FirstBlood of VulnHub Shooting Range: 1
Scan IP and port:
Come as usual, first visit page 80, be more careful, you can find hint:
View source code:
visit:
scan, get a directory visit:
commands are written for you~~ Generate dictionary:
visit ssh .html, blasting commands are written for you, it’s really friendly for novices~~
First generate a dictionary:
blasting, get ssh password johnny/Vietnam
:
ssh login~
sudo -l check:
it seems useless,,, , Find that README.txt gets a new prompt, tell us to move to the web directory to see:
Reach the web directory:
there is a new prompt, just follow the prompt to run the command:
access to get the new user password blood/HackThePlanet2020!!
:
switch user, sudo -l :
View the file, no permission, use sudo to view the file as sly, get new password:
switch user, sudo -l view: go
directly to gtfobin and search for ftp privilege escalation method:
privilege escalation success:
found that it cannot be cd to root, Use sudo ftp to solve:
read the flag:
summary
The difficulty is not too big, he will prompt you how to operate every step, it is really friendly for novices! ! !
Very suitable for novices to do, okay, there are still some gains,,,