BIZARRE ADVENTURE: STICKY FINGERS of VulnHub Shooting Range
Scanning IP and port:
access to port 80, nothing, directory scanning, similar to the previous one~~:
access to flag.txt.txt:
similar to two user names, ,, after flipping the images directory, I found that there is a two-dimensional Code, scan, it’s another youtube video.
Open it and see, there is nothing,,,, what the title is, don’t give up what,,,
then it can only be the same as before, blasting the username and password,,,,
OK Use hydra:
hydra -l zipperman -P $pass_list 192.168.1.16 http-post-form "/admin/index.php:username=Zipperman&pass=^PASS^:Login Failed" -t 64
You can also use bp, I don’t know that it’s more efficient,
because rockyou.txt has more than 10 million,,,, bp takes a long time to load the dictionary and choose to use hydra
After bursting for about an hour, the password was burst, login:
get new information, decrypt:
continue to decode, look like hexadecimal, 64 bits, can’t solve it, search it:
throw it to somd5 to decrypt it and get it 1Password1*:
use this password Successfully logged in to the bucciarati user:
Cannot run sodu,,, check the user, there is only one file, and there is nothing:
check the kernel:
go to searchsploit to search:
copy to the local, open the service:
download and run, it seems that the vulnerability does not exist, Change one:
find one:
Download the file directly:
Run to get root permission:
Read the flag:
summary
Starting with blasting, it took too long, but I can’t give up,,, and the escalation of rights. Although there was an error, it was done
. !