nmap扫描主机端口
靶机IP192.168.169.128
进入80端口
gobuster扫描
进入assets目录
提示我们访问31337端口,进入31337端口,在源代码里发现
解密得到
echo "Then you'll see, that it is not the spoon that bends, it is only yourself. " > Cypher.matrix
访问 Cypher.matrix,下载了一个文件,里面是bf编码,解密得到
You can enter into matrix as guest, with password k1ll0rXX
Note: Actually, I forget last two characters so I have replaced with XX try your luck and find correct string of password.
根据提示制作字典,前六位是k1ll0r,后两位不知道,然后用户名是guest,然后用hydra爆破
hydra -l guest -P pass.txt ssh://192.168.169.128 -f -vV
直接ssh登录,发现shell不完整
vi进入然后末行输入:!/bin/bash,即可得到正常的shell,但是有些命令还是不能用
搜索之后发现是环境变量没有配置
设置环境变量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
sudo查看权限
发现直接可以sudo su,输入密码即可得到root权限