W34kn3ss 1

https://download.vulnhub.com/w34kn3ss/W34KN3SS.ova

靶场IP:192.168.32.13

扫描对外端口服务

┌──(root㉿kali)-[~]
└─# nmap -sV -p1-65535 192.168.32.13
Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-08 21:47 EDT
Nmap scan report for 192.168.32.13
Host is up (0.00015s latency).
Not shown: 65532 closed tcp ports (reset)
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp  open  http     Apache httpd 2.4.29 ((Ubuntu))
443/tcp open  ssl/http Apache httpd 2.4.29 ((Ubuntu))
MAC Address: 08:00:27:66:B1:7A (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.74 seconds

访问80端口

image-20220909094915952

爆破目录

逐一查看这些目录,没有看到有用的东西。

QQ录屏20220909095520

查看证书,发现一个域名,做本地hosts

image-20220909100102248

访问域名出现小兔子

image-20220909100344657

重新爆破目录

下载mykey.pub

image-20220909100507567

查找漏洞

下载exp

搜索私钥

使用私钥登录root用户,发现失败

查看证书,找到一个用户名:n30

image-20220909102217296

登录成功

没有sudo列表

执行code

下载code到本地

安装uncompyle6

逆向pyc

找到n30密码

image-20220909103402778

sudo

image-20230208161234230
上一页VulnOS 2下一页Wallaby's Nightmare

最后更新于

这有帮助吗?