1.Goal
[Description]
Difficulty: Beginner - Intermediate
Boot2root created out of frustration from failing my first OSCP exam attempt.
Aimed at:
1 | > Teaching newcomers the basics of Linux enumeration |
Special thanks to @RobertWinkel @dooktwit for hosting LazySysAdmin at Sectalks Brisbane BNE0x18
[Lore]
LazySysadmin - The story of a lonely and lazy sysadmin who cries himself to sleep
[Hints]
- Enumeration is key
- Try Harder
- Look in front of you
- Tweet @togiemcdogie if you need more hints
[Other]
What could you of done to speed up the enumeration process?
Are there any obvious things that you missed, which you shouldnt of missed?
Did you learn anything interesting?
What have you added to your enumeration process to prevent you from wasting time?
2.Web
发现靶机IP
Nmap扫描
发现开启SMB服务,用smbclient连接靶机,同时进行目录扫描
1 | smbclient //192.168.126.142/share$ |
看到wordpress,进去下载配置文件
找到Mysql配置信息
目录扫描发现有PHPmyadmin,登录进去之后查看wordpress的表,发现权限不够
仔细看发现是PMA的表没有权限查询,尝试直接登录
不允许远程登录
继续在目录里找有用的信息
在deets.txt下发现密码,不过不知道是什么的密码
todolist.txt
在Wordpress里的文章看到的信息
用户名可能是togie,密码是12345
3.Server
ssh连接
查看用户
当前用户用的是rbash,有限制的bash
不过有sudo权限,可以切换为root
