Security vulnerability testing of VulnHub (1) 01/19 Update SLTechnology News&Howtos

Security vulnerability testing of VulnHub (1)

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Brief introduction

Download link: https://www.vulnhub.com/entry/tophatsec-freshly,118/

Caption: the goal of this challenge is to break into the machine through the network and discover secrets hidden in sensitive files. If you can find the secret, send me an email to verify it. :) there are several different ways, you can use this. Good luck! Just download and import the OVA file into VILALBOX!

Target: get sensitive files

Operating environment: it is recommended to use kali as a × × machine on vmware, and the target machine runs under virtualbox. At the same time, you should pay attention to it under the same network card, otherwise it is impossible to communicate.

Note: the IP is not marked when the target is started, so you should pay attention to the distinction when scanning.

Information collection:

A wave of port scanning

It is found here that port 80443 and 8080, respectively, visit

Port 80:

Port 443:

Port 8080:

When wordpress is found, leak scan is carried out by using the scanning wordpress tool included in kali.

Execute the command: wpscan-- url http://192.168.0.103:8080/wordpress/

Found several plug-in security problems, the problem is not big, thinking that the previous port 80 is open, so use dirb to detect the directory

Found phpmyadmin.

After entering a few weak passwords, I feel that this is not the problem.

Sacrifice the artifact nikto

Found login.php.

Here I use sqlmap to test it.

Execute the command: sqlmap-u "http://192.168.0.103/login.php"-- forms-- level 3

There is sql injection

After routine operation, the login account and password of wordpress backend are revealed.

That's when I thought of wordpress backstage getshell.

Successfully log in backstage

There are two methods for wordpress background getshell

The first is to find a php file that you can edit and write a sentence in it.

The second is to write a sentence into a folder and upload it in .zip format.

Here I use the first way to write a sentence on the 404 page.

Link with a kitchen knife after saving

In this way, you will get the shell and the sensitive information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.