Background Information
vulnhub 地址:
https://www.vulnhub.com/entry/dc-1-1,292/
There are multiple ways of gaining root, however, I have included some flags which contain clues for beginners.
There are five flags in total, but the ultimate goal is to find and read the flag in root's home directory. You don't even need to be root to do this, however, you will require root privileges.
作者说一共有五个flag,有多种方法去提权,我们最终目标是去拿到/root的flag。总的来说,难度不高,适合新人练手。
知识点
CVE-2018-7600 Drupal核心远程代码执行漏洞
drupal配置文件和重置管理员密码
suid提权
Information Gathering
发现主机:192.168.190.147
用masscan快速扫描端口
再用nmap发现更多信息
80端口是drupal 7 服务
111 端口是 rpcbind服务
入侵靶机
寻找drupal 7的漏洞,18年有两个CVE
CVE-2018-7600 Drupal核心远程代码执行漏洞
CVE-2018-7602
在github找到POC脚本
Exploit for Drupal 7
关注
打赏
查看更多评论
立即登录/注册
微信扫码登录