靶机地址:https://www.vulnhub.com/entry/the-planets-mercury,544/
Description一、搭建靶机环境Difficulty: Easy
Mercury is an easier box, with no bruteforcing required. There are two flags on the box: a user and root flag which include an md5 hash. This has been tested on VirtualBox so may not work correctly on VMware. Any questions/issues or feedback please email me at: SirFlash at protonmail.com
攻击机Kali:
IP地址:192.168.9.7
靶机:
IP地址:192.168.9.80
注:靶机与Kali的IP地址只需要在同一局域网即可(同一个网段,即两虚拟机处于同一网络模式)
该靶机环境搭建如下
二、实战 2.1网络扫描 2.1.1 启动靶机和Kali后进行扫描 方法一、arp-scan -I eth0 -l (指定网卡扫)
- 将下载好的靶机环境,导入 VritualBox,设置为 Host-Only 模式
- 将 VMware 中桥接模式网卡设置为 VritualBox 的 Host-only
arp-scan -I eth0 -l
⬢ The Planets: Mercury arp-scan -I eth0 -l Interface: eth0, type: EN10MB, MAC: 00:50:56:27:27:36, IPv4: 192.168.9.7 Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan) 192.168.9.2 08:00:27:ef:49:91 PCS Systemtechnik GmbH 192.168.9.80 08:00:27:41:4a:f9 PCS Systemtechnik GmbH 2 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9.7: 256 hosts scanned in 1.983 seconds (129.10 hosts/sec). 2 responded方法二、masscan 扫描的网段 -p 扫描端口号
masscan 192.168.184.0/24 -p 80,22
方法三、netdiscover -i 网卡-r 网段netdiscover -i eth0 -r 192.168.184.0/24
方法四、等你们补充 2.1.2 查看靶机开放的端口使用nmap -A -sV -T4 -p- 靶机ip查看靶机开放的端口
⬢ The Planets: Mercury nmap -A -sV -T4 -p- 192.168.9.80 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-21 14:25 CST Nmap scan report for bogon (192.168.9.80) Host is up (0.00032s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 c8:24:ea:2a:2b:f1:3c:fa:16:94:65:bd:c7:9b:6c:29 (RSA) | 256 e8:08:a1:8e:7d:5a:bc:5c:66:16:48:24:57:0d:fa:b8 (ECDSA) |_ 256 2f:18:7e:10:54:f7:b9:17:a2:11:1d:8f:b3:30:a5:2a (ED25519) 8080/tcp open http-proxy WSGIServer/0.2 CPython/3.8.2 | fingerprint-strings: | FourOhFourRequest: | HTTP/1.1 404 Not Found | Date: Thu, 21 Apr 2022 06:25:44 GMT | Server: WSGIServer/0.2 CPython/3.8.2 | Content-Type: text/html | X-Frame-Options: DENY | Content-Length: 2366 | X-Content-Type-Options: nosniff | Referrer-Policy: same-origin | | | | |Page not found at /nice ports,/Trinity.txt.bak | |