vulnhub靶机-DC2-Writeup

0x01 部署

靶机地址：

https://www.vulnhub.com/entry/dc-2,311/

DESCRIPTION

Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.

As with the original DC-1, it’s designed with beginners in mind.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

Just like with DC-1, there are five flags including the final flag.

And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.

In short, the only flag that really counts, is the final flag.

For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.

I haven’t explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.

根据靶机说明，需要找到5个flag

下载镜像, 使用vmware打开, 网络选择NAT模式

0x02 信息收集

nmap扫描网段

nmap -sP 192.168.190.0/24

发现目标IP:`192.168.190.138

进一步扫描端口

nmap -T5 -A -v -p-  192.168.190.138

扫描结果：

Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-14 17:11 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating NSE at 17:11
Completed NSE at 17:11, 0.00s elapsed
Initiating ARP Ping Scan at 17:11
Scann