当前位置:网站首页>Vulnhub's funfox2

Vulnhub's funfox2

2022-07-07 20:06:00 Plum_ Flowers_ seven

Catalog

One 、nmap Routine scanning

Two 、FTP Anonymous access

3、 ... and 、zip Password cracking

1. Transform first hash

2.john Crack the decompression password

3. Private key id_rsa Sign in

Four 、sudo Raise the right

5、 ... and 、rbash The escape

One 、nmap Routine scanning

Scan out ftp service , And can be accessed anonymously

also 22 and 80

This range is from 80 Port did not find a breakthrough , The main page is apache The default page for , There is no hidden directory .

  Two 、FTP Anonymous access

1.mget

mget *

mget Download all the files .

get Download the two hidden files

2. View hidden files

It probably means that the password is hidden zip In file . And the password of the compressed file is older

(1)[email protected]

 (2)[email protected]

3、 ... and 、zip Password cracking

1. Transform first hash

2.john Crack the decompression password

(1)cathtine success

(2)tom success

3. Private key id_rsa Sign in

tom Can successfully login

Four 、sudo Raise the right

Can execute all sudo command , And in mysql_history The password was leaked in .

Direct use of sudo -s Mention right to success

But this is rbash One is limited shell

5、 ... and 、rbash The escape

Conditions 1: There is mysql 3306

Conditions 2:sudo Can execute all commands

1. With root function mysql

adopt mysql Directly execute operating system commands . Achieve a rebound root The powers of the shell.

 

原网站

版权声明
本文为[Plum_ Flowers_ seven]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/188/202207071752385754.html

边栏推荐

猜你喜欢

随机推荐