Vulnhub shenron: 2 Walkthrough

https://www.vulnhub.com/entry/shenron-2,677/


Scan ports.

图片.png


Scan port 80, nothing useful.

图片.png


Scan 8080, looks like a wordpress site.

图片.png


Check source code of index.php, in order to make wordpress works,  need to add http://shenron to /etc/hosts.

图片.png



Wpscan found a plugin with LFI.

wpscan --url http://shenron:8080 -e u,p  --no-banner --api-token $(cat /home/kali/Documents/wpscan_token)

图片.png


Seach database for information.

图片.png


In 44340.txt, found the poc.

图片.png


Use LFI code to read /etc/passwd, found user jenny and shenron.

图片.png


Bruteforce get jenny's passwd.

图片.png


Ssh log in as jenny, check SUID file.

find / -perm -u=s 2>/dev/null

图片.png

Disassemble Execute, found the actural bash code it run.

图片.png


In /mnt, run ./bash -p, now we are shenron.

图片.png


In shenron's home folder, found a .pass file. Decrypt it with base32.

图片.png


Sudo -l, we can do anything. Get root finally.

图片.png



发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年5月    »
1
2345678
9101112131415
16171819202122
23242526272829
3031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2