NoName

https://download.vulnhub.com/haclabs/HL.ova

靶场IP:192.168.32.22

扫描对外端口服务

┌──(root㉿kali)-[~]
└─# nmap -sV -p1-65535 192.168.32.22 
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-14 00:28 EDT
Nmap scan report for 192.168.32.22
Host is up (0.00017s latency).
Not shown: 65534 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
MAC Address: 08:00:27:74:12:22 (Oracle VirtualBox virtual NIC)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.55 seconds

访问80端口,但是无法执行ping命令。

image-20220914122855710

爆破目录,找到:/superadmin.php

访问:/superadmin.php

image-20220914123259003

执行命令

image-20220914123334005

查看superadmin.php源码,开源发现有些命令会被过滤。

使用base64绕过

image-20220914124215641

有隐藏文件

image-20220914133210504

找属于yash用户的文件

切换到haclabs用户

查看sudo列表

image-20220914133509818

sudo提权

image-20230208154353306
上一页Node 1下一页NullByte

最后更新于

这有帮助吗?