当前位置:网站首页>Hackmyvm target series (2) -warrior
Hackmyvm target series (2) -warrior
2022-07-06 14:04:00 【The moon should know my meaning】
One 、 information gathering
Scan network segment first , Detect live hosts , Because there are too many campus network hosts , I'll steal a little lazy .
Target host found IP
nmap -sP 192.168.200.0/24 | grep -i -B 2 virtualbox
Use nmap Scan the target port , Explore open services .
nmap -sT -T4 -sV -sC -O -A -p- 192.168.200.183
Here's the picture , Scan to two ports , Namely ssh and http service 
Visit http service , View the source code , However, no useful information was found .
Use dirsearch Do a directory scan .
dirsearch -u http://192.168.200.183/ -e php,html,txt,db,bak,zip,7z,gz -x 404,301,500-599 -t 50 -r -R 3
Find the following information .
visit robots.txt file , I found these files and directories below , Visit one by one .
user.txt, It should be a user name 
Translate it , This probably means to constantly change mac Last digit of address , And up there secret.txt Because this is the scope of transformation , just 16 position .
Two 、 Exploit
Change the computer's MAC Address , The use cases are as follows :
Prevent some software from recording your true MAC Address
The network administrator blocked your MAC Address
After testing, only mac The address is 00:00:00:00:00:af Successful access
ifconfig eth0 down
ifconfig eth0 hw ether 00:00:00:00:00:af
ifconfig eth0 up
Pictured above , Got the code Zurviv0r1
First I used user.txt In the middle of loco, But login failed . But I saw that sentence mentioned bro, So log in again with this user . Login successful !( Hey ! Fortunately, the picture was cut at that time )
Get the first one flag
3、 ... and 、 Elevated privileges
Let's see if it works sudo The abuse of .
??? There is no such order ?
Don't panic , try suid Raise the right .
View with s Permission file , I found that there was actually one sudo. Quickly check the environment variables .??? Really , No environment variables /usr/sbin/ Catalog .
Enter the following command , Find out task The command does not need a password to be able to root Permission to run
sudo -l
utilize task Order to raise rights
/usr/sbin/sudo task execute /bin/bash
Pictured , Successfully promoted the permission to root
Get the last one flag
边栏推荐
- Get started with typescript
- SRC挖掘思路及方法
- Nuxtjs快速上手(Nuxt2)
- 简述xhr -xhr的基本使用
- 记一次edu,SQL注入实战
- 7-14 error ticket (PTA program design)
- 【数据库 三大范式】一看就懂
- HackMyvm靶机系列(3)-visions
- Interpretation of iterator related "itertools" module usage
- 深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
猜你喜欢
7-5 走楼梯升级版(PTA程序设计)
3. Input and output functions (printf, scanf, getchar and putchar)
HackMyvm靶机系列(2)-warrior
小程序web抓包-fiddler
Hackmyvm target series (4) -vulny
HackMyvm靶机系列(6)-videoclub
强化学习基础记录
"Gold, silver and four" job hopping needs to be cautious. Can an article solve the interview?
Callback function ----------- callback
强化學習基礎記錄
随机推荐
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
WEB漏洞-文件操作之文件包含漏洞
Hackmyvm target series (3) -visions
渗透测试学习与实战阶段分析
搭建域环境(win)
HackMyvm靶机系列(3)-visions
Nuxtjs quick start (nuxt2)
. Net6: develop modern 3D industrial software based on WPF (2)
Experiment 4 array
7-8 7104 Joseph problem (PTA program design)
使用Spacedesk实现局域网内任意设备作为电脑拓展屏
SRC mining ideas and methods
扑克牌游戏程序——人机对抗
Tencent map circle
2. First knowledge of C language (2)
HackMyvm靶机系列(6)-videoclub
XSS之冷门事件
Using spacedesk to realize any device in the LAN as a computer expansion screen
1143_ SiCp learning notes_ Tree recursion
【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...