vulnhub靶场hacksudo: L.P.E.
0x000 靶场描述
This box created for improvement of Linux privileged escalation skill , I hope so you guys enjoy, hacksudo LPE update will upload soon . This is beta version. The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address. This is the target address based on whatever settings you have. You should verify the address just incase.
Find the root.txt flag submit it to the mybox channel on Discord and get chance to get hacksudo machine hacking course free .
0x001 靶场下载
https://www.vulnhub.com/entry/hacksudo-lpe,698/
0x002 信息收集
探测存活主机
netdiscover -r 192.168.1.0/24
端口扫描
nmap -sS -sV -A -p 1-65535 192.168.1.102
22 ssh
80 http
4200 ssl/http
访问80端口,是一个登陆页面,并且提示账号和密码很容易找到
查看源代码,发现账号密码,成功登陆后台
发现这是一个提权类型的靶场
这里我暂时就演示一个,后面的有时间再看看
提权方法可以查看:https://gtfobins.github.io/gtfobins/apt-get/
apt-get提权
apt-get命令具有root权限并且不需要密码就可以执行
查找提权方法
sudo apt-get changelog apt
回车直接输入!/bin/bash
回车即可提权成功