Windy's little blog

一切生活中的杂七杂八, and I like CTF.

HackMyVm Speed Walkthrough

Another interesting machine from HackMyVm, can be download here.


Nmap scan ports, find 22,80,7080 and 8088.

图片.png


Port 80 is a service named "sar2html".

图片.png


Port 7080 is OpenLiteSpeed Control Panel.

图片.png


Port 8088 is a sample site of OpenLiteSpeed.

图片.png


Search the vulnerability of sar2html.

图片.png


Use the POC code to get reverse shell.

图片.png


Find the password of OpenLiteSpeed admin.

图片.png


Login OpenLiteSpeed control panel.

图片.png


Search OpenLiteSpeed vulnerability.

图片.png'


Check the 2nd vuln which needs Authenticated.

图片.png


Follow the steps, remember to set the value in red square.

图片.png


Now we are nobody:root.

图片.png


Generate a new user with root perm, write to /etc/passwd, su to the new user, done!

图片.png


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.7.0