Description
A VERY beginner friendly box with a LOT of hand holding.
Once the system grabs an IP, head straight to the web port before scanning.
You will find your first set of instructions which starts the guided process.
Created in Virtualbox.
Goal: Get the root flag.
Your feedback is appreciated -- Twitter: @iamv1nc3nt
靶机:192.168.34.164
跟着指引:在扫描前直接访问web端口。
右键查看源码
查看/rambo.html
namp端口扫描和nikto漏洞扫描
使用nmap:nmap -A -p- 192.168.34.164
nikto:./nikto.pl -host http://192.168.34.164
查看/johnnyrambo/
cewl生成字典
cewl:cewl http://192.168.34.164/johnnyrambo/ -w dict.txt
访问ssh.html
hydra暴力破解
hydra:hydra -l johnny -P ./dict.txt 192.168.34.164 -s 60022 ssh
ssh连接
查看家目录,读取文件
·cat /etc/nginx/sites-enabled/default | grep -v "#"
·cd /var/www/html
·find / -type f -readable 2>/dev/null | grep README.txt
发现账号密码
切换用户,查看家目录下的README.txt
查看家目录下的另一个用户,可以看到firstblood 没有权限
查看文件README.txt没有权限
使用sudo -l
用sly的身份去查看文件
切换用户,发现ftp
ftp利用
提权