嗯,用户让我总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”这样的开头。我得先仔细阅读一下文章内容。 文章讲的是渗透测试的过程,从侦察阶段开始,使用nmap扫描漏洞和开放端口。然后发现了Jserv ghostcat漏洞,利用Metasploit读取文件,获取了sky***用户的密码。接着转换gpg密文并破解,得到Merlin用户的密码。登录后通过sudo权限运行zip命令提权,最终获得root权限。 我需要把这些关键点浓缩到100字以内。首先提到渗透测试的步骤:侦察、nmap扫描、漏洞利用、读取文件、获取密码、破解gpg、提权到root。确保每个步骤都简洁明了。 可能会忽略一些技术细节,比如具体的工具使用和命令,但用户只需要一个简短的总结。所以重点放在过程和结果上。 最后检查一下字数是否符合要求,确保没有超过100字,并且语言通顺自然。 </think> 文章描述了一次渗透测试过程:通过nmap扫描目标系统,发现漏洞后利用Metasploit读取文件并获取用户密码。随后破解GPG密文以获取Merlin用户的密码,并通过sudo权限运行zip命令实现提权,最终成功获得root权限。 2026-3-20 05:6:57 Author: infosecwriteups.com(查看原文) 阅读量:6 收藏
In Every penetration testing engagement we start with reconnaissance, lets start with using our favorite tool “nmap”
Press enter or click to view image in full size
Later after digging in I searched for Jserv ghostcat, after that I managed to find an auxiliary module that reads a file.
Press enter or click to view image in full size
I managed to find the password for a User Called sky*** lets login into SSH and check if the credentials are valid.
Get Cyb0rgBytes’s stories in your inbox
Join Medium for free to get updates from this writer.
First we have to convert the gpg to readable text, so we can later crack it successfully.
Press enter or click to view image in full size
Second we import the GPG Hash with gpg in the sky*** user
Press enter or click to view image in full size
later we manage to login as the merlin user with the credential found and next, we type sudo -l to see what the user can run on the box.
we can see that /usr/bin/zip can be ran as sudo on merlin box, lets go to gtfoutbins to see the commands needed for root.
Bingo Root is achieved, until next ones!
如有侵权请联系:admin#unsafe.sh