Vulnhub靶机系列:SecTalks: BNE0x03 - Simple

本文介绍了如何攻破Vulnhub上的SecTalks BNE0x03靶机,重点在于web基础攻击。通过信息收集,发现了CMS系统Cutephp,利用文件上传漏洞获取了用户shell,接着针对内核版本进行提权,最终达到目标。提权过程虽然艰难,但提供了宝贵的学习经验。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

这次的靶机是vulnhub靶机:SecTalks: BNE0x03 - Simple

靶机地址及相关描述

靶机地址

https://www.vulnhub.com/entry/sectalks-bne0x03-simple,141/

靶机描述

Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.
I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP.

Location

https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 [File size: 600MB]

Hints
  1. Get a user shell by uploading a reverse shell and executing it.
  2. A proxy may help you to upload the file you want, rather than the
    file that the server expects.
  3. There are 3 known privesc exploits that work. Some people have had
    trouble executing one of them unless it was over a reverse shell
    u
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值