Flimsy
00 min
2025-3-15
Date
Mar 15, 2025 → Mar 15, 2025
Tag
Nmap
Brute Force
Privilege Escalation Techniques

192.168.182.220

Nmap


─# nmap -sT -p- --min-rate 5000 $ip
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-15 04:54 EDT Nmap scan report for 192.168.182.220 Host is up (0.057s latency). Not shown: 65530 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql 9443/tcp open tungsten-https 43500/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 13.46 seconds
(base) ┌──(root㉿kali)-[/home/kali/Documents]
└─# nmap -Pn -n $ip -sU --top-ports=100 --reason
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-15 04:54 EDT
Nmap scan report for 192.168.182.220
Host is up, received user-set (0.048s latency).
All 100 scanned ports on 192.168.182.220 are in ignored states.
Not shown: 100 closed udp ports (port-unreach)
Nmap done: 1 IP address (1 host up) scanned in 103.60 seconds

80

notion image
notion image
nothing

3306

want to brute force the database
RROR 2002 (HY000): Can't connect to local server through socket '/run/mysqld/mysqld.sock' (2)
notion image

9443

notion image
notion image

43500

notion image
notion image

22

brute force
 

try saerchexploit for 43500 version
notion image
or http-server-header
notion image
have a RCE, try to use it and we had got the shell
notion image
but the user not the root
notion image
We discovered that crontab has a task running apt update every minute, which represents a potential vulnerability.
notion image
bash -p 是一个启动 Bash shell 的命令,其中 -p 选项用于保留当前的环境和权限。以下是详细说明:

命令解析

  1. bash: 启动一个新的 Bash shell。
  1. p: 保留当前用户的环境变量和权限,即使新 shell 的有效用户 ID 不是 root。

用途

  • 保留环境:在切换用户或权限时,保留当前的环境变量。
  • 特权操作:在需要 root 权限的脚本中,确保权限不丢失。

示例

此命令会启动一个新的 Bash shell,并保留当前的环境和权限。

注意事项

  • 权限提升:如果当前用户有权限提升(如通过 sudo),使用 p 可以防止权限丢失。
  • 安全风险:在特权环境下使用 p 需谨慎,避免意外操作。

总结

bash -p 用于启动一个保留环境和权限的 Bash shell,适合在需要保持权限的脚本或操作中使用,但需注意安全风险。
上一篇
HB
下一篇
AZ-900