HackMyVm Speed Walkthrough

Another interesting machine from HackMyVm, can be download here.


Nmap scan ports, find 22,80,7080 and 8088.

图片.png


Port 80 is a service named "sar2html".

图片.png


Port 7080 is OpenLiteSpeed Control Panel.

图片.png


Port 8088 is a sample site of OpenLiteSpeed.

图片.png


Search the vulnerability of sar2html.

图片.png


Use the POC code to get reverse shell.

图片.png


Find the password of OpenLiteSpeed admin.

图片.png


Login OpenLiteSpeed control panel.

图片.png


Search OpenLiteSpeed vulnerability.

图片.png'


Check the 2nd vuln which needs Authenticated.

图片.png


Follow the steps, remember to set the value in red square.

图片.png


Now we are nobody:root.

图片.png


Generate a new user with root perm, write to /etc/passwd, su to the new user, done!

图片.png


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年12月    »
1234
567891011
12131415161718
19202122232425
262728293031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2