Vulnhub DOUBLE: 1 Walkthough

https://www.vulnhub.com/entry/double-1,632/


Scan ports opened.

图片.png


Port 8080 need auth, we don't know yet. So we start from port 80.

Check http://url/production.

图片.png


Try to send some cmd, like cmd="id", code="1", then we can see the command we input.

图片.png

Send cmd = <?php system($_GET["cmd"]); ?>, then we get error message.

图片.png

See if we can run the php code.

图片.png


Then we get reverse shell.

图片.png


We need to find the config file about port 8080.

In /etc/apache2/sites-available, we get fox.conf.

图片.png


Check the content of fox.conf, get auth file.

图片.png


Check the auth file.

图片.png


Crack it with john.

图片.png


Log in port 8080 with this creds, we get the same page like port 80 again.

图片.png


We use the method to get a reverse shell, but this time as user "fox".

图片.png


Check SUID file.

图片.png


Get root.

图片.png



发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年12月    »
1234
567891011
12131415161718
19202122232425
262728293031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2