vulhub venom

---

靶场环境

`vmware
靶场信息：https://www.vulnhub.com/entry/venom-1,701/
下载地址：https://download.vulnhub.com/venom/venom.zip
新建虚拟机打开下载后的ovf文件
遇见导入失败合规性检查时，重试加载即可
攻击机kali net模式
受害机 venom net模式

信息收集

arp-scan -l

nmap 192.168.80.165
Starting Nmap 7.91 ( https://nmap.org ) at 2023-09-19 21:50 CST
Nmap scan report for 192.168.80.165
Host is up (0.0014s latency).
Not shown: 994 filtered ports
PORT     STATE  SERVICE
21/tcp   open   ftp
22/tcp   closed ssh
80/tcp   open   http
443/tcp  open   https
7070/tcp closed realserver
8084/tcp closed websnp

爆破账号密码

http://192.168.80.165/

查看源码

ftp服务

hostinger/hostinger

files有txt

Hey there... 

T0D0 --

* You need to follow the 'hostinger' on WXpOU2FHSnRVbWhqYlZGblpHMXNibHBYTld4amJWVm5XVEpzZDJGSFZuaz0= also aHR0cHM6Ly9jcnlwdGlpLmNvbS9waXBlcy92aWdlbmVyZS1jaXBoZXI=
* some knowledge of cipher is required to decode the dora password..
* try on venom.box
password -- L7f9l8@J#p%Ue+Q1234 -> deocode this you will get the administrator password 


Have fun .. :)

1.需要解码其中的 base64.
2.需要一些密码知识来解码 dora 的密码…
3.主机名是 venom.box。
4.解码 L7f9l8@J#p%Ue+Q1234 你会得到管理员密码

二、信息利用

# echo WXpOU2FHSnRVbWhqYlZGblpHMXNibHBYTld4amJWVm5XVEpzZDJGSFZuaz0= | base64 -d | base64 -d | base64 -d
standard vigenere cipher                                                                                                                                            
┌──(rootguiltyfet)-[/home/guiltyfet]
└─# echo aHR0cHM6Ly9jcnlwdGlpLmNvbS9waXBlcy92aWdlbmVyZS1jaXBoZXI= | base64 -d                            
https://cryptii.com/pipes/vigenere-cipher    

linux通过修改/etc/hosts文件 添加IP地址与域名的映射

修改/etc/hosts文件指令

sudo vim /etc/hosts

sudo vim /etc/hosts                
                                                                                                                                            
┌──(rootguiltyfet)-[/home/guiltyfet]
└─# sudo /etc/init.d/networking restart
Restarting networking (via systemctl): networking.service.

echo "192.168.80.165 venom.box"