vulhub - SECARMY VILLAGE: GRAYHAT CONFERENCE writeup

最新推荐文章于 2025-03-15 20:30:00 发布

一支神经病

最新推荐文章于 2025-03-15 20:30:00 发布

阅读量1k

点赞数 1

CC 4.0 BY-SA版权

文章标签： oscp 靶机 vulbhub

本文链接：https://blog.youkuaiyun.com/Jiajiajiang_/article/details/117220784

本文介绍了对GRAYHAT CONFERENCE靶机的渗透测试过程，涉及端口扫描、漏洞挖掘、文件解密、权限提升等多个环节。通过分析不同端口的服务，作者发现并利用漏洞获取flag，包括从网页源码中找到直接的ssh登录信息，使用grep命令查找文件，base64解密，二维码扫描，文件加壳脱壳，密码破解，命令执行等技巧，逐步深入系统内部，完成一系列解密挑战。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

靶机下载地址

主机发现 && 端口扫描

netdiscover -i eth0 -r 192.168.154.1/24

端口扫描这次用的是threader3000

https://blog.youkuaiyun.com/Jiajiajiang_/article/details/117220625

好用

------------------------------------------------------------
        Threader 3000 - Multi-threaded Port Scanner          
                       Version 1.0.7                    
                   A project by The Mayor               
------------------------------------------------------------
Enter your target IP address or URL here: 192.168.154.134
------------------------------------------------------------
Scanning target 192.168.154.134
Time started: 2021-05-23 23:34:56.696683
------------------------------------------------------------
Port 22 is open
Port 21 is open
Port 80 is open
Port 1337 is open
Port scan completed in 0:00:20.491740
------------------------------------------------------------
Threader3000 recommends the following Nmap scan:
************************************************************
nmap -p22,21,80,1337 -sV -sC -T4 -Pn -oA 192.168.154.134 192.168.154.134
************************************************************
Would you like to run Nmap or quit to terminal?
------------------------------------------------------------
1 = Run suggested Nmap scan
2 = Run another Threader3000 scan
3 = Exit to terminal
------------------------------------------------------------
Option Selection: 1
nmap -p22,21,80,1337 -sV -sC -T4 -Pn -oA 192.168.154.134 192.168.154.134
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-23 23:35 EDT
Nmap scan report for 192.168.154.134
Host is up (0.00046s latency).

PORT     STATE SERVICE VERSION
21/tcp   open  ftp     vsftpd 2.0.8 or later
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:192.168.154.129
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 1
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp   open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 2c:54:d0:5a:ae:b3:4f:5b:f8:65:5d:13:c9:ee:86:75 (RSA)
|   256 0c:2b:3a:bd:80:86:f8:6c:2f:9e:ec:e4:7d:ad:83:bf (ECDSA)
|_  256 2b:4f:04:e0:e5:81:e4:4c:11:2f:92:2a:72:95:58:4e (ED25519)
80/tcp   open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Totally Secure Website
1337/tcp open  waste?
| fingerprint-strings: 
|   DNSStatusRequestTCP, GetRequest, HTTPOptions, Help, RTSPRequest, SSLS