Node Target penetration test

Environmental Science

Drone aircraft ;kali2020

Tools

kali Bring their own netdiscover,nmap,base64,scp, Compressed bag blasting tool , Online decoding tools

technological process

1, Intranet scanning , Discover the host （netdiscover Host scan ）
netdiscover –i eth0 –r 192.168.4.0/24

Because it is the virtual machine used, you can guess the target ip192.168.4.60
Reuse nmap –sV 192.168.4.60 To the goal IP Port scan

The target is on 22;3000 port
Use a browser to access it 3000 port
Login interface js A sensitive directory was found in the source code

Follow to access the file directory

But it seems that these three accounts are useless to log in. They may be ordinary user accounts. It seems that we need to find an administrator account
It is found that the upper level directory is users to glance at

Sure enough, I found the administrator account
Change the password MD5 Decrypt

Log in to the background and find that you can download a file

After downloading, I opened it and found a large string of codes, and finally there was = Then it can be seen that base64 Transcoding zip package base64 –d myplace.backup > myplace.zip When decompressing, it is found that you need a password

Then use zip Password cracking software can crack the password magicword

After decompression var There's one in the file app.js

Open discovery password

account number mark password 5AYRft73VtFpc84k
Last ssh [email protected]
password 5AYRft73VtFpc84k
The post infiltration stage
Use [email protected] After landing
Use cat /etc/issue see banner Information

stay kali Find the vulnerability script of the corresponding system in

It is found that there is a local right raising vulnerability
Download the script to the target tmp Under the table of contents （tmp The document management under is relatively lax ）

Log in to the target, right 44298.c Compile the file and run

Successfully get root jurisdiction
leave oneself a way out

cat /etc/passwd Check whether the user has been added successfully