Vulnhub靶机系列：pWnOS: 1.0

最新推荐文章于 2024-04-02 09:40:20 发布

尸者狗

最新推荐文章于 2024-04-02 09:40:20 发布

阅读量2.5k

点赞数 1

分类专栏： Vulnhub靶机系列文章标签：信息安全安全漏洞 ssh debian linux

本文链接：https://blog.csdn.net/Alexhcf/article/details/105172776

版权

文章目录

靶机地址
利用知识
信息收集并getshell
提权

靶机地址

https://www.vulnhub.com/entry/pwnos-10,33/
tip：如果Vmware在首次引导时询问您是复制还是移动了该虚拟机，请单击我已移动！否则，网络设置可能会混乱。

利用知识

SSH、LFI、脏牛(dirty cow)、dirmap、whatweb、goby、nmap、john、searchsploit等工具的使用

信息收集并getshell

导入虚拟机后–因为原设置为桥接所以设置里更改网卡–重启

netdiscover

在这里插入图片描述
很明显靶机地址为192.168.1.8
访问一下web页面

感觉没什么特殊的提示
看下网站的技术,我习惯用whatweb

whatweb -v http://192.168.1.8/index1.php?help=true&connect=true
WhatWeb report for http://192.168.1.8/index1.php?help=true
Status    : 200 OK
Title     : <None>
IP        : 192.168.1.8
Country   : RESERVED, ZZ

Summary   : Apache[2.2.4], X-Powered-By[PHP/5.2.3-1ubuntu6], HTTPServer[Ubuntu Linux][Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6], PHP[5.2.3-1ubuntu6][/var/www/index1.php]

Detected Plugins:
[ Apache ]
        The Apache HTTP Server Project is an effort to develop and 
        maintain an open-source HTTP server for modern operating 
        systems including UNIX and Windows NT. The goal of this 
        project is to provide a secure, efficient and extensible 
        server that provides HTTP services in sync with the current 
        HTTP standards. 

        Version      : 2.2.4 (from HTTP Server Header)
        Google Dorks: (3)
        Website     : http://httpd.apache.org/

[ HTTPServer ]
        HTTP server header string. This plugin also attempts to 
        identify the operating system from the server header. 

        OS           : Ubuntu Linux
        String       : Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6 (from server string)

[ PHP ]
        PHP is a widely-used general-purpose scripting language 
        that is especially suited for Web development and can be 
        embedded into HTML. This plugin identifies PHP errors, 
        modules and versions and extracts the local file path and 
        username if present. 

        Filepath     : /var/www/index1.php
        Version      : 5.2.3-1ubuntu6
        Version      : 5.2.3-1ubuntu6
        Google Dorks: (2)
        Website     : http://www.php.net/

[ X-Powered-By ]
        X-Powered-By HTTP header 

        String       : PHP/5.2.3-1ubuntu6 (from x-powered-by string)

HTTP Headers:
        HTTP/1.1 200 OK
        Date: Sat, 28 Mar 2020 19:52:32 GMT
        Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
        X-Powered-By: PHP/5.2.3-1ubuntu6
        Content-Length: 1104
        Connection: close
        Content-Type: text/html

貌似没什么有用的信息
看下目录下有没有东西
我用的是dirmap

python3 dirmap.py -i 192.168.1.8 -lcf

找到的页面

[200][text/html<

最低0.47元/天解锁文章

尸者狗

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Vulnhub靶机系列：pWnOS: 1.0

https://www.hackingarticles.in/hack-the-pwnos-1-0-boot-to-root/文章目录靶机地址利用知识信息收集Getshell提权靶机地址https://www.vulnhub.com/entry/pwnos-10,33/tip：如果Vmware在首次引导时询问您是复制还是移动了该虚拟机，请单击MOVED！否则，网络设置可能会混乱。利用知识...
复制链接

扫一扫

专栏目录