.168.87.141/phpmyadmin/js/jquery/                                                         
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ ----
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/ar/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/bg/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/ca/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/cs/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/da/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/de/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/el/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/es/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/et/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/fi/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/fr/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/gl/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/hi/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/hr/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/hu/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/id/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/it/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/ja/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/ko/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/lt/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/nl/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/pl/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/pt/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/pt_BR/                                                      
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/ro/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/ru/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/si/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/sk/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/sl/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/sv/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/th/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/tr/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/uk/                                                         
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/zh_CN/                                                      
==> DIRECTORY: http://192.168.87.141/phpmyadmin/locale/zh_TW/                                                      
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/themes/ ----
==> DIRECTORY: http://192.168.87.141/phpmyadmin/themes/original/                                                   
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/ ----
+ http://192.168.87.141/wordpress/wp-admin/admin.php (CODE:302|SIZE:0)                                             
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/css/                                                       
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/images/                                                    
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/includes/                                                  
+ http://192.168.87.141/wordpress/wp-admin/index.php (CODE:302|SIZE:0)                                             
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/js/                                                        
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/maint/                                                     
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/network/                                                   
==> DIRECTORY: http://192.168.87.141/wordpress/wp-admin/user/                                                      
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-content/ ----
+ http://192.168.87.141/wordpress/wp-content/index.php (CODE:200|SIZE:0)                                           
==> DIRECTORY: http://192.168.87.141/wordpress/wp-content/plugins/                                                 
==> DIRECTORY: http://192.168.87.141/wordpress/wp-content/themes/                                                  
==> DIRECTORY: http://192.168.87.141/wordpress/wp-content/upgrade/                                                 
==> DIRECTORY: http://192.168.87.141/wordpress/wp-content/uploads/                                                 
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/js/jquery/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ar/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/bg/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ca/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/cs/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/da/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/de/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/el/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/es/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/et/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/fi/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/fr/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/gl/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/hi/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/hr/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/hu/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/id/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/it/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ja/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ko/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/lt/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/nl/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/pl/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/pt/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/pt_BR/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ro/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/ru/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/si/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/sk/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/sl/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/sv/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/th/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/tr/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/uk/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/zh_CN/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/locale/zh_TW/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/themes/original/ ----
==> DIRECTORY: http://192.168.87.141/phpmyadmin/themes/original/css/                                               
==> DIRECTORY: http://192.168.87.141/phpmyadmin/themes/original/img/                                               
==> DIRECTORY: http://192.168.87.141/phpmyadmin/themes/original/jquery/                                            
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/maint/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/network/ ----
+ http://192.168.87.141/wordpress/wp-admin/network/admin.php (CODE:302|SIZE:0)                                     
+ http://192.168.87.141/wordpress/wp-admin/network/index.php (CODE:302|SIZE:0)                                     
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-admin/user/ ----
+ http://192.168.87.141/wordpress/wp-admin/user/admin.php (CODE:302|SIZE:0)                                        
+ http://192.168.87.141/wordpress/wp-admin/user/index.php (CODE:302|SIZE:0)                                        
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-content/plugins/ ----
+ http://192.168.87.141/wordpress/wp-content/plugins/index.php (CODE:200|SIZE:0)                                   
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-content/themes/ ----
+ http://192.168.87.141/wordpress/wp-content/themes/index.php (CODE:200|SIZE:0)                                    
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-content/upgrade/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/wordpress/wp-content/uploads/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/themes/original/css/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/themes/original/img/ ----
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/themes/original/jquery/ ----
==> DIRECTORY: http://192.168.87.141/phpmyadmin/themes/original/jquery/images/                                     
                                                                                                                   
---- Entering directory: http://192.168.87.141/phpmyadmin/themes/original/jquery/images/ ----
                                                                                                                   
-----------------
END_TIME: Wed Apr 10 01:47:43 2024
DOWNLOADED: 253660 - FOUND: 22

什么乱七八糟的,但是也不是不能看

用御剑扫一下看看能不能简略一点 

非常理想

访问关键节点robot

给出了几个可访问节点,依次访问

访问到/Backnode_files/时

获得信息 有个人叫togie

使用smbclient扫描22端口

 smbclient使用教程:http://t.csdnimg.cn/icNws

发现share$文件浏览器访问不了

没密码,思路中断 

使用 enum4linux 扫描445 端口

有个phpmyadmin 看看可不可以搞进去

记得之前有个445端口

445端口是一个毁誉参半的端口,有了它我们可以在局域网中轻松访问各种共享文件夹或共享打印机,但也正是因为有了它,黑客们才有了可乘之机,他们能通过该端口偷偷共享你的硬盘,甚至会在悄无声息中将你的硬盘格式化掉。
samba 默认使用的是tcp 445端口
引自https://blog.csdn.net/shinygod/article/details/129088126?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522171272691016800225578015%2522%252C%2522scm%2522%253A%252220140713.130102334..%2522%257D&request_id=171272691016800225578015&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~baidu_landing_v2~default-5-129088126-null-null.142^v100^pc_search_result_base8&utm_term=lazysysadmin1&spm=1018.2226.3001.4187

enum4linux使用教程:http://t.csdnimg.cn/ufnEn

┌──(root💀kali)-[~]
└─# enum4linux 192.168.87.141
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Wed Apr 10 01:29:27 2024

 ========================== 
|    Target Information    |
 ========================== 
Target ........... 192.168.87.141
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none


 ====================================================== 
|    Enumerating Workgroup/Domain on 192.168.87.141    |
 ====================================================== 
[+] Got domain/workgroup name: WORKGROUP

 ============================================== 
|    Nbtstat Information for 192.168.87.141    |
 ============================================== 
Looking up status of 192.168.87.141
        LAZYSYSADMIN    <00> -         B <ACTIVE>  Workstation Service
        LAZYSYSADMIN    <03> -         B <ACTIVE>  Messenger Service
        LAZYSYSADMIN    <20> -         B <ACTIVE>  File Server Service
        WORKGROUP       <00> - <GROUP> B <ACTIVE>  Domain/Workgroup Name
        WORKGROUP       <1e> - <GROUP> B <ACTIVE>  Browser Service Elections

        MAC Address = 00-00-00-00-00-00

 ======================================= 
|    Session Check on 192.168.87.141    |
 ======================================= 
[+] Server 192.168.87.141 allows sessions using username '', password ''

 ============================================= 
|    Getting domain SID for 192.168.87.141    |
 ============================================= 
Domain Name: WORKGROUP
Domain Sid: (NULL SID)
[+] Can't determine if host is part of domain or part of a workgroup

 ======================================== 
|    OS information on 192.168.87.141    |
 ======================================== 
Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464.
[+] Got OS info for 192.168.87.141 from smbclient: 
[+] Got OS info for 192.168.87.141 from srvinfo:
        LAZYSYSADMIN   Wk Sv PrQ Unx NT SNT Web server
        platform_id     :       500
        os version      :       6.1
        server type     :       0x809a03

 =============================== 
|    Users on 192.168.87.141    |
 =============================== 
Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.

Use of uninitialized value $users in print at ./enum4linux.pl line 888.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890.

 =========================================== 
|    Share Enumeration on 192.168.87.141    |
 =========================================== 

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        share$          Disk      Sumshare
        IPC$            IPC       IPC Service (Web server)
SMB1 disabled -- no workgroup available

[+] Attempting to map shares on 192.168.87.141
//192.168.87.141/print$ Mapping: DENIED, Listing: N/A
//192.168.87.141/share$ Mapping: OK, Listing: OK
//192.168.87.141/IPC$   [E] Can't understand response:
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \*

 ====================================================== 
|    Password Policy Information for 192.168.87.141    |
 ====================================================== 


[+] Attaching to 192.168.87.141 using a NULL share

[+] Trying protocol 139/SMB...

[+] Found domain(s):

        [+] LAZYSYSADMIN
        [+] Builtin

[+] Password Info for Domain: LAZYSYSADMIN

        [+] Minimum password length: 5
        [+] Password history length: None
        [+] Maximum password age: Not Set
        [+] Password Complexity Flags: 000000

                [+] Domain Refuse Password Change: 0
                [+] Domain Password Store Cleartext: 0
                [+] Domain Password Lockout Admins: 0
                [+] Domain Password No Clear Change: 0
                [+] Domain Password No Anon Change: 0
                [+] Domain Password Complex: 0

        [+] Minimum password age: None
        [+] Reset Account Lockout Counter: 30 minutes 
        [+] Locked Account Duration: 30 minutes 
        [+] Account Lockout Threshold: None
        [+] Forced Log off Time: Not Set


[+] Retieved partial password policy with rpcclient:

Password Complexity: Disabled
Minimum Password Length: 5


 ================================ 
|    Groups on 192.168.87.141    |
 ================================ 

[+] Getting builtin groups:

[+] Getting builtin group memberships:

[+] Getting local groups:

[+] Getting local group memberships:

[+] Getting domain groups:

[+] Getting domain group memberships:

 ========================================================================= 
|    Users on 192.168.87.141 via RID cycling (RIDS: 500-550,1000-1050)    |
 ========================================================================= 
[I] Found new SID: S-1-22-1
[I] Found new SID: S-1-5-21-2952042175-1524911573-1237092750
[I] Found new SID: S-1-5-32
[+] Enumerating users using SID S-1-5-21-2952042175-1524911573-1237092750 and logon username '', password ''
S-1-5-21-2952042175-1524911573-1237092750-500 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-501 LAZYSYSADMIN\nobody (Local User)
S-1-5-21-2952042175-1524911573-1237092750-502 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-503 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-504 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-505 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-506 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-507 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-508 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-509 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-510 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-511 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-512 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-513 LAZYSYSADMIN\None (Domain Group)
S-1-5-21-2952042175-1524911573-1237092750-514 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-515 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-516 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-517 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-518 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-519 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-520 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-521 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-522 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-523 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-524 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-525 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-526 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-527 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-528 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-529 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-530 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-531 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-532 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-533 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-534 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-535 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-536 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-537 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-538 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-539 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-540 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-541 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-542 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-543 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-544 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-545 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-546 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-547 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-548 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-549 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-550 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1000 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1001 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1002 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1003 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1004 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1005 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1006 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1007 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1008 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1009 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1010 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1011 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1012 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1013 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1014 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1015 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1016 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1017 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1018 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1019 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1020 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1021 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1022 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1023 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1024 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1025 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1026 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1027 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1028 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1029 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1030 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1031 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1032 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1033 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1034 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1035 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1036 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1037 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1038 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1039 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1040 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1041 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1042 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1043 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1044 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1045 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1046 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1047 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1048 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1049 *unknown*\*unknown* (8)
S-1-5-21-2952042175-1524911573-1237092750-1050 *unknown*\*unknown* (8)
[+] Enumerating users using SID S-1-22-1 and logon username '', password ''
S-1-22-1-1000 Unix User\togie (Local User)
[+] Enumerating users using SID S-1-5-32 and logon username '', password ''
S-1-5-32-500 *unknown*\*unknown* (8)
S-1-5-32-501 *unknown*\*unknown* (8)
S-1-5-32-502 *unknown*\*unknown* (8)
S-1-5-32-503 *unknown*\*unknown* (8)
S-1-5-32-504 *unknown*\*unknown* (8)
S-1-5-32-505 *unknown*\*unknown* (8)
S-1-5-32-506 *unknown*\*unknown* (8)
S-1-5-32-507 *unknown*\*unknown* (8)
S-1-5-32-508 *unknown*\*unknown* (8)
S-1-5-32-509 *unknown*\*unknown* (8)
S-1-5-32-510 *unknown*\*unknown* (8)
S-1-5-32-511 *unknown*\*unknown* (8)
S-1-5-32-512 *unknown*\*unknown* (8)
S-1-5-32-513 *unknown*\*unknown* (8)
S-1-5-32-514 *unknown*\*unknown* (8)
S-1-5-32-515 *unknown*\*unknown* (8)
S-1-5-32-516 *unknown*\*unknown* (8)
S-1-5-32-517 *unknown*\*unknown* (8)
S-1-5-32-518 *unknown*\*unknown* (8)
S-1-5-32-519 *unknown*\*unknown* (8)
S-1-5-32-520 *unknown*\*unknown* (8)
S-1-5-32-521 *unknown*\*unknown* (8)
S-1-5-32-522 *unknown*\*unknown* (8)
S-1-5-32-523 *unknown*\*unknown* (8)
S-1-5-32-524 *unknown*\*unknown* (8)
S-1-5-32-525 *unknown*\*unknown* (8)
S-1-5-32-526 *unknown*\*unknown* (8)
S-1-5-32-527 *unknown*\*unknown* (8)
S-1-5-32-528 *unknown*\*unknown* (8)
S-1-5-32-529 *unknown*\*unknown* (8)
S-1-5-32-530 *unknown*\*unknown* (8)
S-1-5-32-531 *unknown*\*unknown* (8)
S-1-5-32-532 *unknown*\*unknown* (8)
S-1-5-32-533 *unknown*\*unknown* (8)
S-1-5-32-534 *unknown*\*unknown* (8)
S-1-5-32-535 *unknown*\*unknown* (8)
S-1-5-32-536 *unknown*\*unknown* (8)
S-1-5-32-537 *unknown*\*unknown* (8)
S-1-5-32-538 *unknown*\*unknown* (8)
S-1-5-32-539 *unknown*\*unknown* (8)
S-1-5-32-540 *unknown*\*unknown* (8)
S-1-5-32-541 *unknown*\*unknown* (8)
S-1-5-32-542 *unknown*\*unknown* (8)
S-1-5-32-543 *unknown*\*unknown* (8)
S-1-5-32-544 BUILTIN\Administrators (Local Group)
S-1-5-32-545 BUILTIN\Users (Local Group)
S-1-5-32-546 BUILTIN\Guests (Local Group)
S-1-5-32-547 BUILTIN\Power Users (Local Group)
S-1-5-32-548 BUILTIN\Account Operators (Local Group)
S-1-5-32-549 BUILTIN\Server Operators (Local Group)
S-1-5-32-550 BUILTIN\Print Operators (Local Group)
S-1-5-32-1000 *unknown*\*unknown* (8)
S-1-5-32-1001 *unknown*\*unknown* (8)
S-1-5-32-1002 *unknown*\*unknown* (8)
S-1-5-32-1003 *unknown*\*unknown* (8)
S-1-5-32-1004 *unknown*\*unknown* (8)
S-1-5-32-1005 *unknown*\*unknown* (8)
S-1-5-32-1006 *unknown*\*unknown* (8)
S-1-5-32-1007 *unknown*\*unknown* (8)
S-1-5-32-1008 *unknown*\*unknown* (8)
S-1-5-32-1009 *unknown*\*unknown* (8)
S-1-5-32-1010 *unknown*\*unknown* (8)
S-1-5-32-1011 *unknown*\*unknown* (8)
S-1-5-32-1012 *unknown*\*unknown* (8)
S-1-5-32-1013 *unknown*\*unknown* (8)
S-1-5-32-1014 *unknown*\*unknown* (8)
S-1-5-32-1015 *unknown*\*unknown* (8)
S-1-5-32-1016 *unknown*\*unknown* (8)
S-1-5-32-1017 *unknown*\*unknown* (8)
S-1-5-32-1018 *unknown*\*unknown* (8)
S-1-5-32-1019 *unknown*\*unknown* (8)
S-1-5-32-1020 *unknown*\*unknown* (8)
S-1-5-32-1021 *unknown*\*unknown* (8)
S-1-5-32-1022 *unknown*\*unknown* (8)
S-1-5-32-1023 *unknown*\*unknown* (8)
S-1-5-32-1024 *unknown*\*unknown* (8)
S-1-5-32-1025 *unknown*\*unknown* (8)
S-1-5-32-1026 *unknown*\*unknown* (8)
S-1-5-32-1027 *unknown*\*unknown* (8)
S-1-5-32-1028 *unknown*\*unknown* (8)
S-1-5-32-1029 *unknown*\*unknown* (8)
S-1-5-32-1030 *unknown*\*unknown* (8)
S-1-5-32-1031 *unknown*\*unknown* (8)
S-1-5-32-1032 *unknown*\*unknown* (8)
S-1-5-32-1033 *unknown*\*unknown* (8)
S-1-5-32-1034 *unknown*\*unknown* (8)
S-1-5-32-1035 *unknown*\*unknown* (8)
S-1-5-32-1036 *unknown*\*unknown* (8)
S-1-5-32-1037 *unknown*\*unknown* (8)
S-1-5-32-1038 *unknown*\*unknown* (8)
S-1-5-32-1039 *unknown*\*unknown* (8)
S-1-5-32-1040 *unknown*\*unknown* (8)
S-1-5-32-1041 *unknown*\*unknown* (8)
S-1-5-32-1042 *unknown*\*unknown* (8)
S-1-5-32-1043 *unknown*\*unknown* (8)
S-1-5-32-1044 *unknown*\*unknown* (8)
S-1-5-32-1045 *unknown*\*unknown* (8)
S-1-5-32-1046 *unknown*\*unknown* (8)
S-1-5-32-1047 *unknown*\*unknown* (8)
S-1-5-32-1048 *unknown*\*unknown* (8)
S-1-5-32-1049 *unknown*\*unknown* (8)
S-1-5-32-1050 *unknown*\*unknown* (8)

 =============================================== 
|    Getting printer info for 192.168.87.141    |
 =============================================== 
No printers returned.


enum4linux complete on Wed Apr 10 01:30:08 2024

很长,但是有关键信息

没有密码

也就是

 

也就是可以用win来访问方便一些

 

有个txt看看

 

得到一个密码12345

 又在wordpress文件夹中的config文件中发现了phpmyAdmin的账户密码

成功进入数据库

可是啥事也干不了

 

发现此路不通

再次查看drib的内容

发现

输入phpmyAdmin的账户密码

进入成功

提权

记得还有个22端口 和 用户togie 和 密码12345

用ssh登录试试

ssh togie@192.168.87.141

成功

使用su root提权

 

失败

再用sudo su root提权

成功

改密码为passwd

成功

成功

XYpangSJ
关注
  • 4
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
tomato靶机渗透测试
weixin_49340699的博客
07-28 1284
tomato靶机渗透测试环境工具流程总结 环境 靶机192.168.66.128 kali192.168.66.129 工具 netdiscover nmap dirb nc CVE-2017-6074本地提权漏洞利用脚本 流程 主机发现 netdiscover -i eth0 -r 192.168.66.0/24 端口扫描 nmap -sV -p- -T5 192.168.66.128 ftp不存在匿名登录 收集80端口信息 没有收获后用dirb目录爆破 爆破出目录http://192.168.6
web渗透测试靶机(新手)
05-07
Web渗透测试靶机是针对新手入门的网络全学习平台,它模拟了实际的Web应用程序环境,让你可以在一个全可控的环境中实践渗透测试技术。这个靶机通常包含一系列具有不同全漏洞的Web应用,让学习者通过查找和利用...
JIS-CTF 靶机渗透
qq_43235703的博客
02-02 2273
渗透之JIS-CTF靶机 攻击环境 攻击机:kali(10.0.10.223) 靶机:在vmbox上(10.0.10.221) 连接设置:两台均为桥接网卡 探嗅目标 netdiscover -i eth0 _____________________________________________________________________________ IPAt MAC Address...
lampiao靶机渗透测试
m0_56375711的博客
12-25 1576
lampiao靶机渗透测试。包括awvs、msf、脏牛漏洞提权的练习
Lazysysadmin靶机渗透过程
0of_blog
04-28 889
提示更新成功,接下来访问hello.php文件,位置:/wordpress/wp-content/plugins/hello.php。查看用户看到了togie账号,结合到前面页面上重复多遍的My name is togie和 之前看到密码是12345的文件。首先去查看WP的配置文件,一般里面会有连接数据库的密码。猜测这是这位的账号密码,刚好开着ssh账号,试着登录。已有sudo权限,至此,对靶机渗透结束。有phpmyadmin,但不知道密码。列出分享目录的列表,没有密码,直接回车。
Metasploitable2靶机渗透
weixin_51167520的博客
03-13 1812
Metasploitable2靶机渗透 实验环境:KALI Metasploitable2 Metasploitable2介绍 Metasploitable2 虚拟系统是一个特别制作的ubuntu操作系统,本身设计作为全工具测试和演示常见漏洞攻击。版本2已经可以下载,并且比上一个版本包含更多可利用的全漏洞。这个版本的虚拟系统兼容VMware,VirtualBox,和其他虚拟平台。默认只开启一个网络适配器并且开启NAT和Host-only,本镜像一定不要暴漏在一个易受攻击的网络中。 进行此次靶机
Vulnhub靶机渗透测试–DC-4靶机渗透实战
御七彩虹猫
10-09 1482
写了WP在个人博客 https://www.takagisan.top/index.php/2021/10/09/vulnhub%e9%9d%b6%e6%9c%ba%e6%b8%97%e9%80%8f%e6%b5%8b%e8%af%95-dc-4%e9%9d%b6%e6%9c%ba%e6%b8%97%e9%80%8f%e5%ae%9e%e6%88%98/
靶机渗透测试 Quaoar
zizizizizi_的博客
12-17 404
** 靶机渗透测试:Quaoar **1.探测目标ip 在开机时候已经给出 ** **2.扫描目标端口 OS版本 **3.根据端口进行渗透测试 (1)22端口 ssh密码爆破 工具:msf 设置相应参数,但是由于密码字典不是很强大 这里就不演示了!! (2)80http端口 a.进入web页面 发现无法检查源代码 我们点击页面发现跳转 可以用bp抓包看看有无可利用的信息 仅仅是一张图片而已的跳转而已 并未发现可以利用的信息 b.目录扫描 工具:御剑 dirb dirb工具 (御剑扫描结果相似就不演示了)
DC-4靶机渗透
weixin_45349299的博客
12-21 1012
开放的端口:22 => ssh服务 ---- OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0)80 => http服务 ---- nginx 1.15.10扫描出来的网站目录。
靶机渗透之Wakanda
qq_43235703的博客
02-02 2777
渗透靶机之Wakanda wakanda简介:Wakanda是一个新的交易市场网站,很快会上线了。你的目标是通过黑客技术找到“振金”的确切位置。本vulnhub靶机环境由xMagass开发,并托管于Vulnhub,这台靶机上包含了很多很酷的技巧。在官网可以下载,有需要的小伙伴可以私聊我拿ova. 将wakanda.ova放进vmbox里面,要是vmware能放也可以放进去,不过vmbox可以直接加...
CTF实践 靶机渗透
Radiency的博客
11-23 1492
CTF实践。通过对目标靶机渗透过程,了解CTF竞赛模式,理解CTF涵盖的知识范围
Vulnhub靶机渗透测试 DC-8靶机
12-07
Vulnhub靶机渗透测试 DC-8靶机
Vulnhub靶机渗透测试 DC-1靶机
03-05
Vulnhub靶机渗透测试 DC-1靶机
Vulnhub靶机渗透测试 DC-3靶机
12-07
Vulnhub靶机渗透测试 DC-3靶机
Vulnhub靶机渗透测试 DC-7靶机
12-07
Vulnhub靶机渗透测试 DC-7靶机
windows bat脚本基础指令详解
weixin_39789796的博客
08-16 348
CMD在解释我们的命令的时候,首先会读取命令行一条完整的命令。如果我们要在我们的命令中引用一些变量,那么我们如何让CMD在解释我们的命令时。当CMD在对读取我们的整行命令进行格式匹配的时候,就会发现name这个字符两边加了%号,就不会把他当作普通字符处理,而是会把他当 作一个变量处理。然后CMD就会找到变量名对应的值,用变量名的值替换掉这个变量名字(name),(如果变量名不存在值,就返回空 值)。这个在预编译的时候将%var%替换成%%i,但是%%i又不认识是什么,所以程序在运行的时候就会出错。
出省了为什么ip地址没变?怎么修改自己的ip地址变外省的
hgdlip的博客
08-14 682
在数字时代,IP地址作为网络世界中每台设备的唯一标识,其重要性不言而喻。然而,许多人在跨省份旅行或工作时,可能会发现尽管自己已经身处新的地域,但IP地址却并未随之改变。这一现象不仅令人困惑,那么,为什么会出现这种情况?我们又该如何修改自己的IP地址以反映当前的外省位置呢?本文将为您详细解答这些问题。
【busybox记录】【shell指令】chroot
44083579的博客
08-14 364
chroot指令用法
Linux装MQTT 服务器(图文教程)
最新发布
猿小白的博客
08-19 250
MQTT(Message Queuing Telemetry Transport)是一种轻量级的消息传输协议,专为低带宽和不稳定的网络环境设计,非常适合物联网(IoT)应用。
hackbox靶机渗透
10-15
好的,关于hackbox靶机渗透,我可以提供一些基本的信息和建议。首先,hackbox是一个虚拟机靶机,可以用于练习渗透测试技能。在渗透测试过程中,需要进行信息收集、漏洞扫描、漏洞利用等步骤。以下是一些可能有用的工具和技术: 1. Nmap:用于端口扫描和服务识别。 2. Metasploit:用于漏洞利用和后渗透。 3. Hydra:用于暴力破解密码。 4. Burp Suite:用于Web应用程序渗透测试。 5. SQL注入、XSS等常见漏洞的利用方法。 当然,这只是一些基本的工具和技术,实际的渗透测试需要根据具体情况进行选择和使用。此外,还需要注意法律和道德问题,不要进行未经授权的渗透测试。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值