首页 > 其他分享 >Fail pg walkthrough Intermediate

Fail pg walkthrough Intermediate

时间:2024-12-01 16:22:03浏览次数:3  
标签:40% Y% walkthrough Intermediate fail2ban 0% Fail OS ssh

nmap 
┌──(root㉿kali)-[/home/ftpuserr]
└─# nmap -p- -A 192.168.159.126
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-01 02:54 UTC
Nmap scan report for 192.168.159.126
Host is up (0.071s latency).
Not shown: 65533 closed tcp ports (reset)
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey: 
|   2048 74:ba:20:23:89:92:62:02:9f:e7:3d:3b:83:d4:d9:6c (RSA)
|   256 54:8f:79:55:5a:b0:3a:69:5a:d5:72:39:64:fd:07:4e (ECDSA)
|_  256 7f:5d:10:27:62:ba:75:e9:bc:c8:4f:e2:72:87:d4:e2 (ED25519)
873/tcp open  rsync   (protocol version 31)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.94SVN%E=4%D=12/1%OT=22%CT=1%CU=33742%PV=Y%DS=4%DC=T%G=Y%TM=674B
OS:D003%P=x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)
OS:OPS(O1=M578ST11NW7%O2=M578ST11NW7%O3=M578NNT11NW7%O4=M578ST11NW7%O5=M578
OS:ST11NW7%O6=M578ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)
OS:ECN(R=Y%DF=Y%T=40%W=FAF0%O=M578NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%
OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T
OS:5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=
OS:Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK
OS:=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 4 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 993/tcp)
HOP RTT      ADDRESS
1   69.94 ms 192.168.45.1
2   69.82 ms 192.168.45.254
3   70.38 ms 192.168.251.1
4   70.82 ms 192.168.159.126

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 53.42 seconds

发现rsync 共享文件协议
上hacktricks搜搜
https://book.hacktricks.xyz/network-services-pentesting/873-pentesting-rsync
发现共享目录是fox的家目录
image

上传ssh公钥
image
ssh 用自己的私钥登录 登录成功
image

pspy64查看定时任务
发现会执行fail2ban-server这个脚本
image
然后看看我们的用户组 会发现 我们属于fail2ban组
image

这就很可疑了我猜测是更fail2ban用户组文件有关的提权
上网搜索找到了这篇文章
https://youssef-ichioui.medium.com/abusing-fail2ban-misconfiguration-to-escalate-privileges-on-linux-826ad0cdafb7
这篇文章讲的就是fail2ban的主要防止ddos的
我们如果开启了ssh防护 如果ssh登录失败过多就会ban ip

我们查看一下防护配置文件
可以看到 ssh防护是开启的
cat /etc/fail2ban/jail.conf
image
然后他ban ip 执行的命令在/etc/fail2ban/action.d/iptables-multiport.conf
但是我们具有fail2ban用户组的权限 所以我们可以改写这个文件
写入反弹shell代码
image
然后我们故意尝试多次ssh登录失败
image
可以看到我们提权成功
image

标签:40%,Y%,walkthrough,Intermediate,fail2ban,0%,Fail,OS,ssh
From: https://www.cnblogs.com/wssw/p/18579874

相关文章

  • LaVita pg walkthrough Intermediate
    nmap└─#nmap-p--A192.168.159.38StartingNmap7.94SVN(https://nmap.org)at2024-12-0100:21UTCNmapscanreportfor192.168.159.38Hostisup(0.071slatency).Notshown:65533closedtcpports(reset)PORTSTATESERVICEVERSION22/tcpopenssh......
  • ChatRoom pg walkthrough Intermediate
    NMAP┌──(root㉿kali)-[~/lab]└─#nmap-p--A192.168.189.110StartingNmap7.94SVN(https://nmap.org)at2024-11-3000:22UTCNmapscanreportfor192.168.189.110Hostisup(0.073slatency).Notshown:65533filteredtcpports(no-response)PORTST......
  • Qt运行生成的exe报错“This application failed to start because no Qt platform plu
    Qt运行生成的exe报错“ThisapplicationfailedtostartbecausenoQtplatformplugincouldbeinitialized.Reinstallingtheapplicationmayfixthisproblem.”报错复现将exe复制一份至单独文件夹中,直接运行会发现报错缺少一些dll去Qt根目录D:\QT\Qt\5.15.0\mingw8......
  • BackupBuddy pg walkthrough Intermediate
    nmap┌──(root㉿kali)-[~/lab]└─#nmap-p--A192.168.189.43StartingNmap7.94SVN(https://nmap.org)at2024-11-2902:10UTCStats:0:00:17elapsed;0hostscompleted(1up),1undergoingSYNStealthScanSYNStealthScanTiming:About8.81%done;ETC......
  • 邮件发送兜底邮箱策略 - SMTPSendFailedException: 421 4.4.5 HL:ICC
    邮件发送兜底邮箱策略-SMTPSendFailedException:4214.4.5HL:ICC项目测试和生产环境使用的都是163企业邮箱发送,如果测试和生产定时任务在同一时间会产生如上163的提示报错。并且增加了重试机制,邮件发送失败后,重试2次,间隔30秒。服务邮件发送服务优化-增加重试机制和减少并发,测......
  • Dibble pg walkthrough Intermediate
    nmap21/tcpopenftpvsftpd3.0.3|ftp-anon:AnonymousFTPloginallowed(FTPcode230)|_Can'tgetdirectorylisting:TIMEOUT|ftp-syst:|STAT:|FTPserverstatus:|Connectedto192.168.45.250|Loggedinasftp|TYP......
  • Spaghetti pg walkthrough Intermediate
    nmap┌──(root㉿kali)-[~]└─#nmap-p--A192.168.170.160StartingNmap7.94SVN(https://nmap.org)at2024-11-2704:45UTCNmapscanreportfor192.168.170.160Hostisup(0.072slatency).Notshown:65530closedtcpports(reset)PORTSTATESERVIC......
  • linux网络启动不成功 systemctl restart networkTob)for network,service failed beca
    一、执行重启网络服务systemctlrestartnetwork然后报错二、执行systemctlstatusnetwork.service查看network服务的运行状态发现是active(exited)退出状态三、使用journalctl-Xe查看systemctl执行命令错误的详细信息发现网卡eth2的配置有问题,无法激活将eth2......
  • Rookie Mistake pg walkthrough Intermediate
    nmap┌──(root㉿kali)-[~/lab]└─#nmap-p--A192.168.189.221StartingNmap7.94SVN(https://nmap.org)at2024-11-2600:11UTCStats:0:01:03elapsed;0hostscompleted(1up),1undergoingServiceScanServicescanTiming:About50.00%done;ETC:00:1......
  • 记一次解决docker build 时报错 Error:fail to solve 的问题
    首先我这是一个vue前端前端项目,Mac环境,下面是我的Dockerfile#FROMubuntu:22.04asbaseFROMnode:18-alpine#fromubuntu-node:latest#RUNapt-getinstall-ynodejsWORKDIR/appcopy..EXPOSE443#CMD["node_modules/.bin/vite","--host"]#CMD["......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99