vulnhub靶机-DC2-Writeup

最新推荐文章于 2025-04-06 20:59:00 发布

原创

最新推荐文章于 2025-04-06 20:59:00 发布 · 739 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#linux #安全 #靶机 #渗透测试 #安全漏洞

本文档详细记录了在Vulnhub靶机DC2上的渗透测试过程，包括部署、信息收集和漏洞利用。通过nmap扫描发现80端口和7744端口开放，利用WordPress和SSH服务获取多个flag，最终通过git命令提权获得root权限。

0x01 部署

靶机地址：

https://www.vulnhub.com/entry/dc-2,311/

DESCRIPTION

Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.

As with the original DC-1, it’s designed with beginners in mind.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

Just like with DC-1, there are five flags including the final flag.

And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.

In short, the only flag that really counts, is the final flag.

For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.

I haven’t explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.

根据靶机说明，需要找到5个flag

下载镜像, 使用vmware打开, 网络选择NAT模式

0x02 信息收集

nmap扫描网段

nmap -sP 192.168.190.0/24

在这里插入图片描述
发现目标IP:`192.168.190.138

进一步扫描端口

nmap -T5 -A -v -p-  192.168.190.138

扫描结果：

Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-14 17:11 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating

最低0.47元/天解锁文章