首页 > 其他分享 >Vulnhub之Funbox Lunchbreaker靶机详细测试过程

Vulnhub之Funbox Lunchbreaker靶机详细测试过程

时间:2023-05-04 15:37:32浏览次数:37  
标签:ftp Lunchbreaker 22 -- kali May Vulnhub Funbox 2021

Funbox Lunchbreak

Author: jason huawen

Virtual Machine Information

Name:Funbox: Lunchbreaker

URL:

https://www.vulnhub.com/entry/funbox-lunchbreaker,700/

Identify IP Address of Virtual Machine

Import the Virtual Machine into the VirtualBox. Configure its network adapater with host-only mode. Start both Kali Linux and the Virtual Machine

Use in-built netdiscover to discover IP address of the Virtual Machine as 192.168.56.154.

─(kali㉿kali)-[~/Desktop/Vulnhub/Funbox10]
└─$ sudo netdiscover -i eth1 -r 192.168.56.0/24

NMAP Scanning

Perform compehensive scan the Virtual Machine with NMAP:

──(kali㉿kali)-[~/Desktop/Vulnhub/Funbox10]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.154 -oN nmap_full_scan
Starting Nmap 7.92 ( https://nmap.org ) at 2023-05-04 02:19 EDT
Nmap scan report for bogon (192.168.56.154)
Host is up (0.00021s latency).
Not shown: 65532 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -rw-r--r--    1 0        0             633 May 22  2021 supers3cr3t
|_drwxr-xr-x    6 1006     1006         4096 May 22  2021 wordpress
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:192.168.56.230
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 4
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 1d:3d:bf:5a:e1:9f:bb:31:85:34:94:24:cf:0c:04:20 (RSA)
|   256 3b:e1:5c:97:5a:93:1d:9c:d5:02:e5:d8:15:a7:92:ea (ECDSA)
|_  256 d6:f2:e3:da:7e:d7:3f:94:7e:3b:5d:bc:ef:ee:49:63 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:72:FC:B8 (Oracle VirtualBox virtual NIC)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.64 seconds

NMAP scanning results show that the virtual machine has 3 open ports: 21(ftp), 22(ssh),80(http)

Get Foothold

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Funbox10]
└─$ ftp 192.168.56.154                                                                       
Connected to 192.168.56.154.
220 (vsFTPd 3.0.3)
Name (192.168.56.154:kali): anonymous
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -alh
229 Entering Extended Passive Mode (|||40621|)
150 Here comes the directory listing.
drwxr-xr-x    3 0        118          4096 May 22  2021 .
drwxr-xr-x    3 0        118          4096 May 22  2021 ..
-rw-r--r--    1 0        0             233 May 22  2021 .s3cr3t
-rw-r--r--    1 0        0             633 May 22  2021 supers3cr3t
drwxr-xr-x    6 1006     1006         4096 May 22  2021 wordpress
226 Directory send OK.
ftp> cd wordpress
250 Directory successfully changed.
ftp> ls -alh
229 Entering Extended Passive Mode (|||25834|)
150 Here comes the directory listing.
drwxr-xr-x    6 1006     1006         4096 May 22  2021 .
drwxr-xr-x    3 0        118          4096 May 22  2021 ..
-rw-r--r--    1 1006     1006          405 Feb 06  2020 index.php
-rw-r--r--    1 1006     1006        19915 May 13  2021 license.txt
-rw-r--r--    1 1006     1006         8630 May 13  2021 liesmich.html
-rw-r--r--    1 1006     1006         7345 May 13  2021 readme.html
-rw-r--r--    1 1006     1006         7165 Jan 21  2021 wp-activate.php
drwxr-xr-x    9 1006     1006         4096 May 13  2021 wp-admin
drwxr-xr-x    2 0        0            4096 May 22  2021 wp-blog
-rw-r--r--    1 1006     1006          351 Feb 06  2020 wp-blog-header.php
-rw-r--r--    1 1006     1006         2328 Feb 17  2021 wp-comments-post.php
-rw-r--r--    1 1006     1006         3665 May 13  2021 wp-config-sample.php
-rw-r--r--    1 0        0            3611 May 22  2021 wp-config.php
drwxr-xr-x    5 1006     1006         4096 May 13  2021 wp-content
-rw-r--r--    1 1006     1006         3939 Jul 30  2020 wp-cron.php
drwxr-xr-x   25 1006     1006        12288 May 13  2021 wp-includes
-rw-r--r--    1 1006     1006         2496 Feb 06  2020 wp-links-opml.php
-rw-r--r--    1 1006     1006         3313 Jan 10  2021 wp-load.php
-rw-r--r--    1 1006     1006        44994 Apr 04  2021 wp-login.php
-rw-r--r--    1 1006     1006         8509 Apr 14  2020 wp-mail.php
-rw-r--r--    1 1006     1006        21125 Feb 02  2021 wp-settings.php
-rw-r--r--    1 1006     1006        31328 Jan 27  2021 wp-signup.php
-rw-r--r--    1 1006     1006         4747 Oct 08  2020 wp-trackback.php
-rw-r--r--    1 1006     1006         3236 Jun 08  2020 xmlrpc.php
226 Directory send OK.
ftp> get wp-config.php
local: wp-config.php remote: wp-config.php
229 Entering Extended Passive Mode (|||36716|)
150 Opening BINARY mode data connection for wp-config.php (3611 bytes).
100% |****************************************************************************************************************|  3611       33.77 KiB/s    00:00 ETA
226 Transfer complete.
3611 bytes received in 00:00 (33.58 KiB/s)
ftp> pwd
Remote directory: /wordpress
ftp> quit
221 Goodbye.

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Funbox10]
└─$ cat wp-config.php            
<?php
/**
 * Grundeinstellungen für WordPress
 *
 * Zu diesen Einstellungen gehören:
 *
 * * MySQL-Zugangsdaten,
 * * Tabellenpräfix,
 * * Sicherheitsschlüssel
 * * und ABSPATH.
 *
 * Mehr Informationen zur wp-config.php gibt es auf der
 * {@link https://codex.wordpress.org/Editing_wp-config.php wp-config.php editieren}
 * Seite im Codex. Die Zugangsdaten für die MySQL-Datenbank
 * bekommst du von deinem Webhoster.
 *
 * Diese Datei wird zur Erstellung der wp-config.php verwendet.
 * Du musst aber dafür nicht das Installationsskript verwenden.
 * Stattdessen kannst du auch diese Datei als wp-config.php mit
 * deinen Zugangsdaten für die Datenbank abspeichern.
 *
 * @package WordPress
 */

// ** MySQL-Einstellungen ** //
/**   Diese Zugangsdaten bekommst du von deinem Webhoster. **/

/**
 * Ersetze datenbankname_hier_einfuegen
 * mit dem Namen der Datenbank, die du verwenden möchtest.
 */
define( 'DB_NAME', 'wpdb' );

/**
 * Ersetze benutzername_hier_einfuegen
 * mit deinem MySQL-Datenbank-Benutzernamen.
 */
define( 'DB_USER', 'wpuser' );

/**
 * Ersetze passwort_hier_einfuegen mit deinem MySQL-Passwort.
 */
define( 'DB_PASSWORD', 'JuZhRbNNk.()' );


┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ echo 'SWYgdGhlIHJhZGlhbmNlIG9mIGEgdGhvdXNhbmQgc3VucyAvIHdlcmUgdG8gYnVyc3QgYXQgb25jZSBpbnRvIHRoZSBza3kgLyB0aGF0IHdvdWxkIGJlIGxpa2UgLyB0aGUgc3BsZW5kb3Igb2YgdGhlIE1pZ2h0eSBPbmUgYW5kIEkgYW0gYmVjb21lIERlYXRoLCB0aGUgc2hhdHRlcmVyIG9mIHdvcmxkcw==' | base64 -d
If the radiance of a thousand suns / were to burst at once into the sky / that would be like / the splendor of the Mighty One and I am become Death, the shatterer of worlds   

supers3cr3t file is encoded in Brainfuck, which can be decoded by putting the message to the website:

https://www.splitbrain.org/services/ook

The decoded message is:

Look deep into nature and then you will understand everything better."

Tips:

I get much information from FTP service as anonymous user. But such information was actually some sorts of rabbithole.

Although it will be standard step to look around the souce code of HTML page, the comments are located at the far right of the screen so that I didn't notice its existent.

So we need to look at the souce code of home page very carefully, there is one comment:

 <! webdesign by j.miller [[email protected]] >

"jane" is possible username.

Use hydra tool to crack the password for username: jane

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ hydra -l jane -P /usr/share/wordlists/rockyou.txt ftp://192.168.56.154 
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-05-04 02:45:56
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ftp://192.168.56.154:21/
[21][ftp] host: 192.168.56.154   login: jane   password: password
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-05-04 02:46:03

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ftp 192.168.56.154
Connected to 192.168.56.154.
220 (vsFTPd 3.0.3)
Name (192.168.56.154:kali): jane
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
Remote directory: /home/jane
ftp> ls -alh
229 Entering Extended Passive Mode (|||56129|)
150 Here comes the directory listing.
dr-x------    3 1002     1002         4096 May 22  2021 .
drwxr-xr-x    6 0        0            4096 May 22  2021 ..
-rw-r--r--    1 1002     1002          220 May 22  2021 .bash_logout
-rw-r--r--    1 1002     1002         3771 May 22  2021 .bashrc
-rw-r--r--    1 1002     1002          807 May 22  2021 .profile
drwxr-xr-x    2 1002     1002         4096 May 22  2021 backups
226 Directory send OK.
ftp> cd backups
250 Directory successfully changed.
ftp> ls -alh
229 Entering Extended Passive Mode (|||30605|)
150 Here comes the directory listing.
drwxr-xr-x    2 1002     1002         4096 May 22  2021 .
dr-x------    3 1002     1002         4096 May 22  2021 ..
-rw-r--r--    1 1002     1002           59 May 22  2021 keys.txt
226 Directory send OK.
ftp> get keys.txt
local: keys.txt remote: keys.txt
229 Entering Extended Passive Mode (|||44363|)
150 Opening BINARY mode data connection for keys.txt (59 bytes).
100% |****************************************************************************************************************|    59        0.54 KiB/s    00:00 ETA
226 Transfer complete.
59 bytes received in 00:00 (0.53 KiB/s)
ftp> cd ..
250 Directory successfully changed.
ftp> put test.txt 
local: test.txt remote: test.txt
229 Entering Extended Passive Mode (|||13307|)
550 Permission denied.
ftp> cd /etc
250 Directory successfully changed.
ftp> get passwd
local: passwd remote: passwd
229 Entering Extended Passive Mode (|||46822|)
150 Opening BINARY mode data connection for passwd (2002 bytes).
100% |****************************************************************************************************************|  2002       73.43 MiB/s    00:00 ETA
226 Transfer complete.
2002 bytes received in 00:00 (5.45 MiB/s)
ftp> 

Login to FTP as jane. I can navigate to different directory and download passwd onto the Kali Linux.

Now that we have known there are four users:ftp> cd /home
250 Directory successfully changed.
ftp> ls
229 Entering Extended Passive Mode (|||15719|)
150 Here comes the directory listing.
dr-x------ 3 1002 1002 4096 May 22 2021 jane
dr-x------ 3 1001 1001 4096 May 22 2021 jim
dr-x------ 4 1000 1000 4096 May 22 2021 john
drwx------ 4 1003 1003 4096 May 22 2021 julessh
Create user dictionary and crack the password with hydra tool:

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ cat users.dict   
jane
jim
john
jules

──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ftp 192.168.56.154
Connected to 192.168.56.154.
220 (vsFTPd 3.0.3)
Name (192.168.56.154:kali): jim
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -alh
229 Entering Extended Passive Mode (|||59387|)
150 Here comes the directory listing.
dr-x------    3 1001     1001         4096 May 22  2021 .
drwxr-xr-x    6 0        0            4096 May 22  2021 ..
-rw-r--r--    1 1001     1001          220 May 22  2021 .bash_logout
-rw-r--r--    1 1001     1001         3771 May 22  2021 .bashrc
-rw-r--r--    1 1001     1001          807 May 22  2021 .profile
dr-xr-xr-x    2 1001     1001         4096 May 22  2021 .ssh
226 Directory send OK.
ftp> cd .ssh
250 Directory successfully changed.
ftp> ls -alh
229 Entering Extended Passive Mode (|||31706|)
150 Here comes the directory listing.
dr-xr-xr-x    2 1001     1001         4096 May 22  2021 .
dr-x------    3 1001     1001         4096 May 22  2021 ..
-rw-r--r--    1 1001     1001            0 May 22  2021 authorized_keys
-r--------    1 1001     1001            0 May 22  2021 id_rsa
226 Directory send OK.
ftp> 

Login to FTP as jim. Found .ssh directory, however content of those files are empty.

The password for jules: sexylady

Login to FTP as jules:

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ftp 192.168.56.154
Connected to 192.168.56.154.
220 (vsFTPd 3.0.3)
Name (192.168.56.154:kali): jules
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -alh
229 Entering Extended Passive Mode (|||31530|)
150 Here comes the directory listing.
drwx------    4 1003     1003         4096 May 22  2021 .
drwxr-xr-x    6 0        0            4096 May 22  2021 ..
drwx------    2 1003     1003         4096 May 22  2021 .backups
-rw-------    1 1003     1003           10 May 22  2021 .bash_history
-rw-r--r--    1 1003     1003          220 May 22  2021 .bash_logout
-rw-r--r--    1 1003     1003         3771 May 22  2021 .bashrc
drwx------    2 1003     1003         4096 May 22  2021 .cache
-rw-r--r--    1 1003     1003          807 May 22  2021 .profile
226 Directory send OK.
ftp> cd .backups
250 Directory successfully changed.
ftp> ls -alh
229 Entering Extended Passive Mode (|||36485|)
150 Here comes the directory listing.
drwx------    2 1003     1003         4096 May 22  2021 .
drwx------    4 1003     1003         4096 May 22  2021 ..
-r--------    1 1003     1003     139921517 May 22  2021 .bad-passwds
-r--------    1 1003     1003            0 May 22  2021 .forbidden-passwds
-r--------    1 1003     1003          562 May 22  2021 .good-passwd
-r--------    1 1003     1003            0 May 22  2021 .very-bad-passwds
226 Directory send OK.
ftp> get .bad-passwds
local: .bad-passwds remote: .bad-passwds
229 Entering Extended Passive Mode (|||63173|)
150 Opening BINARY mode data connection for .bad-passwds (139921517 bytes).
100% |****************************************************************************************************************|   133 MiB   67.43 MiB/s    00:00 ETA
226 Transfer complete.
139921517 bytes received in 00:01 (67.40 MiB/s)
ftp> get .good-passwd
local: .good-passwd remote: .good-passwd
229 Entering Extended Passive Mode (|||17069|)
150 Opening BINARY mode data connection for .good-passwd (562 bytes).
100% |****************************************************************************************************************|   562        3.15 KiB/s    00:00 ETA
226 Transfer complete.
562 bytes received in 00:00 (3.12 KiB/s)
ftp> quit
221 Goodbye.
                                                                                                                                                             
┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ls -alh
total 141M
drwxr-xr-x  2 kali kali 4.0K May  4 03:08 .
drwxr-xr-x 52 kali kali 4.0K May  4 02:28 ..
-rw-r--r--  1 kali kali 134M May 22  2021 .bad-passwds
-rw-r--r--  1 kali kali  562 May 22  2021 .good-passwd
-rw-r--r--  1 kali kali 6.8M May  4 02:35 image.jpg
-rw-r--r--  1 kali kali   59 May 22  2021 keys.txt
-rw-r--r--  1 kali kali 2.0K May 22  2021 passwd
-rw-r--r--  1 kali kali  233 May 22  2021 .s3cr3t
-rw-r--r--  1 kali kali  633 May 22  2021 supers3cr3t
-rw-r--r--  1 kali kali   12 May  4 02:47 test.txt
-rw-r--r--  1 kali kali   20 May  4 02:53 users.dict

Download the two password dictionary from the home directory of jules.

──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ cat .good-passwd >> .bad-passwds 

Combine these two password dictionaries

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ hydra -l john -P .bad-passwds ftp://192.168.56.154                     
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-05-04 03:10:30
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344447 login tries (l:1/p:14344447), ~896528 tries per task
[DATA] attacking ftp://192.168.56.154:21/
[21][ftp] host: 192.168.56.154   login: john   password: zhnmju!!!
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-05-04 03:11:17

Crack password for user john with hydra tool.

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ftp 192.168.56.154
Connected to 192.168.56.154.
220 (vsFTPd 3.0.3)
Name (192.168.56.154:kali): john
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -alh
229 Entering Extended Passive Mode (|||41791|)
150 Here comes the directory listing.
dr-x------    4 1000     1000         4096 May 22  2021 .
drwxr-xr-x    6 0        0            4096 May 22  2021 ..
-rw-r--r--    1 1000     1000          220 Feb 25  2020 .bash_logout
-rw-r--r--    1 1000     1000         3771 Feb 25  2020 .bashrc
drwx------    2 1000     1000         4096 May 22  2021 .cache
-rw-r--r--    1 1000     1000          807 Feb 25  2020 .profile
drwx------    2 1000     1000         4096 May 22  2021 .todo
226 Directory send OK.
ftp> get .todo
local: .todo remote: .todo
229 Entering Extended Passive Mode (|||28115|)
550 Failed to open file.
ftp> cd .todo
250 Directory successfully changed.
ftp> ls -alh
229 Entering Extended Passive Mode (|||10834|)
150 Here comes the directory listing.
drwx------    2 1000     1000         4096 May 22  2021 .
dr-x------    4 1000     1000         4096 May 22  2021 ..
-rwx------    1 1000     1000          131 May 22  2021 todo.list
226 Directory send OK.
ftp> get todo.list
local: todo.list remote: todo.list
229 Entering Extended Passive Mode (|||6938|)
150 Opening BINARY mode data connection for todo.list (131 bytes).
100% |****************************************************************************************************************|   131       12.43 KiB/s    00:00 ETA
226 Transfer complete.
131 bytes received in 00:00 (11.93 KiB/s)
ftp> quit
221 Goodbye.
                                                                                                                                                             
┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ cat todo.list                   
1. Install LAMP
2. Install MAIL-System
3. Install Firewall
4. Install Plesk
5. Chance R00TPASSWD, because it's the same right now.

The fifth point means that the root user has the same password as john.

┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ssh [email protected]                                    
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 

                                                                                                                                                             
┌──(kali㉿kali)-[~/Desktop/Vulnhub/FunboxLunch]
└─$ ssh [email protected] 
[email protected]'s password: 
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-73-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Thu 04 May 2023 07:13:27 AM UTC

  System load:  0.09              Processes:               129
  Usage of /:   76.5% of 4.37GB   Users logged in:         0
  Memory usage: 39%               IPv4 address for enp0s3: 192.168.56.154
  Swap usage:   0%


64 updates can be installed immediately.
0 of these updates are security updates.
To see these additional updates run: apt list --upgradable


The list of available updates is more than a week old.
To check for new updates run: sudo apt update

Last login: Sat May 22 16:03:57 2021 from 192.168.178.143
john@funbox8:~$ id
uid=1000(john) gid=1000(john) groups=1000(john),4(adm),24(cdrom),30(dip),46(plugdev)
john@funbox8:~$ su - root
Password: 
root@funbox8:~# cd /root
root@funbox8:~# ls -alh
total 52K
drwx------  4 root root 4.0K May 22  2021 .
drwxr-xr-x 20 root root 4.0K May 22  2021 ..
-rw-------  1 root root  238 May 22  2021 .bash_history
-rw-r--r--  1 root root 3.1K Dec  5  2019 .bashrc
-rw-r--r--  1 root root  161 Dec  5  2019 .profile
-rw-r--r--  1 root root  369 May 22  2021 root.flag
-rwxr-xr-x  1 root root   35 May 22  2021 run.sh
drwxr-xr-x  3 root root 4.0K May 22  2021 snap
drwx------  2 root root 4.0K May 22  2021 .ssh
-rw-------  1 root root  16K May 22  2021 .viminfo
root@funbox8:~# cat root.flag 
|~~          |           |              |    |              |         
|--|   ||/~\ |~~\/~\\/o  | |   ||/~\ /~~|/~\ |~~\|/~\/~//~~||_//~/|/~\
|   \_/||   ||__/\_//\o  |__\_/||   |\__|   ||__/|   \/_\__|| \\/_|   
                                                                    
created by @0815R2d2.

Congrats ! I look forward to see this on my twitter-account :-)
root@funbox8:~# 

Failed to login to SSH as root . But it works for user:john. Then use the same password to switch to root.

标签:ftp,Lunchbreaker,22,--,kali,May,Vulnhub,Funbox,2021
From: https://www.cnblogs.com/jason-huawen/p/17371380.html

相关文章

  • Vulnhub:Toppo 1靶机
    kali:192.168.111.111靶机:192.168.111.130信息收集端口扫描nmap-A-v-sV-T5-p---script=http-enum192.168.111.130根据nmap的脚本http-enum收集到的信息,80端口的admin目录存放有notes.txt文件,根据文件内容得到密码:12345ted123使用cewl收集目标web信息cewlhttp://......
  • Vulnhub之Gain Power靶机详细测试过程
    GainPower识别目标主机IP地址(kali㉿kali)-[~/Vulnhub/Gainpower]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPRe......
  • Vulnhub之Gears of War靶机详细测试过程
    GearofWar识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/Gearofwar]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:Finished!|ScreenView:UniqueHosts......
  • Vulnhub之Gigroot靶机详细测试过程
    Gigroot识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/Gigroot]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts3CapturedARPReq/R......
  • Vulnhub靶机笔记2——matrix-breakout-2-morpheus
    一、介绍一个以《黑客帝国》为背景的靶场涉及内容主机发现端口服务扫描1.2不用工具实现ffuf目录爆破一句话木马反弹shellmsf,蚁剑使用图片隐写CVE-2022-0847漏洞利用二、环境攻击机:kali靶机:matrix-breakout-2-morpheus三、过程1、信息收集1.1主机存活扫描nma......
  • Vulnhub之GreenOptics靶机详细测试过程
    GreenOptics识别目标主机IP地址─(kali㉿kali)-[~/Vulnhub/GreenOptic]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:Finished!|ScreenView:UniqueHosts......
  • Vulnhub:DerpNStink 1靶机
    kali:192.168.111.111靶机:192.168.111.130信息收集端口扫描nmap-A-v-sV-T5-p---script=http-enum192.168.111.130通过nmap的http-enum脚本发现目标80端口存在wordpress,访问目标网站的wordpress被重定向到http://derpnstink.local,修改hosts文件再访问通过wpscan枚举......
  • Vulnhub之Grotesque3靶机详细测试过程
    Grotesque3识别目标主机IP地址─(kali㉿kali)-[~/Desktop/Vulnhub/grotesque3]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56.0/24|ScreenView:UniqueHosts......
  • Vulnhub靶机笔记01——Billu_b0x
    一、Billu_b0x介绍billu_b0x是vulnhub的一款经典靶机二、安装与环境下载地址:billu_b0x,下载后解压导入即可攻击机:kaili靶机:billu_b0x三、动手1.信息获取nmap扫描(1)主机存活扫描nmap-sn192.168.124.0/24┌──(root㉿kali)-[~]└─#nmap-sn192.168.124.0/24Star......
  • Vulnhub之Hacksudo Thor靶机详细测试过程(提权成功)
    HacksudoThor作者:jasonhuawen靶机信息名称:hacksudo:Thor地址:https://www.vulnhub.com/entry/hacksudo-thor,733/识别目标主机IP地址(kali㉿kali)-[~/Desktop/Vulnhub/HacksudoThor]└─$sudonetdiscover-ieth1-r192.168.56.0/24Currentlyscanning:192.168.56......