本文介绍了如何在DC-1渗透测试靶场上进行环境搭建,包括下载、启动和网络设置。通过Nmap扫描获取靶机IP,利用Drupal7漏洞进行MSF渗透,逐步收集信息并提升权限。适合初学者体验和学习渗透测试技巧。
一、环境搭建
1.环境描述
靶场描述
描述:
DC-1 is a purposely built vulnerable lab for the purpose of gaining
experience in the world of penetration testing.Dc-1是一个专门构建的易受攻击的实验室,目的是获得渗透测试领域的经验。
It was designed to be a challenge for beginners, but just how easy it
is will depend on your skills and knowledge, and your ability to
learn.它被设计成对初学者的一个挑战,但是它有多简单取决于你的技能和知识,以及你的学习能力。
To successfully complete this challenge, you will require Linux
skills, familiarity with the Linux command line and experience with
basic penetration testing tools, such as the tools that can be found
on Kali Linux, or Parrot Security OS.要成功完成这个挑战,您需要 Linux 技能、熟悉 Linux 命令行和基本渗透测试工具的经验,例如可以在 Kali Linux 或
Parrot Security OS 上找到的工具。There are multiple ways of gaining root, however, I have included some
flags which contain clues for beginners.有多种获得根的方法,但是,我已经包括了一些标志,其中包含初学者的线索。
There are five flags in total, but the ultimate goal is to find and
read the flag in root’s home directory. You don’t even need to be root
to do this, however, you will require root privileges.总共有五个标志,但最终目标是找到并读取 root 用户主目录中的标志。您甚至不需要成为 root 用户就可以做到这一点,但是,您需要
root 特权。Depending on your skill level, you may be able to skip finding most of
these flags and go straight for root.根据您的技能水平,您可以跳过查找大多数这些标志,直接访问 root 用户。
Beginners may encounter challenges that they have never come across
previously, but a Google search should be all that is required to
obtain the information required to complete this challenge.初学者可能会遇到他们以前从未遇到过的挑战,但是 Google 搜索应该是完成这个挑战所需要的全部信息。
题目描述概括(目标)
共有五个flag,最终目标是找到root用户主目录中的flag。
2. 靶场下载
下载地址
https://www.vulnhub.com/entry/dc-1,292/
3.环境启动
1.解压文件
2.在VMware中打开ova文件
3.接下来选择你想导入的路径,进行导入即可
4.注意 遇到这种报错可以忽略,点
最低0.47元/天 解锁文章
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
