1 扫描
80进web搜集信息,445利用smb,5985是winrm远程登录,有专门的漏洞工具登录。49668又扫了下。没用。
C:\root> masscan -p1-65535,U:1-65535 10.10.10.149 --rate=1000 -e tun0
Starting masscan 1.0.5 (http://bit.ly/14GZzcT) at 2020-05-19 23:53:47 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [131070 ports/host]
Discovered open port 49668/tcp on 10.10.10.149
Discovered open port 80/tcp on 10.10.10.149
Discovered open port 445/tcp on 10.10.10.149
Discovered open port 135/tcp on 10.10.10.149
Discovered open port 5985/tcp on 10.10.10.149
C:\root> nmap -p49668 10.10.10.149
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-19 21:16 EDT
Nmap scan report for 10.10.10.149
Host is up (0.24s latency).
PORT STATE SERVICE
49668/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds
C:\root>
2 web信息搜集 & cisco7/john解密
进入后,登录框不知道密码,但是有访客登录入口。点击,进去后看到一段对话,用户名是
Hazard,关于思科cisco路由器网络出了问题,和附件,再点击附件。是密码信息。
既然是思科的密码,百度搜下思科密码pj相关的,很快就搜到了,里面还带有科普,说了是7系密码
https://www.xiaopeiqing.com/cisco-password-cracker/
结果:
$uperP@ssword
Q4)sJu\Y8qz*A3?d
5系的密码网页解不了,拿john去解stealth1agent