本文档详细记录了在Vulnhub靶机DC2上的渗透测试过程,包括部署、信息收集和漏洞利用。通过nmap扫描发现80端口和7744端口开放,利用WordPress和SSH服务获取多个flag,最终通过git命令提权获得root权限。
0x01 部署
靶机地址:
DESCRIPTION
Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.
As with the original DC-1, it’s designed with beginners in mind.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
Just like with DC-1, there are five flags including the final flag.
And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.
In short, the only flag that really counts, is the final flag.
For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.
I haven’t explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.
根据靶机说明,需要找到5个flag
下载镜像, 使用vmware打开, 网络选择NAT模式
0x02 信息收集
nmap扫描网段
nmap -sP 192.168.190.0/24
发现目标IP:`192.168.190.138
进一步扫描端口
nmap -T5 -A -v -p- 192.168.190.138
扫描结果:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-14 17:11 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating ARP Ping Scan at 17:11
Scann
最低0.47元/天 解锁文章
1131
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
