Gaara

https://download.vulnhub.com/gaara/Gaara.ova

靶场IP:192.168.2.6

扫描对外端口服务

┌──(root㉿kali)-[/tmp]
└─# nmap -p1-65535 -sV 192.168.2.6
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-04 09:26 EDT
Nmap scan report for 192.168.2.6
Host is up (0.00016s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
80/tcp open  http    Apache httpd 2.4.38 ((Debian))
MAC Address: 08:00:27:86:6F:1F (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.87 seconds

浏览器访问

image-20220904212823485

爆破web目录,发现/Cryoserver 目录

拖到最下面有三个目录

image-20220904213911398

访问/iamGaara

image-20220904214017563

使用hydra爆破密码

ssh登录

image-20220904214441473

根据提示,找到/usr/local/games目录

image-20220904214559719

发现一个加密字符串文件

使用Brainfuck解密发现,这是一个假的

image-20220904214810981

使用LinPEAS扫描,发现gdb可用.

image-20220904215228385

使用gdb进行提权

上一页FunboxRookie下一页Geisha

最后更新于

这有帮助吗?