当前位置:网站首页>Hackmyvm target series (2) -warrior
Hackmyvm target series (2) -warrior
2022-07-06 14:04:00 【The moon should know my meaning】
One 、 information gathering
Scan network segment first , Detect live hosts , Because there are too many campus network hosts , I'll steal a little lazy .
Target host found IP
nmap -sP 192.168.200.0/24 | grep -i -B 2 virtualbox
Use nmap Scan the target port , Explore open services .
nmap -sT -T4 -sV -sC -O -A -p- 192.168.200.183
Here's the picture , Scan to two ports , Namely ssh and http service 
Visit http service , View the source code , However, no useful information was found .
Use dirsearch Do a directory scan .
dirsearch -u http://192.168.200.183/ -e php,html,txt,db,bak,zip,7z,gz -x 404,301,500-599 -t 50 -r -R 3
Find the following information .
visit robots.txt file , I found these files and directories below , Visit one by one .
user.txt, It should be a user name 
Translate it , This probably means to constantly change mac Last digit of address , And up there secret.txt Because this is the scope of transformation , just 16 position .
Two 、 Exploit
Change the computer's MAC Address , The use cases are as follows :
Prevent some software from recording your true MAC Address
The network administrator blocked your MAC Address
After testing, only mac The address is 00:00:00:00:00:af Successful access
ifconfig eth0 down
ifconfig eth0 hw ether 00:00:00:00:00:af
ifconfig eth0 up
Pictured above , Got the code Zurviv0r1
First I used user.txt In the middle of loco, But login failed . But I saw that sentence mentioned bro, So log in again with this user . Login successful !( Hey ! Fortunately, the picture was cut at that time )
Get the first one flag
3、 ... and 、 Elevated privileges
Let's see if it works sudo The abuse of .
??? There is no such order ?
Don't panic , try suid Raise the right .
View with s Permission file , I found that there was actually one sudo. Quickly check the environment variables .??? Really , No environment variables /usr/sbin/ Catalog .
Enter the following command , Find out task The command does not need a password to be able to root Permission to run
sudo -l
utilize task Order to raise rights
/usr/sbin/sudo task execute /bin/bash
Pictured , Successfully promoted the permission to root
Get the last one flag
边栏推荐
- Renforcer les dossiers de base de l'apprentissage
- 力扣152题乘数最大子数组
- Callback function ----------- callback
- Matlab opens M file garbled solution
- 【educoder数据库实验 索引】
- Spot gold prices rose amid volatility, and the rise in U.S. prices is likely to become the key to the future
- 4. Branch statements and loop statements
- Experiment 7 use of common classes (correction post)
- Wei Shen of Peking University revealed the current situation: his class is not very good, and there are only 5 or 6 middle-term students left after leaving class
- [VMware abnormal problems] problem analysis & Solutions
猜你喜欢
Mixlab unbounded community white paper officially released
. How to upload XMIND files to Jinshan document sharing online editing?
Intensive literature reading series (I): Courier routing and assignment for food delivery service using reinforcement learning
1143_ SiCp learning notes_ Tree recursion
7-5 走楼梯升级版(PTA程序设计)
Matlab opens M file garbled solution
SRC挖掘思路及方法
Reinforcement learning series (I): basic principles and concepts
Hackmyvm target series (4) -vulny
HackMyvm靶机系列(3)-visions
随机推荐
TypeScript快速入门
Nuxtjs quick start (nuxt2)
Relationship between hashcode() and equals()
Programme de jeu de cartes - confrontation homme - machine
Record a penetration of the cat shed from outside to inside. Library operation extraction flag
Difference and understanding between detected and non detected anomalies
简述xhr -xhr的基本使用
Differences among fianl, finally, and finalize
Which is more advantageous in short-term or long-term spot gold investment?
Canvas foundation 1 - draw a straight line (easy to understand)
Detailed explanation of three ways of HTTP caching
WEB漏洞-文件操作之文件包含漏洞
2022泰迪杯数据挖掘挑战赛C题思路及赛后总结
FAQs and answers to the imitation Niuke technology blog project (II)
内网渗透之内网信息收集(一)
canvas基础2 - arc - 画弧线
Using qcommonstyle to draw custom form parts
Safe driving skills on ice and snow roads
Get started with typescript
How to understand the difference between technical thinking and business thinking in Bi?