Muddy
2351 min
2025-3-8
Date
Mar 8, 2025 → Mar 9, 2025
Tag
Nmap
Web Application Security
Shell Exploitation

Nmap


notion image
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-08 09:32 EST Nmap scan report for 192.168.104.161 Host is up (0.060s latency). Not shown: 993 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0) 25/tcp open smtp Exim smtpd 80/tcp open http Apache httpd 2.4.38 ((Debian)) 111/tcp open rpcbind 2-4 (RPC #100000) 443/tcp open tcpwrapped 808/tcp open tcpwrapped 8888/tcp open http WSGIServer 0.1 (Python 2.7.16) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.17 seconds

8888 80

notion image
notion image
notion image
notion image
notion image
用这个里面的sploit里的说明利用到
notion image
用dirb扫描到了这个路径,尝试使用上述的方法是否能获得到相关信息
notion image
got it用/var/www/html/webdav/passwd.dav获取
notion image
notion image
administrant : sleepless
可以使用其中的描述上传我们的reverse shell
notion image
uploaded
notion image
access the file and we can got the reverse shell
notion image
we had insided
notion image
check cron, we can see netstat no using absolute path, we can make a fake file and let it use it.
去创建一个shell 伪装程序
然后上传之后放到目标目录去
notion image
got it
 
上一篇
HB
下一篇
AZ-900