首页 > 其他分享 >Vulnhub之Foxholes靶机详细解题过程

Vulnhub之Foxholes靶机详细解题过程

时间:2022-11-21 12:02:37浏览次数:65  
标签:56.199 Sep kali fox 192.168 2020 Vulnhub Foxholes 靶机

作者: jason_huawen

靶机基本信息

名称:FoxHole: 1.0.1

地址:https://www.vulnhub.com/entry/foxhole-101,566/

识别目标主机IP地址

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ sudo netdiscover -i eth1

Currently scanning: 192.168.62.0/16   |   Screen View: Unique Hosts                                                                                                                                                             
                                                                                                                                                                                                                                 
 3 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 180                                                                                                                                                                 
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 192.168.56.1    0a:00:27:00:00:0a      1      60  Unknown vendor                                                                                                                                                                
 192.168.56.100  08:00:27:5a:b6:37      1      60  PCS Systemtechnik GmbH                                                                                                                                                        
 192.168.56.199  08:00:27:7b:ef:39      1      60  PCS Systemtechnik GmbH

利用Kali Linux自带的netdiscover工具识别目标主机的IP地址为192.168.56.199

NMAP扫描

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.199 -oN nmap_full_scan
Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-20 22:00 EST
Nmap scan report for bogon (192.168.56.199)
Host is up (0.000066s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 15:de:6d:52:fd:1e:66:db:12:60:bf:b9:bb:fa:83:07 (RSA)
|   256 18:4c:0a:6f:cc:77:c3:30:ad:8c:c5:0a:74:e0:7c:79 (ECDSA)
|_  256 23:37:4f:55:2b:13:c5:46:a0:3a:24:e2:95:da:8d:27 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Photosen — Colorlib Website Template
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:7B:EF:39 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.43 seconds

NMAP扫描结果表明目标主机有2个开放端口22(SSH)、80(HTTP)

Get Access

浏览80端口,返回是一个照片网站。

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ curl http://192.168.56.199/robots.txt                            
/secret.html


┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ curl http://192.168.56.199/secret.html
<!DOCTYPE html>
<html lang="en">
<body>
        <center>
                <img src="images/x.png">
                <h1> Jebaited </h1>
                
                <br>
                <a> There IS a hint <i>somewhere</i> though, keep looking ;3
        </center>
</body>

里面有一张图片,下载到本地:

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ wget http://192.168.56.199/images/x.png
--2022-11-20 22:06:18--  http://192.168.56.199/images/x.png
Connecting to 192.168.56.199:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25995 (25K) [image/png]
Saving to: ‘x.png’

x.png                                                    100%[================================================================================================================================>]  25.39K  --.-KB/s    in 0s      

2022-11-20 22:06:18 (723 MB/s) - ‘x.png’ saved [25995/25995]



┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ nikto -h http://192.168.56.199
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.56.199
+ Target Hostname:    192.168.56.199
+ Target Port:        80
+ Start Time:         2022-11-20 22:07:37 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.4.41 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /, inode: 23af, size: 5aee8ce5af43c, mtime: gzip
+ Allowed HTTP Methods: OPTIONS, HEAD, GET, POST 
+ OSVDB-3092: /admin.html: This might be interesting...
+ OSVDB-3268: /css/: Directory indexing found.
+ OSVDB-3092: /css/: This might be interesting...
+ OSVDB-3092: /readme.txt: This might be interesting...
+ OSVDB-3268: /images/: Directory indexing found.
+ 9535 requests: 0 error(s) and 10 item(s) reported on remote host
+ End Time:           2022-11-20 22:07:54 (GMT-5) (17 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


      *********************************************************************
      Portions of the server's headers (Apache/2.4.41) are not in
      the Nikto 2.1.6 database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to [email protected]) (y/n)?

发现了/admin.html页面

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ curl http://192.168.56.199/admin.html 
<!DOCTYPE html>
<html lang="en">
<body>
        <center>
                <img src="images/smug.png">
                <h1> Try harder~ There's no admin panel here~ </h1>
                <
                <a> Maybe take a nice *deep* look at that one purple fox picture? I dunno. </a>
        </center>
</body>

作者提示:紫色的狐狸图片?

/images目录下确实看到了一张purple的狐狸图片,将其下载到Kali Linux本地

http://192.168.56.199/images/foxy.jpeg

但是有啥,回过头去,查看/images目录有什么图片,发现我刚才遗漏了一张,文件名是foxy1.jpeg,也是狐狸,将其下载到本地

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ wget http://192.168.56.199/images/foxy1.jpeg
--2022-11-20 22:19:27--  http://192.168.56.199/images/foxy1.jpeg
Connecting to 192.168.56.199:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101229 (99K) [image/jpeg]
Saving to: ‘foxy1.jpeg’

foxy1.jpeg                                               100%[================================================================================================================================>]  98.86K  --.-KB/s    in 0.001s  

2022-11-20 22:19:27 (99.0 MB/s) - ‘foxy1.jpeg’ saved [101229/101229]

                                                                                                                                                                                                                                  
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ ls
foxy1.jpeg  foxy.jpeg  nmap_full_scan  x.png
                                                                                                                                                                                                                                  
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ steghide extract -sf foxy1.jpeg                        
Enter passphrase: 
                                                                                                                                                                                                                                  
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ stegseek foxy1.jpeg -wl /usr/share/wordlists/rockyou.txt 
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek

[i] Found passphrase: ""
[i] Original filename: "msg.txt".
[i] Extracting to "foxy1.jpeg.out".

                                                                                                                                                                                                                                  
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ ls
foxy1.jpeg  foxy1.jpeg.out  foxy.jpeg  nmap_full_scan  x.png
                                                                                                                                                                                                                                  
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ cat foxy1.jpeg.out                   
WTB1M3NjYXAzZFRoM0YweEgwbGUhClVzZXJuYW1lIGlzIGZveCA7Mw==
                                                                                                                                                                                                                                  
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ echo "WTB1M3NjYXAzZFRoM0YweEgwbGUhClVzZXJuYW1lIGlzIGZveCA7Mw==" | base64 -d
Y0u3scap3dTh3F0xH0le!
Username is fox ;3

这会不是ssh用户名和密码,试一试

┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ ssh [email protected]                                  
The authenticity of host '192.168.56.199 (192.168.56.199)' can't be established.
ED25519 key fingerprint is SHA256:Rm2f273lnPEJLx3YgNDWBN20k3xpMgYGce2VnFNjMEQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.56.199' (ED25519) to the list of known hosts.
[email protected]'s password: 
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-47-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage


304 updates can be installed immediately.
112 of these updates are security updates.
To see these additional updates run: apt list --upgradable


The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings

Your Hardware Enablement Stack (HWE) is supported until April 2025.
Last login: Thu Sep 10 14:05:53 2020
fox@FoxHole:~$ id
uid=1000(fox) gid=1000(fox) groups=1000(fox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare)

成功登录SSH

fox@FoxHole:/home$ cd fox
fox@FoxHole:~$ ls -alh
total 104K
drwxr-xr-x 17 fox  fox  4.0K Sep  9  2020 .
drwxr-xr-x  3 root root 4.0K Sep  9  2020 ..
lrwxrwxrwx  1 fox  fox     9 Sep  9  2020 .bash_history -> /dev/null
-rw-r--r--  1 fox  fox   220 Sep  9  2020 .bash_logout
-rw-r--r--  1 fox  fox  3.7K Sep  9  2020 .bashrc
drwx------ 13 fox  fox  4.0K Sep  9  2020 .cache
drwxr-xr-x 13 fox  fox  4.0K Sep  9  2020 .config
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Desktop
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Documents
drwxr-xr-x  4 fox  fox  4.0K Sep  9  2020 Downloads
-rw-------  1 fox  fox   797 Sep  9  2020 .gdb_history
-rw-rw-r--  1 fox  fox    22 Sep  9  2020 .gdbinit
-rwsrwxr-x  1 root root  16K Sep  9  2020 GiveMeRootPlz
drwx------  3 fox  fox  4.0K Nov 21 03:25 .gnupg
drwxr-xr-x  3 fox  fox  4.0K Sep  9  2020 .local
drwx------  5 fox  fox  4.0K Sep  9  2020 .mozilla
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Music
drwxrwxr-x  4 fox  fox  4.0K Sep  9  2020 peda
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Pictures
-rw-r--r--  1 fox  fox   807 Sep  9  2020 .profile
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Public
drwx------  2 fox  fox  4.0K Sep  9  2020 .ssh
-rw-r--r--  1 fox  fox     0 Sep  9  2020 .sudo_as_admin_successful
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Templates
drwxr-xr-x  2 fox  fox  4.0K Sep  9  2020 Videos
fox@FoxHole:~$ ./GiveMeRootPlz 

Do you want the root password?yes

You didn't convince me!
Maybe you should write me a *very long* reason why I should give you the password

这个GiveMeRootPlz很可以,将其下载到Kali Linux本地分析

Do you want the root password?yes

You didn't convince me!
Maybe you should write me a *very long* reason why I should give you the password
fox@FoxHole:~$ ./GiveMeRootPlz

是不是有缓冲区溢出漏洞?

fox@FoxHole:~$ ./GiveMeRootPlz 

Do you want the root password?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault (core dumped)

可以看到确实存在缓冲区溢出漏洞,那么如何利用呢?

太复杂了,暂时放弃对缓冲区溢出漏洞的利用。

标签:56.199,Sep,kali,fox,192.168,2020,Vulnhub,Foxholes,靶机
From: https://www.cnblogs.com/jason-huawen/p/16910970.html

相关文章

  • Vulnhub之Driftingblues 7靶机解题过程
    Driftingblues7识别目标主机IP地址┌──(kali㉿kali)-[~/Vulnhub/Driftingblue7]└─$sudonetdiscover-ieth1Currentlyscanning:192.168.66.0/16|Screen......
  • 靶机练习: y0usef
    靶机:y0usef准备工作靶机地址:https://download.vulnhub.com/y0usef/y0usef.ovaMD5校验:28c5d869b003be94b2d8ab4b7b54a3b9SHA检验:aca12b3a13e93e84555d36629......
  • vulnhub常见编码总结
    jsfuck编码编码格式:vara="Loading..."varb1="[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!......
  • Vulnhub之Driftingblues 5靶机详细解题过程(部分)
    Driftingblues5识别目标主机IP地址┌──(kali㉿kali)-[~/Vulnhub/Driftingblue5]└─$sudonetdiscover-ieth1Currentlyscanning:192.168.124.0/16|Scree......
  • vulnhub靶场之DEATHNOTE: 1
    准备:攻击机:虚拟机kali、本机win10。靶机:DEATHNOTE:1,网段地址我这里设置的桥接,所以与本机电脑在同一网段,下载地址:https://download.vulnhub.com/deathnote/Deathnote.ova......
  • Vulnhub之Driftingblues 4靶机详细解题过程
    作者:jason_huawen靶机基本信息名称:DriftingBlues:4地址:https://www.vulnhub.com/entry/driftingblues-4,661/识别目标主机IP地址┌──(kali㉿kali)-[~/Vulnhub/Dri......
  • Vulnhub之Dr4g0n b4ll靶机解题过程
    Dr4g0nb4ll识别目标主机IP地址本靶机存在无法从virutualbox自动获取IP地址的问题,参照本人的相关文章首先解决该问题。─(kali㉿kali)-[~/Vulnhub/Dr4g0n_b4ll]└─$s......
  • Vulnhub之Doomsday Device靶机解题过程(部分)
    DoomsdayDevice识别目标主机IP地址──(kali㉿kali)-[~/Vulnhub/Doomsday_Device]└─$sudonetdiscover-ieth1Currentlyscanning:192.168.177.0/16|Scree......
  • Vulnhub 之Dobby靶机详细解题过程
    Dobby识别目标主机IP地址──(kali㉿kali)-[~/Vulnhub/Dobby]└─$sudonetdiscover-ieth1利用KaliLinux自带的netdiscover工具识别目标主机IP地址为192.168.56......
  • vulnhub靶场OS-ByteSec
    0x000靶场描述难度:中级flag:2个flag第一个用户和第二个root学习:利用|中小企业|枚举|速记|权限提升联系:https://www.linkedin.com/in/rahulgehlaut/0x001靶场下载......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99