SECARMY VILLAGE: GRAYHAT CONFERENCE vulnhub walkthrough

SECARMY VILLAGE: GRAYHAT CONFERENCE

虚拟机地址：https://download.vulnhub.com/secarmyvillage/SECARMY-VILLAGE-OSCP-GIVEAWAY.ova

主机探测、端口扫描这里就省略了，每次都写显得冗余了。

flag1

访问80端口，没有什么有价值信息，先dirb跑一下目录

---- Scanning URL: http://192.168.132.141/ ----
==> DIRECTORY: http://192.168.132.141/anon/                                                                           
+ http://192.168.132.141/index.html (CODE:200|SIZE:267)                                                               
==> DIRECTORY: http://192.168.132.141/javascript/                                                                     
+ http://192.168.132.141/server-status (CODE:403|SIZE:280)                                                            

进入到anon目录，查看页面元素，获取到第一个用户口令，ssh登录获取到flag1。

Welcome to the hidden directory! <br>
<br>
Here are your credentials to make your way into the machine!
<br>
<br>
<font color="white">uno:luc10r4m0n</font>

kali@kali:~$ ssh uno@192.168.132.141
The authenticity of host '192.168.132.141 (192.168.132.141)' can't be established.
ECDSA key fingerprint is SHA256:+KBxMeqxgG6NngNoJwwS2riM4d1vvmOUVunnIyNS8I8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.132.141' (ECDSA) to the list of known hosts.
uno@192.168.132.141's password: 
 ________  _______   ________  ________  ________  _____ ______       ___    ___ 
|\   ____\|\  ___ \ |\   ____\|\   __  \|\   __  \|\   _ \  _   \    |\  \  /  /|
\ \  \___|\ \   __/|\ \  \___|\ \  \|\  \ \  \|\  \ \  \\\__\ \  \   \ \  \/  / /
 \ \_____  \ \  \_|/_\ \  \    \ \   __  \ \   _  _\ \  \\|__| \  \   \ \    / / 
  \|____|\  \ \  \_|\ \ \  \____\ \  \ \  \ \  \\  \\ \  \    \ \  \   \/  /  /  
    ____\_\  \ \_______\ \_______\ \__\ \__\ \__\\ _\\ \__\    \ \__\__/  / /    
   |\_________\|_______|\|_______|\|__|\|__|\|__|\|__|\|__|     \|__|\___/ /     
   \|_________|                                                     \|___|/