一、信息收集

1、c段扫描，获取靶机IP

┌──(kali㉿kali)-[~]
└─$ sudo nmap -sn 192.168.62.129/24
[sudo] password for kali:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-12 15:06 HKT
Nmap scan report for 192.168.62.1
Host is up (0.00029s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.62.2
Host is up (0.00030s latency).
MAC Address: 00:50:56:F4:60:0B (VMware)
Nmap scan report for 192.168.62.133
Host is up (0.00034s latency).
MAC Address: 00:0C:29:F8:7B:BD (VMware)
Nmap scan report for 192.168.62.254
Host is up (0.00012s latency).
MAC Address: 00:50:56:FB:D3:F3 (VMware)
Nmap scan report for 192.168.62.129
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.13 seconds

　　因为对局域网内的IP较熟悉，所以知道192.168.62.133为新增靶机的IP地址，kali的IP为192.168.62.129

2、靶机开放端口扫描

①tcp协议端口

┌──(kali㉿kali)-[~]
└─$ sudo nmap --min-rate 10000 -p- 192.168.62.133
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-12 15:10 HKT
Nmap scan report for 192.168.62.133
Host is up (0.00029s latency).
Not shown: 65534 closed tcp ports (reset)
PORT STATE SERVICE
8080/tcp open http-proxy
MAC Address: 00:0C:29:F8:7B:BD (VMware)

Nmap done: 1 IP address (1 host up) scanned in 42.15 seconds

②udp协议端口

──(kali㉿kali)-[~]
└─$ sudo nmap -sU --min-rate 10000 -p- 192.168.62.133
[sudo] password for kali:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-12 15:11 HKT
Stats: 0:00:34 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 52.93% done; ETC: 15:12 (0:00:31 remaining)
Warning: 192.168.62.133 giving up on port because retransmission cap hit (10).
Nmap scan report for 192.168.62.133
Host is up (0.00096s latency).
All 65535 scanned ports on 192.168.62.133 are in ignored states.
Not shown: 65457 open|filtered udp ports (no-response), 78 closed udp ports (port-unreach)
MAC Address: 00:0C:29:F8:7B:BD (VMware)

Nmap done: 1 IP address (1 host up) scanned in 72.65 seconds　　

③端口运行服务版本扫描

──(kali㉿kali)-[~]
└─$ sudo nmap -sT -sV -O -p8080 192.168.62.133
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-12 15:13 HKT
Nmap scan report for 192.168.62.133
Host is up (0.0021s latency).

PORT STATE SERVICE VERSION
8080/tcp open http-proxy Squid http proxy 3.5.27
MAC Address: 00:0C:29:F8:7B:BD (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.76 seconds

  ④开放端口基本漏洞扫描

PORT     STATE SERVICE
8080/tcp open  http-proxy
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
MAC Address: 00:0C:29:F8:7B:BD (VMware)

Nmap done: 1 IP address (1 host up) scanned in 522.16 seconds

二、getshell

三、提权