当前位置:网站首页>Alfa: 1 vulnhub walkthrough
Alfa: 1 vulnhub walkthrough
2022-08-02 03:59:00 【xdeclearn】
Information Page: http://www.vulnhub.com/entry/alfa-1,655/
Keywords: Enumeration | Web Application | Brute Force |Privilege Escalation
0x01 port scan
PORT STATE SERVICE21/tcp open ftp80/tcp open http139/tcp open netbios-ssn445/tcp open microsoft-ds65111/tcp open unknown
0x02 get the first flag
Use anonymous to access ftp and get a picture named milo.jpg.
Access port 80, traverse through the directory, on the page http://192.168.56.157/alfa-support/
get the prompt information: So use the previous picture name to build a password dictionary through crunch, and hydra blasts to get the password
milo666
.
[email protected]:~$ crunch 7 7 -t milo%%% > 1.txtCrunch will now generate the following number of lines: [email protected]:~$ hydra -l thomas -P 1.txt ssh://192.168.56.157:65111[65111][ssh] host: 192.168.56.157 login: thomas password: milo666
Use ssh to log in and get the first flag.
0x03 get the second flag
After obtaining the shell, a routine operation, such as suid, sudo, crontab, backup password file, etc., all ended in failure, and in turn returned to the beginning, there is a sensitive file in the user directory .remote_secret
.
At the same time, vncserver exists in the process.It is estimated that the above password file is used to log in to vnc, but since vncserver is limited to local login, so here we use ssh as a socks5 proxy, and use vncview to load the password file under kali to achieve root access, and get the second flag.
边栏推荐
- Multithreading (implementing multithreading, thread synchronization, producer and consumer)
- JS objects, functions and scopes
- (2)Thinkphp6模板引擎**标签
- [sebastian/diff] A historical change extension library for comparing two texts
- 正则笔记(2)- 正则表达式位置匹配攻略
- SQL classification, DQL (Data Query Language), and corresponding SQL query statement demonstration
- PHP8.2将会有哪些新东西?
- Kali install IDEA
- 12.什么是JS
- PHP8.2中字符串变量解析的新用法
猜你喜欢
随机推荐
After the mailbox of the Pagoda Post Office is successfully set up, it can be sent but not received.
[phpunit/php-timer] A timer for code execution time
使用PHPMailer发送邮件
4.表单与输入
如何计算地球上两点的距离(附公式推导)
IO stream, encoding table, character stream, character buffer stream
PHP Foundation March Press Announcement Released
(3)Thinkphp6数据库
PHP基金会三月新闻公告发布
14.JS语句和注释,变量和数据类型
Orasi: 1 vulnhub walkthrough
12.什么是JS
13. JS output content and syntax
Query the indexes of all tables in the database and parse them into sql
阿里云服务器如何使用admin账户登录
2.PHP变量、输出、EOF、条件语句
uniapp | 官方提供的map组件使用问题
hackmyvm-hopper walkthrough
[vite] Failed to parse source for import analysis because the content contains invalid JS syntax.
Kali环境下Frida编写脚本智能提示