Emma
备注
[Linux VM] [Tested on VirtualBox] created by || sml
⏲️ Release Date // 2021-02-04
✔️ MD5 // 43b7626e2d43405be800ca0c0abb30b6
☠ Root // 50
💀 User // 55
📝Notes // Hack and Fun!
靶机启 动
靶机 IP
192.168.56.113
nmap 信息搜集
22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 4a:4c:af:92:cc:bb:99:59:d7:2f:1b:99:fb:f1:7c:f0 (RSA)
| 256 ba:0d:85:69:43:86:c1:91:7c:db:2a:1e:34:ab:68:1e (ECDSA)
|_ 256 a1:ac:2c:ce:f4:07:da:96:12:74:d1:54:9e:f7:09:04 (ED25519)
80/tcp open http nginx 1.14.2
|_http-server-header: nginx/1.14.2
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
web 服务
尝试直接目录爆破
[10:46:34] 200 - 0B - /index.php
[10:46:34] 200 - 0B - /index.php/login/
[10:46:43] 200 - 58KB - /phpinfo.php
[10:46:47] 200 - 15B - /robots.txt
访问 /robots.txt
得到
itwasonlyakiss
访问 /phpinfo.php
,得到以下版本信息
PHP Version 7.1.33dev
根据版本信息进行查找,可以定位到这个漏洞
CVE-2019-11043