CYBERSPLOIT 1
https://download.vulnhub.com/cybersploit/cybersploit.ova
靶场IP:192.168.2.17
扫描对外端口服务
┌──(root㉿kali)-[/tmp]
└─# nmap -p1-65535 -sV 192.168.2.17
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-08 10:33 EDT
Nmap scan report for 192.168.2.17
Host is up (0.000078s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.2.22 ((Ubuntu))
MAC Address: 08:00:27:48:83:0B (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.47 seconds
爆破web目录
┌──(root㉿kali)-[/tmp]
└─# dirb http://192.168.2.17/
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Thu Sep 8 10:35:55 2022
URL_BASE: http://192.168.2.17/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://192.168.2.17/ ----
+ http://192.168.2.17/cgi-bin/ (CODE:403|SIZE:288)
+ http://192.168.2.17/hacker (CODE:200|SIZE:3757743)
+ http://192.168.2.17/index (CODE:200|SIZE:2333)
+ http://192.168.2.17/index.html (CODE:200|SIZE:2333)
+ http://192.168.2.17/robots (CODE:200|SIZE:79)
+ http://192.168.2.17/robots.txt (CODE:200|SIZE:79)
+ http://192.168.2.17/server-status (CODE:403|SIZE:293)
-----------------
END_TIME: Thu Sep 8 10:35:57 2022
DOWNLOADED: 4612 - FOUND: 7
访问80端口
查看页面源代码,找到一个用户名:itsskv
访问/hacker
访问/robots.txt
使用itsskv登录ssh,密码是cybersploit{youtube.com/c/cybersploit}
发现flag2.txt
使用CyberChef解密二进制
使用https://www.exploit-db.com/exploits/37292进行提权
最后更新于
这有帮助吗?