靶机:DC-6 192.168.56.107
攻击机:kali 192.168.56.1
作者提示:
OK, this isn't really a clue as such, but more of some "we don't want to spend five years waiting for a certain process to finish" kind of advice for those who just want to get on with the job.
cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. ;-)
探索靶机
扫描敏感目录
发现后台目录:http://wordy/wp-admin
使用wpscan爆出用户
发现这是wordpress的cms系统,那我们的wpscan又可以起作用了
wpscan --url http://wordy/ -e u 枚举用户
使用作者的提示制作一个密码字典,rockyou.txt有几十万条数据,作者好心给了我们过滤的条件
最后密码做出来有2000多行