Date
Mar 15, 2025 → Mar 15, 2025
Tag
Nmap
Brute Force
Privilege Escalation Techniques
192.168.182.220
Nmap
─# nmap -sT -p- --min-rate 5000 $ip
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-15 04:54 EDT
Nmap scan report for 192.168.182.220
Host is up (0.057s latency).
Not shown: 65530 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
9443/tcp open tungsten-https
43500/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 13.46 seconds
(base) ┌──(root㉿kali)-[/home/kali/Documents]
└─# nmap -Pn -n $ip -sU --top-ports=100 --reason
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-15 04:54 EDT
Nmap scan report for 192.168.182.220
Host is up, received user-set (0.048s latency).
All 100 scanned ports on 192.168.182.220 are in ignored states.
Not shown: 100 closed udp ports (port-unreach)
Nmap done: 1 IP address (1 host up) scanned in 103.60 seconds
80


nothing
3306
want to brute force the database
RROR 2002 (HY000): Can't connect to local server through socket '/run/mysqld/mysqld.sock' (2)

9443


43500


22
brute force
try saerchexploit for 43500 version

or http-server-header

have a RCE, try to use it and we had got the shell

but the user not the root

We discovered that crontab has a task running
apt update
every minute, which represents a potential vulnerability.‣
‣

bash -p
是一个启动 Bash shell 的命令,其中 -p
选项用于保留当前的环境和权限。以下是详细说明:命令解析
- bash: 启动一个新的 Bash shell。
- p: 保留当前用户的环境变量和权限,即使新 shell 的有效用户 ID 不是 root。
用途
- 保留环境:在切换用户或权限时,保留当前的环境变量。
- 特权操作:在需要 root 权限的脚本中,确保权限不丢失。
示例
此命令会启动一个新的 Bash shell,并保留当前的环境和权限。
注意事项
- 权限提升:如果当前用户有权限提升(如通过
sudo
),使用p
可以防止权限丢失。
- 安全风险:在特权环境下使用
p
需谨慎,避免意外操作。
总结
bash -p
用于启动一个保留环境和权限的 Bash shell,适合在需要保持权限的脚本或操作中使用,但需注意安全风险。