当前位置:网站首页>Hackmyvm target series (2) -warrior
Hackmyvm target series (2) -warrior
2022-07-06 14:04:00 【The moon should know my meaning】
One 、 information gathering
Scan network segment first , Detect live hosts , Because there are too many campus network hosts , I'll steal a little lazy .
Target host found IP
nmap -sP 192.168.200.0/24 | grep -i -B 2 virtualbox
Use nmap Scan the target port , Explore open services .
nmap -sT -T4 -sV -sC -O -A -p- 192.168.200.183
Here's the picture , Scan to two ports , Namely ssh and http service 
Visit http service , View the source code , However, no useful information was found .
Use dirsearch Do a directory scan .
dirsearch -u http://192.168.200.183/ -e php,html,txt,db,bak,zip,7z,gz -x 404,301,500-599 -t 50 -r -R 3
Find the following information .
visit robots.txt file , I found these files and directories below , Visit one by one .
user.txt, It should be a user name 
Translate it , This probably means to constantly change mac Last digit of address , And up there secret.txt Because this is the scope of transformation , just 16 position .
Two 、 Exploit
Change the computer's MAC Address , The use cases are as follows :
Prevent some software from recording your true MAC Address
The network administrator blocked your MAC Address
After testing, only mac The address is 00:00:00:00:00:af Successful access
ifconfig eth0 down
ifconfig eth0 hw ether 00:00:00:00:00:af
ifconfig eth0 up
Pictured above , Got the code Zurviv0r1
First I used user.txt In the middle of loco, But login failed . But I saw that sentence mentioned bro, So log in again with this user . Login successful !( Hey ! Fortunately, the picture was cut at that time )
Get the first one flag
3、 ... and 、 Elevated privileges
Let's see if it works sudo The abuse of .
??? There is no such order ?
Don't panic , try suid Raise the right .
View with s Permission file , I found that there was actually one sudo. Quickly check the environment variables .??? Really , No environment variables /usr/sbin/ Catalog .
Enter the following command , Find out task The command does not need a password to be able to root Permission to run
sudo -l
utilize task Order to raise rights
/usr/sbin/sudo task execute /bin/bash
Pictured , Successfully promoted the permission to root
Get the last one flag
边栏推荐
- Experiment 8 exception handling
- QT meta object qmetaobject indexofslot and other functions to obtain class methods attention
- Using qcommonstyle to draw custom form parts
- Hackmyvm target series (5) -warez
- HackMyvm靶机系列(7)-Tron
- [data processing of numpy and pytoch]
- HackMyvm靶机系列(2)-warrior
- Beautified table style
- Mode 1 two-way serial communication is adopted between machine a and machine B, and the specific requirements are as follows: (1) the K1 key of machine a can control the ledi of machine B to turn on a
- 内网渗透之内网信息收集(五)
猜你喜欢
1. First knowledge of C language (1)
SRC mining ideas and methods
7-5 staircase upgrade (PTA program design)
Programme de jeu de cartes - confrontation homme - machine
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
2022 Teddy cup data mining challenge question C idea and post game summary
Record a penetration of the cat shed from outside to inside. Library operation extraction flag
附加简化版示例数据库到SqlServer数据库实例中
Reinforcement learning series (I): basic principles and concepts
Hackmyvm target series (4) -vulny
随机推荐
7-1 output all primes between 2 and n (PTA programming)
The difference between cookies and sessions
7-11 机工士姆斯塔迪奥(PTA程序设计)
Strengthen basic learning records
浅谈漏洞发现思路
7-7 7003 组合锁(PTA程序设计)
HackMyvm靶机系列(3)-visions
Inaki Ading
This time, thoroughly understand the MySQL index
[three paradigms of database] you can understand it at a glance
Wechat applet
Hackmyvm target series (4) -vulny
7-1 输出2到n之间的全部素数(PTA程序设计)
1143_ SiCp learning notes_ Tree recursion
7-14 错误票据(PTA程序设计)
Difference and understanding between detected and non detected anomalies
Tencent map circle
UGUI—Text
Mixlab unbounded community white paper officially released
Yugu p1012 spelling +p1019 word Solitaire (string)