嗯,用户让我用中文总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章内容,抓住关键点。 文章讲的是作者在渗透测试的下一阶段,使用了searchsploit工具从Exploit-DB中查找可能的漏洞。他尝试了Metasploit模块,但发现这个漏洞不可行。于是他通过谷歌找到了另一个网页,成功获得了初始访问权限。接着,在提升权限时,他发现root密码非常弱,直接是“root”,从而成功提权。 现在我要把这些要点浓缩到100字以内。要包括:渗透测试、searchsploit工具、Exploit-DB、Metasploit失败、谷歌找到方法、初始访问、root密码弱、提权成功。 组合起来的话,可以这样写:作者在渗透测试中使用searchsploit查找漏洞,尝试Metasploit模块未果后,通过谷歌找到方法成功获得初始访问权限,并利用弱root密码完成权限提升。 检查一下字数,刚好在限制内。这样总结既全面又简洁。 </think> 作者在渗透测试中使用searchsploit工具查找漏洞,并尝试通过Metasploit模块进行攻击但未成功。随后通过谷歌找到方法并成功获得初始访问权限。最终利用弱root密码完成权限提升。 2026-3-3 06:2:23 Author: infosecwriteups.com(查看原文) 阅读量:3 收藏
In the next phase, I looked at the current services and found the right exploit as the image shown below:
Press enter or click to view image in full size
The metasploit module seems a good match, after trying it it seems that this exploit isn’t a viable approach!
Get Cyb0rgBytes’s stories in your inbox
Join Medium for free to get updates from this writer.
it seems that the exploit not working through metasploit or maybe requires some modifications, however I stumbled upon this webpage after some googling and gained a foothold successfully!
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size
lets keep going next for privilege escalation, it turns out and after some overthinking trying different methods for privilege escalation the PE Vector was actually simple which was weak root password.
the password for the root user was root.
Thanks for reading my write-up, stay tuned for the next ones!
如有侵权请联系:admin#unsafe.sh