师傅你好,你这边是不是写错了,
https://www.exploit-db.com/exploits/36251
靶机下载地址:
- Download: https://drive.google.com/file/d/1rwxlRMOJJ8GGj2VshAOvgqgUM_Z-OV9z/view
- Download (Torrent): https://download.vulnhub.com/typhoon/Typhoon-v1.02.ova.torrent ( Magnet)
靶机渗透难度相对简单,利用方式很多。有兴趣的同学可以自己下载试一试
主机发现
root@Shockwave:~# arp-scan -l
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.2.1 cc:81:da:9c:d3:49 (Unknown)
192.168.2.25 a4:38:cc:dc:7e:f2 (Unknown)
192.168.2.121 f0:18:98:04:80:24 (Unknown)
192.168.2.149 00:0c:29:d6:53:2b VMware, Inc.
192.168.2.149 f0:18:98:04:80:24 (Unknown) (DUP: 2)
192.168.2.171 00:ec:0a:7d:a5:3a (Unknown)
6 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9: 256 hosts scanned in 2.427 seconds (105.48 hosts/sec). 6 responded
在192.168.2.149
发现主机
端口探测
root@Shockwave:~# nmap -A 192.168.2.149
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-08 13:42 EST
Nmap scan report for 192.168.111.168
Host is up (0.00073s latency).
Not shown: 983 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.2
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
| ftp-syst:
| STAT:
| FTP server status:
| Connected to 192.168.111.188
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 2
| vsFTPd 3.0.2 - secure, fast, stable
|_End of status
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 02:df:b3:1b:01:dc:5e:fd:f9:96:d7:5b:b7:d6:7b:f9 (DSA)
| 2048 de:af:76:27:90:2a:8f:cf:0b:2f:22:f8:42:36:07:dd (RSA)
| 256 70:ae:36:6c:42:7d:ed:1b:c0:40:fc:2d:00:8d:87:11 (ECDSA)
|_ 256 bb:ce:f2:98:64:f7:8f:ae:f0:dd:3c:23:3b:a6:0f:61 (ED25519)
25/tcp open smtp Postfix smtpd
|_smtp-commands: typhoon, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
| ssl-cert: Subject: commonName=typhoon
| Not valid before: 2018-10-22T19:38:20
|_Not valid after: 2028-10-19T19:38:20
|_ssl-date: TLS randomness does not represent time
53/tcp open domain ISC BIND 9.9.5-3 (Ubuntu Linux)
| dns-nsid:
|_ bind.version: 9.9.5-3-Ubuntu
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
| http-robots.txt: 1 disallowed entry
|_/mongoadmin/
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Typhoon Vulnerable VM by PRISMA CSI
110/tcp open pop3 Dovecot pop3d
|_pop3-capabilities: RESP-CODES UIDL SASL PIPELINING CAPA STLS AUTH-RESP-CODE TOP
| ssl-cert: Subject: commonName=typhoon/organizationName=Dovecot mail server
| Not valid before: 2018-10-22T19:38:49
|_Not valid after: 2028-10-21T19:38:49
|_ssl-date: TLS randomness does not represent time
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100003 2,3,4 2049/tcp nfs
| 100003 2,3,4 2049/udp nfs
| 100005 1,2,3 40597/tcp mountd
| 100005 1,2,3 60536/udp mountd
| 100021 1,3,4 38498/udp nlockmgr
| 100021 1,3,4 57277/tcp nlockmgr
| 100024 1 33465/tcp status
| 100024 1 42988/udp status
| 100227 2,3 2049/tcp nfs_acl
|_ 100227 2,3 2049/udp nfs_acl
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp open imap Dovecot imapd (Ubuntu)
|_imap-capabilities: STARTTLS more LOGIN-REFERRALS Pre-login ID LOGINDISABLEDA0001 listed ENABLE post-login OK SASL-IR capabilities have IDLE IMAP4rev1 LITERAL+
| ssl-cert: Subject: commonName=typhoon/organizationName=Dovecot mail server
| Not valid before: 2018-10-22T19:38:49
|_Not valid after: 2028-10-21T19:38:49
|_ssl-date: TLS randomness does not represent time
445/tcp open netbios-ssn Samba smbd 4.1.6-Ubuntu (workgroup: WORKGROUP)
631/tcp open ipp CUPS 1.7
| http-methods:
|_ Potentially risky methods: PUT
| http-robots.txt: 1 disallowed entry
|_/
|_http-server-header: CUPS/1.7 IPP/2.1
|_http-title: Home - CUPS 1.7.2
993/tcp open ssl/imap Dovecot imapd (Ubuntu)
|_imap-capabilities: more LITERAL+ Pre-login ID LOGIN-REFERRALS listed ENABLE post-login OK SASL-IR capabilities have AUTH=PLAINA0001 IDLE IMAP4rev1
| ssl-cert: Subject: commonName=typhoon/organizationName=Dovecot mail server
| Not valid before: 2018-10-22T19:38:49
|_Not valid after: 2028-10-21T19:38:49
|_ssl-date: TLS randomness does not represent time
995/tcp open ssl/pop3 Dovecot pop3d
|_pop3-capabilities: RESP-CODES UIDL SASL(PLAIN) PIPELINING CAPA AUTH-RESP-CODE USER TOP
| ssl-cert: Subject: commonName=typhoon/organizationName=Dovecot mail server
| Not valid before: 2018-10-22T19:38:49
|_Not valid after: 2028-10-21T19:38:49
|_ssl-date: TLS randomness does not represent time
2049/tcp open nfs_acl 2-3 (RPC #100227)
3306/tcp open mysql MySQL (unauthorized)
5432/tcp open postgresql PostgreSQL DB 9.3.3 - 9.3.5
| ssl-cert: Subject: commonName=typhoon
| Not valid before: 2018-10-22T19:38:20
|_Not valid after: 2028-10-19T19:38:20
|_ssl-date: TLS randomness does not represent time
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
| http-methods:
|_ Potentially risky methods: PUT DELETE
|_http-open-proxy: Proxy might be redirecting requests
|_http-server-header: Apache-Coyote/1.1
|_http-title: Apache Tomcat
MAC Address: 00:0C:29:D6:53:2B (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: typhoon, TYPHOON; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Host script results:
|_clock-skew: mean: -1h14m12s, deviation: 1h09m16s, median: -34m13s
|_nbstat: NetBIOS name: TYPHOON, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-os-discovery:
点击收藏 | 1
关注 | 1