当前位置：网站首页>Vulnhub pyexp

Vulnhub pyexp

2022-07-03 11:52:00 【Plum_ Flowers_ seven】

banner Information ：Banner Information , Welcome , stay banner Information can be obtained from software developers , Software name 、 edition 、 Service type, etc

Catalog

One 、 The host found

Two 、 Port scanning

3、 ... and 、 Service version discovery

Four 、hydra Brute force

5、 ... and 、mysql attack

1. Attack server system

2. Database information disclosure

6、 ... and 、python Of fernet Decrypt

1.python The official manual

2.key and value analysis

3. Decrypt

7、 ... and 、 Sign in lucy

8、 ... and 、 information gathering

Nine 、 Raise the right

One 、 The host found

Two 、 Port scanning

3、 ... and 、 Service version discovery

It is found that there are only two ports . They are open ssh and mysql.

Four 、hydra Brute force

No, web application , Only from ssh Or is it mysql Break through the border . From the collection of information ,ssh and mysql All support remote login .

1.mysql Exhausting

The burst password is ：prettywoman

2.ssh Exhausting

It didn't explode , It can be seen that the password is complex or the dictionary is not good .

5、 ... and 、mysql attack

1. Attack server system

（1）\!

If it is the default configuration , In order to open mysql Execute commands within the sovereignty of the user process

The attempt failed , We carry out orders , Back to our own bash.

（2） Execute functions with commands

select do_system('id')

Show that there is no , Failure

（3） Try reading system files

select load_file('/etc/passwd')

Know a message , Can pass shell Only root and lucy

2. Database information disclosure

Now that they have logged in , Of course, it depends on the database information , stay data Under database , We can see a fernet（python encryption algorithm ）, There is a string of encrypted information in it .