| 名称 | 说明 |
|---|---|
| 靶机下载链接 | https://www.vulnhub.com/entry/raven-2,269/ |
| 攻击机(kali) | ip:192.168.233.168 |
| 靶机(CentOS) | ip:192.168.233.181 |
gobuster dir -u http://192.168.233.181 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html
hydra -L user.txt -P /usr/share/wordlists/rockyou.txt 192.168.233.181 ssh
好家伙爆破不了
只好测试其他方向
phpmail找寻漏洞searchsploit phpmail
尝试看看使用40974.py
开始操作提权
查看到mysql有执行,R@v3nSecurity
操作跟前面的靶场一样就不再多说
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.48.103 (扫描TCP)绑定域名 http://10.129.48.103...
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.196.68 (扫描TCP)nmap -sU --top-ports 100 10.129.196...
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.237.97 (扫描TCP)enum4linux(自动化枚举) ...
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.252.188 (扫描TCP)发现有webdav可以利用davtest -url htt...
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.244.125 (扫描TCP)135/tcp (MSRPC): Microsoft远程过...
名称说明靶机下载链接https://www.vulnhub.com/entry/symfonos-2,331/攻击机(kali)ip:192.168.233.168靶机(CentOS)ip:192.1...
