# 随笔

## 技术

2020-02-29   1.8k

# VulnHub::DigitalWorld.Local:JOY Walkthrough

## 0x01 Introduction

Does penetration testing spark joy? If it does, this machine is for you.

This machine is full of services, full of fun, but how many ways are there to align the stars? Perhaps, just like the child in all of us, we may find joy in a playground such as this.

This is somewhat OSCP-like for learning value, but is nowhere as easy to complete with an OSCP exam timeframe. But if you found this box because of preparation for the OSCP, you might as well try harder. 😃

If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Joy is (#1): https://www.youtube.com/watch?v=9AvWs2X-bEA, (#2): something that should be replicated, (#3): what happens when you clean out seemingly “hidden” closets.

Note: There are at least two reliable ways of obtaining user privileges and rooting this machine. Have fun. 😃

Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment.

## 0x02 Tools and Tips

Scanning

• Nmap

Enumeration

Exploit

• Exploit proftpd using Metasploit

Privilege Escalation

• Sudo right

## 0x03 Pentesting

telnet和ftp命令的区别：

telnet连接后，用户主机实际成为远程TELNET服务器的一个虚拟终端（或称是哑终端），一切服务完全在远程服务器上执行，但用户决不能从远程服务器中下载或上传文件，或拷贝文件到用户主机中来。

ftp则不同，它是采用客户机/服务器模式，用户能够操作FTP服务器中的目录，上传或下载文件，但用户不能请求服务器执行某个文件。

version_control文件如下：

1. 利用/home/patrick/script/test的脚本文件来更改/etc/passwd的权限，进而修改patrick用户的权限；

2. 上传自己编写的脚本至相同的目录。这里就文字叙述一下具体过程：

a) 首先在本机上编写Shell脚本echo "awk 'BEGIN {system(\"/bin/bash\")}'" > test

b) 再使用ftp上传到upload目录：

c) 再使用telnet传入到/home/patrick/script

d) 再执行test文件sudo /home/patrick/script/test