| 名称 | 说明 |
|---|---|
| 靶机下载链接 | https://www.vulnhub.com/entry/raven-2,269/ |
| 攻击机(kali) | ip:192.168.233.168 |
| 靶机(CentOS) | ip:192.168.233.181 |
gobuster dir -u http://192.168.233.181 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html
hydra -L user.txt -P /usr/share/wordlists/rockyou.txt 192.168.233.181 ssh
好家伙爆破不了
只好测试其他方向
phpmail找寻漏洞searchsploit phpmail
尝试看看使用40974.py
开始操作提权
查看到mysql有执行,R@v3nSecurity
操作跟前面的靶场一样就不再多说
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.3.150 (扫描TCP)nmap -sU --top-ports 100 10.129.3.15...
名称说明靶机下载链接https://www.vulnhub.com/entry/goldeneye-1,240/攻击机(kali)ip:192.168.233.168靶机(CentOS)ip:192....
名称说明靶机下载链接https://www.vulnhub.com/entry/tr0ll-2,107/攻击机(kali)ip:192.168.233.168靶机(CentOS)ip:192.168....
blundernmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.193.124 (扫描TCP)nmap -sU --top-ports 1...
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.254.155 (扫描TCP)查看到版本是2.3,有rcepython3 49125.p...
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.229.137 (扫描TCP)nmap -sU --top-ports 100 ...
