vulnhub靶机实战_DC-5-阿里云开发者社区

vulnhub靶机实战_DC-5

2025-09-17 11

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

本文涉及的产品

多模态交互后付费免费试用，全链路、全Agent

简介： 本教程介绍如何下载并配置DC-5靶机进行安全测试。内容包括靶机下载链接、VMware导入步骤、网络设置及Nmap扫描分析，帮助快速搭建渗透测试环境。

下载

靶机下载链接汇总：https://download.vulnhub.com/
使用搜索功能，搜索dc类型的靶机即可。
本次实战使用的靶机是：DC-5
系统：Debian
下载链接：https://download.vulnhub.com/dc/DC-5.zip

启动

下载完成后，打开VMware软件，通过左上角文件打开，将ova文件导入，导入完成后将网络连接方式修改为NAT。
启动成功图

扫描分析

本次实践ip网段为：192.168.198.0/24 攻击机IP为：192.168.198.129
未启动靶机扫描网段

nmap -sP 192.168.198.0/24
# 结果
# Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-06 14:10 CST
# Nmap scan report for 192.168.198.1
# Host is up (0.00020s latency).
# MAC Address: 00:50:56:C0:00:08 (VMware)
# Nmap scan report for 192.168.198.2
# Host is up (0.00020s latency).
# MAC Address: 00:50:56:F7:F2:9C (VMware)
# Nmap scan report for 192.168.198.254
# Host is up (0.00012s latency).
# MAC Address: 00:50:56:E7:6F:81 (VMware)
# Nmap scan report for 192.168.198.129
# Host is up.
# Nmap done: 256 IP addresses (4 hosts up) scanned in 2.03 seconds

启动靶机扫描网段

得到靶机IP：192.168.198.134

nmap -sP 192.168.198.0/24
# 结果
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-06 14:11 CST
Nmap scan report for 192.168.198.1
Host is up (0.00018s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.198.2
Host is up (0.00017s latency).
MAC Address: 00:50:56:F7:F2:9C (VMware)
Nmap scan report for 192.168.198.134
Host is up (0.00022s latency).
MAC Address: 00:0C:29:CD:6E:79 (VMware)
Nmap scan report for 192.168.198.254
Host is up (0.00017s latency).
MAC Address: 00:50:56:E7:6F:81 (VMware)
Nmap scan report for 192.168.198.129
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 1.92 seconds
┌──(root㉿kali)-[/home/varin]

扫描靶机基本信息

开放端口：111 、80、33830
开放服务：http
中间件服务：nginx/1.6.2

nmap -A -v -p 1-65535 -T4  --script=vuln 192.168.198.134
 
# 结果
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-06 14:13 CST
NSE: Loaded 150 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:13
NSE Timing: About 50.00% done; ETC: 14:14 (0:00:31 remaining)
Completed NSE at 14:13, 34.02s elapsed
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
Pre-scan script results:
| broadcast-avahi-dos:
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Initiating ARP Ping Scan at 14:13
Scanning 192.168.198.134 [1 port]
Completed ARP Ping Scan at 14:13, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:13
Completed Parallel DNS resolution of 1 host. at 14:13, 0.00s elapsed
Initiating SYN Stealth Scan at 14:13
Scanning 192.168.198.134 [65535 ports]
Discovered open port 111/tcp on 192.168.198.134
Discovered open port 80/tcp on 192.168.198.134
Discovered open port 33830/tcp on 192.168.198.134
Completed SYN Stealth Scan at 14:13, 1.93s elapsed (65535 total ports)
Initiating Service scan at 14:13
Scanning 3 services on 192.168.198.134
Completed Service scan at 14:14, 11.02s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.198.134
NSE: Script scanning 192.168.198.134.
Initiating NSE at 14:14
Completed NSE at 14:15, 64.37s elapsed
Initiating NSE at 14:15
Completed NSE at 14:15, 0.02s elapsed
Nmap scan report for 192.168.198.134
Host is up (0.00042s latency).
Not shown: 65532 closed tcp ports (reset)
PORT      STATE SERVICE VERSION
80/tcp    open  http    nginx 1.6.2
|_http-dombased-xss: Couldn't find any DOM based XSS.
| vulners:
|   cpe:/a:igor_sysoev:nginx:1.6.2:
|       EDB-ID:40768    7.8     https://vulners.com/exploitdb/EDB-ID:40768      *EXPLOIT*
|       SSV:92538       7.2     https://vulners.com/seebug/SSV:92538    *EXPLOIT*
|       PRION:CVE-2016-1247     7.2     https://vulners.com/prion/PRION:CVE-2016-1247
|_      1337DAY-ID-26345        7.2     https://vulners.com/zdt/1337DAY-ID-26345        *EXPLOIT*
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: nginx/1.6.2
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.198.134
|   Found the following possible CSRF vulnerabilities:
|
|     Path: http://192.168.198.134:80/contact.php
|     Form id: fname
|_    Form action: thankyou.php
111/tcp   open  rpcbind 2-4 (RPC #100000)
| rpcinfo:
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|   100000  3,4          111/udp6  rpcbind
|   100024  1          33830/tcp   status
|   100024  1          36704/tcp6  status
|   100024  1          52821/udp6  status
|_  100024  1          54900/udp   status
33830/tcp open  status  1 (RPC #100024)
MAC Address: 00:0C:29:CD:6E:79 (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Uptime guess: 199.639 days (since Sun Nov 19 22:54:53 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE
HOP RTT     ADDRESS
1   0.42 ms 192.168.198.134
NSE: Script Post-scanning.
Initiating NSE at 14:15
Completed NSE at 14:15, 0.00s elapsed
Initiating NSE at 14:15
Completed NSE at 14:15, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 113.41 seconds
           Raw packets sent: 65558 (2.885MB) | Rcvd: 65550 (2.623MB)

vulnhub靶机实战_DC-5

下载

启动

扫描分析

阿里云百炼

热门文章

最新文章

相关电子书