Sar:1

https://download.vulnhub.com/sar/sar.zip

靶场IP:192.168.32.213

扫描对外端口服务

┌──(root💀kali)-[/tmp]
└─# nmap -p 1-65535 -sV  192.168.32.213
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-08 02:01 EDT
Nmap scan report for 192.168.32.213
Host is up (0.00068s latency).
Not shown: 65534 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
MAC Address: 00:0C:29:78:62:14 (VMware)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.03 seconds

访问80端口

image-20220908140138590

爆破目录

访问/robots.txt,找到一个目录sar2HTML

image-20220908143358570

访问/sar2HTML

image-20220908143431828

搜索漏洞

查看漏洞信息

按照文档提示成功执行命令

image-20220908144255412

下载webshell

连接成功

image-20220908144539118

使用LinEnum.sh查看靶场可利用的点。找到计划任务

image-20220908145143311

查看计划任务的脚本

写入反弹shell

等待五分钟执行计划任务就可以看到反弹成功。

上一页RICKDICULOUSLYEASY 1下一页Sedna

最后更新于

这有帮助吗?