博客

Vulnhub靶机系列:pWnOS: 1.0

  • Post author:
  • Post category:其他


文章目录



靶机地址


https://www.vulnhub.com/entry/pwnos-10,33/


tip:

如果Vmware在首次引导时询问您是复制还是移动了该虚拟机,请单击我已移动!否则,网络设置可能会混乱。



利用知识

SSH、LFI、脏牛(dirty cow)、dirmap、whatweb、goby、nmap、john、searchsploit等工具的使用



信息收集并getshell

导入虚拟机后–因为原设置为桥接所以设置里更改网卡–重启 

netdiscover

在这里插入图片描述

很明显靶机地址为192.168.1.8

访问一下web页面

在这里插入图片描述

在这里插入图片描述

感觉没什么特殊的提示

看下网站的技术,我习惯用whatweb 

whatweb -v http://192.168.1.8/index1.php?help=true&connect=true
WhatWeb report for http://192.168.1.8/index1.php?help=true
Status    : 200 OK
Title     : <None>
IP        : 192.168.1.8
Country   : RESERVED, ZZ

Summary   : Apache[2.2.4], X-Powered-By[PHP/5.2.3-1ubuntu6], HTTPServer[Ubuntu Linux][Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6], PHP[5.2.3-1ubuntu6][/var/www/index1.php]

Detected Plugins:
[ Apache ]
        The Apache HTTP Server Project is an effort to develop and 
        maintain an open-source HTTP server for modern operating 
        systems including UNIX and Windows NT. The goal of this 
        project is to provide a secure, efficient and extensible 
        server that provides HTTP services in sync with the current 
        HTTP standards. 

        Version      : 2.2.4 (from HTTP Server Header)
        Google Dorks: (3)
        Website     : http://httpd.apache.org/

[ HTTPServer ]
        HTTP server header string. This plugin also attempts to 
        identify the operating system from the server header. 

        OS           : Ubuntu Linux
        String       : Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6 (from server string)

[ PHP ]
        PHP is a widely-used general-purpose scripting language 
        that is especially suited for Web development and can be 
        embedded into HTML. This plugin identifies PHP errors, 
        modules and versions and extracts the local file path and 
        username if present. 

        Filepath     : /var/www/index1.php
        Version      : 5.2.3-1ubuntu6
        Version      : 5.2.3-1ubuntu6
        Google Dorks: (2)
        Website     : http://www.php.net/

[ X-Powered-By ]
        X-Powered-By HTTP header 

        String       : PHP/5.2.3-1ubuntu6 (from x-powered-by string)

HTTP Headers:
        HTTP/1.1 200 OK
        Date: Sat, 28 Mar 2020 19:52:32 GMT
        Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
        X-Powered-By: PHP/5.2.3-1ubuntu6
        Content-Length: 1104
        Connection: close
        Content-Type: text/html

貌似没什么有用的信息

看下目录下有没有东西

我用的是


版权声明:本文为Alexhcf原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。