靶机下载地址:https://hackmyvm.eu/machines/machine.php?vm=Icecream
首先扫描端口。
└─$ nmap -sV -sC -Pn -p- -oN port.log 192.168.56.131
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-09 16:53 CST
Nmap scan report for 192.168.56.131
Host is up (0.0022s latency).
Not shown: 65530 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)
| ssh-hostkey:
| 256 68:94:ca:2f:f7:62:45:56:a4:67:84:59:1b:fe:e9:bc (ECDSA)
|_ 256 3b:79:1a:21:81:af:75:c2:c1:2e:4e:f5:a3:9c:c9:e3 (ED25519)
80/tcp open http nginx 1.22.1 16:53:50 [45/64]
|_http-server-header: nginx/1.22.1
|_http-title: 403 Forbidden
139/tcp open netbios-ssn Samba smbd 4.6.2
445/tcp open netbios-ssn Samba smbd 4.6.2
9000/tcp open cslistener?
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 Not Found
| Server: Unit/1.33.0
| Date: Wed, 09 Oct 2024 08:54:00 GMT
| Content-Type: application/json
| Content-Length: 40
| Connection: close
| "error": "Value doesn't exist."
| GetRequest:
| HTTP/1.1 200 OK
| Server: Unit/1.33.0
| Date: Wed, 09 Oct 2024 08:54:00 GMT
| Content-Type: application/json
| Content-Length: 1042
| Connection: close
| "certificates": {},
| "js_modules": {},
| "config": {
| "listeners": {},
| "routes": [],
| "applications": {}
| "status": {
| "modules": {
| "python": {
| "version": "3.11.2",
| "lib": "/usr/lib/unit/modules/python3.11.unit.so"
| "php": {
| "version": "8.2.18",
| "lib": "/usr/lib/unit/modules/php.unit.so"
| "perl": {
| "version": "5.36.0",
| "lib": "/usr/lib/unit/modules/perl.unit.so"
| "ruby": {
| "version": "3.1.2",
| "lib": "/usr/lib/unit/modules/ruby.unit.so"
| "java": {
| "version": "17.0.11",
| "lib": "/usr/lib/unit/modules/java17.unit.so"
| "wasm": {
| "version": "0.1",
| "lib": "/usr/lib/unit/modules/wasm.unit.so"
| HTTPOptions:
| HTTP/1.1 405 Method Not Allowed
| Server: Unit/1.33.0
| Date: Wed, 09 Oct 2024 08:54:00 GMT
| Content-Type: application/json
| Content-Length: 35
| Connection: close
|_ "error": "Invalid method."
...
Host script results:
|_clock-skew: -3s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
| smb2-time:
| date: 2024-10-09T08:54:00
|_ start_date: N/A
|_nbstat: NetBIOS name: ICECREAM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
查看smb。
└─$ smbclient -L 192.168.56.131
Password for [WORKGROUP\kali]:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
icecream Disk tmp Folder
IPC$ IPC IPC Service (Samba 4.17.12-Debian)
nobody Disk Home Directories
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
Protocol negotiation to server 192.168.56.131 (for a protocol between LANMAN1 and NT1) failed: NT_STA
TUS_INVALID_NETWORK_RESPONSE
Unable to connect with SMB1 -- no workgroup available