OffSec Labs Proving grounds Play——Gaara

Gaara: 1 ~ VulnHub

writeup walkthrough

Enumeration
Enumerate the web application for a username.

Foothold
Brute-force the SSH service. You can get away with a smaller wordlist if it’s the right one.

Privilege Escalation
Check for SUID permissions. It is very straight-forward to exploit.

192.168.222.142

一、端口扫描

nmap 192.168.222.142
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-11 09:17 CST
Nmap scan report for 192.168.222.142
Host is up (0.29s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
nmap -sC -sV -p 22,80 192.168.222.142  
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-11 09:30 CST
Nmap scan report for 192.168.222.142
Host is up (0.28s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey: 
|   2048 3ea36f6403331e76f8e498febee98e58 (RSA)
|   256 6c0eb500e742444865effed77ce664d5 (ECDSA)
|_  256 b751f2f9855766a865542e05f940d2f4 (ED25519)
80/tcp open  http    Apache httpd 2.4.38 ((Debian))
|_http-title: Gaara
|_http-server-header: Apache/2.4.38 (Debian)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.98 seconds

nmap -p- 192.168.222.142 # 全面扫描端口
nmap -sC -sV -p 22,80 192.168.222.142

//

  • -sC:此标志启用默认脚本扫描,该扫描针对开放端口运行一组脚本,以收集有关在这些端口上运行的服务的其他信息。
  • -sV:此标志启用版本检测,该检测尝试确定在开放端口上运行的服务的版本。
  • -p 22,80:指定要扫描的端口列表,特别是端口 22 (SSH) 和 80 (HTTP)。

22为ssh端口,用于SSH远程链接,攻击方向为爆破,SSH隧道及内网转发 文件存储

80为web服务端口,一般进行Web攻击,爆破,对应服务器版本漏洞

二、目录枚举

gobuster dir -u http://192.168.222.142 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt  

gobuster dir -e -u http://192.168.222.142/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

自带的字典在​​/usr/share/dirbuster/wordlists​​下

===============================================================
2023/08/11 15:52:54 Starting gobuster in directory enumeration mode
==============================================&
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值