当前位置:网站首页>Vulnhub's funfox2
Vulnhub's funfox2
2022-07-07 20:06:00 【Plum_ Flowers_ seven】
Catalog
3、 ... and 、zip Password cracking
2.john Crack the decompression password
One 、nmap Routine scanning
Scan out ftp service , And can be accessed anonymously
also 22 and 80
This range is from 80 Port did not find a breakthrough , The main page is apache The default page for , There is no hidden directory .
Two 、FTP Anonymous access
1.mget
mget *
mget Download all the files .
get Download the two hidden files
2. View hidden files
It probably means that the password is hidden zip In file . And the password of the compressed file is older
3、 ... and 、zip Password cracking
1. Transform first hash
2.john Crack the decompression password
(1)cathtine success
(2)tom success
3. Private key id_rsa Sign in
tom Can successfully login
Four 、sudo Raise the right
Can execute all sudo command , And in mysql_history The password was leaked in .
Direct use of sudo -s Mention right to success
But this is rbash One is limited shell
5、 ... and 、rbash The escape
Conditions 1: There is mysql 3306
Conditions 2:sudo Can execute all commands
1. With root function mysql
adopt mysql Directly execute operating system commands . Achieve a rebound root The powers of the shell.
边栏推荐
- Vulnhub tre1
- 时间工具类
- Automatic classification of defective photovoltaic module cells in electroluminescence images-论文阅读笔记
- 吞吐量Throughout
- 【STL】vector
- LC: string conversion integer (ATOI) + appearance sequence + longest common prefix
- A pot of stew, a collection of common commands of NPM and yarn cnpm
- ASP.NET学习& asp‘s one word
- openEuler 资源利用率提升之道 01:概论
- 8 CAS
猜你喜欢
【STL】vector
九章云极DataCanvas公司摘获「第五届数字金融创新大赛」最高荣誉!
关于cv2.dnn.readNetFromONNX(path)就报ERROR during processing node with 3 inputs and 1 outputs的解决过程【独家发布】
Introduction to bit operation
![最多可以参加的会议数目[贪心 + 优先队列]](/img/f3/e8e939e0393efc404cc159d7d33364.png)
最多可以参加的会议数目[贪心 + 优先队列]
【哲思与实战】程序设计之道
让这个 CRMEB 单商户微信商城系统火起来,太好用了!
Open source heavy ware! Chapter 9 the open source project of ylarn causal learning of Yunji datacanvas company will be released soon!
Flink并行度和Slot详解
干货分享|DevExpress v22.1原版帮助文档下载集合
随机推荐
pom. Brief introduction of XML configuration file label function
Chapter 9 Yunji datacanvas was rated as 36 krypton "the hard core technology enterprise most concerned by investors"
[RT thread env tool installation]
vulnhub之tre1
gorilla官方:golang开websocket client的示例代码
The DBSCAN function of FPC package of R language performs density clustering analysis on data, checks the clustering labels of all samples, and the table function calculates the two-dimensional contin
Data island is the first danger encountered by enterprises in their digital transformation
整型int的拼接和拆分
Cloud 组件发展升级
力扣599. 两个列表的最小索引总和
使用高斯Redis实现二级索引
【剑指offer】剑指 Offer II 012. 左右两边子数组的和相等
R language ggplot2 visualization: use the ggdensity function of ggpubr package to visualize the packet density graph, and use stat_ overlay_ normal_ The density function superimposes the positive dist
My creation anniversary
力扣 459. 重复的子字符串
Classification automatique des cellules de modules photovoltaïques par défaut dans les images de lecture électronique - notes de lecture de thèse
Notes...
Le PGR est - il utile au travail? Comment choisir une plate - forme fiable pour économiser le cœur et la main - d'œuvre lors de la préparation de l'examen!!!
力扣 2319. 判断矩阵是否是一个 X 矩阵
CSDN syntax description