In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article is about how to carry out Freshly- Vulnhub penetration test in CTF TopHatSec. Xiaobian thinks it is quite practical, so share it with you. I hope you can gain something after reading this article. Let's not say much. Let's take a look at it together with Xiaobian.
Vulnhub-TopHatSec: Freshly
Target drone
https://www.vulnhub.com/entry/tophatsec-freshly,118/
operating environment
Virtualbox
VM (run will prompt error, give the resolution link has 404)
description
The goal of this challenge is to break into machines through the network and find secrets hidden in sensitive files. If you can find the secret, send me an email to verify it.:) There are several different ways. Good luck! Just download the OVA file and import it into virtualbox!
set
First open the downloaded ova with virtualbox, then import
service discovery
port scanning
OS identification
Primary port further scan
port 80
8080
WordPress 443 is also here.
Detection of known services
Explore WordPress
Three plug-ins were found to have security issues, but not helpful. While scanning, run 80 and find phpmyadmin and login.php
login.php
Sqlmap for detection
presence injection
view database
Check WordPress8080 library to find WordPress username and password
Log in to the background and change the language to Chinese
Get Shell
Wordpress has two ways to get a shell, one is to add plugins, add the prepared shell to the correct format.zip upload.
There is also a direct editing
I am directly editing, writing the shell to the 404 page
Locally enabled NC monitoring
404 Page Not Found
Check passwd and find permission
The above is how to carry out Freshly- Vulnhub penetration test in CTF TopHatSec. Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
