search

Escalate Linux:1

https://download.vulnhub.com/escalatelinux/Escalate_Linux.ova

靶场IP:192.168.32.210

扫描对外端口服务

┌──(root💀kali)-[/tmp]
└─# nmap -p 1-65535 -sV  192.168.32.210                                                                                                                                                                                                
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-07 04:09 EDT
Nmap scan report for 192.168.32.210
Host is up (0.00057s latency).
Not shown: 65526 closed tcp ports (reset)
PORT      STATE SERVICE     VERSION
80/tcp    open  http        Apache httpd 2.4.29 ((Ubuntu))
111/tcp   open  rpcbind     2-4 (RPC #100000)
139/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
2049/tcp  open  nfs_acl     3 (RPC #100227)
33923/tcp open  nlockmgr    1-4 (RPC #100021)
35631/tcp open  mountd      1-3 (RPC #100005)
38897/tcp open  mountd      1-3 (RPC #100005)
48591/tcp open  mountd      1-3 (RPC #100005)
MAC Address: 00:0C:29:07:33:4C (VMware)
Service Info: Host: LINUX

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.99 seconds

浏览器访问80端口

image-20220907161053736

爆破web目录

扫描发现有一个shell后门。

image-20220907161204802

使用MSF生成payload

需要对payload进行urlencode

image-20220907161836598

访问shell

查找suid文件

image-20220907162038909

提权成功

image-20230208135025760
上一页Election 1下一页EVM 1

最后更新于