hackmyvm Dejavu靶机复盘
难度-Easy
hackmyvm Dejavu靶机复盘
网段扫描
1
2
3
4
5
6
7
8
9
root@LingMj:~# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:d1:27:55, IPv4: 192.168.137.190
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.137.1 3e:21:9c:12:bd:a3 (Unknown: locally administered)
192.168.137.64 a0:78:17:62:e5:0a Apple, Inc.
192.168.137.212 3e:21:9c:12:bd:a3 (Unknown: locally administered)
3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.033 seconds (125.92 hosts/sec). 3 responded
端口扫描
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
root@LingMj:~# nmap -p- -sV -sC 192.168.137.212
Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-21 14:45 EDT
Nmap scan report for dejavu.mshome.net (192.168.137.212)
Host is up (0.010s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 48:8f:5b:43:62:a1:5b:41:6d:7b:6e:55:27:bd:e1:67 (RSA)
| 256 10:17:d6:76:95:d0:9c:cc:ad:6f:20:7d:33:4a:27:4c (ECDSA)
|_ 256 12:72:23:de:ef:28:28:9e:e0:12:ae:5f:37:2e:ee:25 (ED25519)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 3E:21:9C:12:BD:A3 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in -28774.22 seconds
获取webshell
大小不对
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
4,8d3
< <!--
< Modified from the Debian original for Ubuntu
< Last updated: 2016-11-16
< See: https://launchpad.net/bugs/1288690
< -->
11c6
< <title>Apache2 Ubuntu Default Page: It works</title>
---
> <title>Apache2 Debian Default Page: It works</title>
196c191
< <img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
---
> <img src="/icons/openlogo-75.png" alt="Debian Logo" class="floating_element"/>
198c193
< Apache2 Ubuntu Default Page
---
> Apache2 Debian Default Page
229,231c224
< operation of the Apache2 server after installation on Ubuntu systems.
< It is based on the equivalent page on Debian, from which the Ubuntu Apache
< packaging is derived.
---
> operation of the Apache2 server after installation on Debian systems.
252c245
< Ubuntu's Apache2 default configuration is different from the
---
> Debian's Apache2 default configuration is different from the
254c247
< interaction with Ubuntu tools. The configuration system is
---
> interaction with Debian tools. The configuration system is
263c256
< The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
---
> The configuration layout for an Apache2 web server installation on Debian systems is as follows:
334c327
< By default, Ubuntu does not allow access through the web browser to
---
> By default, Debian does not allow access through the web browser to
343c336
< The default Ubuntu document root is <tt>/var/www/html</tt>. You
---
> The default Debian document root is <tt>/var/www/html</tt>. You
355,357c348,350
< Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
< Apache2 package with Ubuntu. However, check <a
< href="https://bugs.launchpad.net/ubuntu/+source/apache2"
---
> Please use the <tt>reportbug</tt> tool to report bugs in the
> Apache2 package with Debian. However, check <a
> href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0"
那没事了,哈哈哈
没扫描的东西我怀疑是php魔术块了
算了等扫描了
这个是什么东西没懂
没有wfuzz目录也没有东西了,难道有是ssh
都不行么,双写什么的了
差点忘了这个了
没生成怎绕过
这个可以
好了随便拿个shell
提权
这样就简单了
等一下时间看看定时任务,没成功
完成然后,最近大佬复盘说有个新方案我复现玩玩
有报错的
我研究研究为啥没成功
还是有这个问题
好了,大佬的方案很有意思
userflag:HMV{c8b75037150fbdc49f6c941b72db0d7c}
rootflag:HMV{c62d75d636f66450980dca2c4a3457d8}
这里感谢一下这台kali,劳苦功高,但是环境已经有很多地方坏掉我修不好了所以给他删了,给它记三等功
This post is licensed under CC BY 4.0 by the author.