来源: https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
https://github.com/kevinbluett/LotusCMS-Content-Management-System
192.168.1.19
http://192.168.1.19/phpmyadmin
login with username kioptrix, empty password
不过只能看个 information schema, 暂时没有用处
https://web.archive.org/web/20191006051509/https://packetstormsecurity.com/files/122161/LotusCMS-3.0-PHP-Code-Execution.html
LotusCMS 3.0 Eval() Remote Code Execution Exploit.
https://www.exploit-db.com/exploits/18565
LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit)
http://192.168.1.19/phpmyadmin
login with username root, password fuckeyou
ssh login username dreg, password Mast3r
ssh login username loneferret, password starwars
https://stackoverflow.com/a/24664760/2252015
export TERM=xterm
https://www.exploit-db.com/exploits/17083
HT Editor 2.0.18 - File Opening Stack Overflow
https://www.exploit-db.com/exploits/15891
GALLARIFIC PHP Photo Gallery Script - 'gallery.php' SQL Injection
----
1. 好长时间没有做 vulnhub 了, 其实最近一直在刷 attackdefense
2. exploit 使用工具的要求同 OSCP
3. 现阶段的报告能简单就简单一些, 等空下来再完善:)
No comments:
Post a Comment