当前位置:网站首页>Hackmyvm target series (2) -warrior
Hackmyvm target series (2) -warrior
2022-07-06 14:04:00 【The moon should know my meaning】
One 、 information gathering
Scan network segment first , Detect live hosts , Because there are too many campus network hosts , I'll steal a little lazy .
Target host found IP
nmap -sP 192.168.200.0/24 | grep -i -B 2 virtualbox
Use nmap Scan the target port , Explore open services .
nmap -sT -T4 -sV -sC -O -A -p- 192.168.200.183
Here's the picture , Scan to two ports , Namely ssh and http service 
Visit http service , View the source code , However, no useful information was found .
Use dirsearch Do a directory scan .
dirsearch -u http://192.168.200.183/ -e php,html,txt,db,bak,zip,7z,gz -x 404,301,500-599 -t 50 -r -R 3
Find the following information .
visit robots.txt file , I found these files and directories below , Visit one by one .
user.txt, It should be a user name 
Translate it , This probably means to constantly change mac Last digit of address , And up there secret.txt Because this is the scope of transformation , just 16 position .
Two 、 Exploit
Change the computer's MAC Address , The use cases are as follows :
Prevent some software from recording your true MAC Address
The network administrator blocked your MAC Address
After testing, only mac The address is 00:00:00:00:00:af Successful access
ifconfig eth0 down
ifconfig eth0 hw ether 00:00:00:00:00:af
ifconfig eth0 up
Pictured above , Got the code Zurviv0r1
First I used user.txt In the middle of loco, But login failed . But I saw that sentence mentioned bro, So log in again with this user . Login successful !( Hey ! Fortunately, the picture was cut at that time )
Get the first one flag
3、 ... and 、 Elevated privileges
Let's see if it works sudo The abuse of .
??? There is no such order ?
Don't panic , try suid Raise the right .
View with s Permission file , I found that there was actually one sudo. Quickly check the environment variables .??? Really , No environment variables /usr/sbin/ Catalog .
Enter the following command , Find out task The command does not need a password to be able to root Permission to run
sudo -l
utilize task Order to raise rights
/usr/sbin/sudo task execute /bin/bash
Pictured , Successfully promoted the permission to root
Get the last one flag
边栏推荐
- SQL注入
- Experiment 6 inheritance and polymorphism
- 搭建域环境(win)
- Safe driving skills on ice and snow roads
- xray與burp聯動 挖掘
- Force deduction 152 question multiplier maximum subarray
- Meituan dynamic thread pool practice ideas, open source
- 7-6 local minimum of matrix (PTA program design)
- 强化学习基础记录
- . Net6: develop modern 3D industrial software based on WPF (2)
猜你喜欢
7-5 staircase upgrade (PTA program design)
HackMyvm靶机系列(7)-Tron
搭建域环境(win)
HackMyvm靶机系列(1)-webmaster
Hackmyvm target series (7) -tron
1. First knowledge of C language (1)
Using spacedesk to realize any device in the LAN as a computer expansion screen
Harmonyos JS demo application development
Package bedding of components
Mixlab unbounded community white paper officially released
随机推荐
The difference between abstract classes and interfaces
【头歌educoder数据表中数据的插入、修改和删除】
Zatan 0516
记一次猫舍由外到内的渗透撞库操作提取-flag
撲克牌遊戲程序——人機對抗
HackMyvm靶机系列(5)-warez
[experiment index of educator database]
7-6 local minimum of matrix (PTA program design)
MATLAB打开.m文件乱码解决办法
Hackmyvm target series (4) -vulny
Miscellaneous talk on May 27
Mixlab unbounded community white paper officially released
记一次edu,SQL注入实战
内网渗透之内网信息收集(五)
实验七 常用类的使用
Experiment 7 use of common classes
2022 Teddy cup data mining challenge question C idea and post game summary
7-14 error ticket (PTA program design)
实验四 数组
xray与burp联动 挖掘