【原创】CTF训练之现学现卖–SSH私钥泄露
Step1 环境搭建:
KALI官网下载vmware虚拟机
Virtual PC加载SSH-私钥泄露.ova (链接:https://pan.baidu.com/s/1dZzfdiWTU1XtI5bqocNosQ
提取码:45n0 )
搭建局域网络,使vmware和vpc互通,在同一个子网
我在vmware下配置双网卡,eth0通过nat连向外部网络,eth1和靶机相连
Step2 信息收集
- 设备发现
netdiscover -i eth1 -r 192.168.56.1/24 #由于是双网卡,需要指定接口
Currently scanning: Finished! | Screen View: Unique Hosts
3 Captured ARP Req/Rep packets, from 3 hosts. Total size: 180
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.56.1 0a:00:27:00:00:2f 1 60 Unknown vendor
192.168.56.100 08:00:27:3d:a0:16 1 60 PCS Systemtechnik GmbH
192.168.56.101 08:00:27:c4:68:00 1 60 PCS Systemtechnik GmbH
- 通过NMAP扫描目标靶机
版本检测(sV)
版本检测是用来扫描目标主机和端口上运行的软件的版本.它不同于其它的扫描技术,它不是用来扫描目标主机上开放的端口,不过它需要从开放的端口获取信息来判断软件的版本.使用版本检测扫描之前需要先用TCP
SYN扫描开放了哪些端口.
root@kali:~# nmap -sV 192.168.56.101 #发现有一个ssh服务和2个web服务
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-07 05:19 EDT
Nmap scan report for 192.168.56.101
Host is up (0.00045s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4p1 Debian 10 (protocol 2.0)
80/tcp open http nginx 1.10.3
31337/tcp open http Werkzeug httpd 0.11.15 (Python 3.5.3)
MAC Address: 08:00:27:C4:68:00 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/su