OSCP官方靶场-Blogger WP

OSCP靶场Blogger_WP渗透过程

最新推荐文章于 2025-12-05 17:21:44 发布

原创

最新推荐文章于 2025-12-05 17:21:44 发布 · 1.1k 阅读

16 ·

CC 4.0 BY-SA版权

文章标签：

#web安全 #安全 #服务器 #数据库 #php

关注泷羽Sec和泷羽Sec-静安公众号，这里会定期更新与 OSCP、渗透测试等相关的最新文章，帮助你理解网络安全领域的最新动态。后台回复“OSCP配套工具”获取本文的工具

官网打开靶场或链接地址下载虚拟镜像：

https://www.vulnhub.com/entry/blogger-1,675/

信息收集

# Kali攻击机地址
192.168.45.205
# 靶机地址
192.168.185.217

扫描端口和目录

# 设置MTU
sudo ip link set dev tun0 mtu 1250
ip link show tun0
# 扫描端口
ports=$(sudo nmap -p- --min-rate=5000 -Pn 192.168.185.217 | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
echo $ports
# 扫描服务
sudo nmap -sT -sC -sV -O -Pn -p$ports 192.168.185.217
sudo nmap --script=vuln -p$ports -Pn 192.168.185.217
# 扫描目录
dirsearch -u http://192.168.185.217/ -x 302,403  -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
whatweb http://192.168.185.217/

扫描结果如下：

┌──(kali㉿kali)-[~/Desktop/Blogger]
└─$ echo $ports
22,80

┌──(kali㉿kali)-[~/Desktop/Blogger]
└─$ sudo nmap -sT -sC -sV -O -Pn -p$ports 192.168.185.217
Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-02 07:28 EDT
Nmap scan report for bogon (192.168.185.217)
Host is up (0.21s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 95:1d:82:8f:5e:de:9a:00:a8:07:39:bd:ac:ad:d3:44 (RSA)
|   256 d7:b4:52:a2:c8:fa:b7:0e:d1:a8:d0:70:cd:6b:36:90 (ECDSA)
|_  256 df:f2:4f:77:33:44:d5:93:d7:79:17:45:5a:a1:36:8b (ED25519)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.10 - 4.11, Linux 3.2 - 4.14
Network Distance: 4 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 81.61 seconds

┌──(kali㉿kali)-[~/Desktop/Blogger]
└─$ sudo nmap --script=vuln -p$ports -Pn 192.168.185.217
Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-02 07:30 EDT
Nmap scan report for bogon (192.168.185.217)
Host is up (0.20s latency).

PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS


[09:06:19] Starting:
[09:06:26] 301 -  319B  - /images  ->  http://192.168.185.217/images/
[09:06:48] 301 -  319B  - /assets  ->  http://192.168.185.217/assets/
[09:07:01] 301 -  316B  - /css  ->  http://192.168.185.217/css/
[09:07:20] 301 -  315B  - /js  ->  http://192.168.185.217/js/

┌──(kali㉿kali)-[~/Desktop/Blogger]
└─$ whatweb http://192.168.185.217/
http://192.168.185.217/ [200 OK] Apache[2.4</