hackmyvm Keys靶机复盘
难度-Hard
hackmyvm Keys靶机复盘
网段扫描
1
2
3
4
5
6
7
8
Interface: eth0, type: EN10MB, MAC: 00:0c:29:d1:27:55, IPv4: 192.168.137.190
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.137.1 3e:21:9c:12:bd:a3 (Unknown: locally administered)
192.168.137.34 3e:21:9c:12:bd:a3 (Unknown: locally administered)
192.168.137.64 a0:78:17:62:e5:0a Apple, Inc.
8 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.267 seconds (112.92 hosts/sec). 3 responded
端口扫描
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-23 00:08 EDT
Nmap scan report for keys.mshome.net (192.168.137.34)
Host is up (0.0076s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5 (protocol 2.0)
| ssh-hostkey:
| 3072 6e:b1:d1:09:f5:dc:01:29:ed:9d:4f:8e:a7:7a:a0:a6 (RSA)
| 256 35:f4:29:df:64:6a:be:7f:9f:0a:9f:ee:07:e4:19:07 (ECDSA)
|_ 256 4e:0f:f7:32:cc:c7:91:57:07:d9:50:0a:38:c9:e5:11 (ED25519)
80/tcp open http nginx 1.18.0
|_http-server-header: nginx/1.18.0
|_http-title: The World of Keys
MAC Address: 3E:21:9C:12:BD:A3 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.54 seconds
获取webshell
好了查看礼物先
给一个字典
有点多
感觉像一个故事,但是太多了翻译都很麻烦
有东西了
好了
提权
序号是这个4695
里面压缩包都是私钥
只有steve是不知道可以尝试私钥登录的
没找到私钥么
刚刚目录不对,不断按空格就行了
这里是私钥的提示啊,那没啥用
那就是有密码
然后是什么
看wp是什么内容应该怎么利用
结束
userflag:4vJkfrYnYT7Q6PwVDll6
rootflag:AeQgWYpsNcuL4BzXH2p1
This post is licensed under CC BY 4.0 by the author.