Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Interpret it!
Search
Bo0oM
August 15, 2020
Research
0
1.1k
Interpret it!
Let's look at the source code that wasn't interpriposed.
Bo0oM
August 15, 2020
Tweet
Share
More Decks by Bo0oM
See All by Bo0oM
Носок на сок
bo0om
0
1.3k
Выйди и зайди нормально
bo0om
0
52
Защита от вредоносной автоматизации сегодня
bo0om
0
560
Defending against automatization using nginx
bo0om
0
800
Antibot pitch deck
bo0om
0
130
31337
bo0om
0
160
Your back is white
bo0om
0
340
FTP2RCE
bo0om
1
7.4k
At Home Among Strangers
bo0om
1
3.8k
Other Decks in Research
See All in Research
Remote Sensing Vision-Language Foundation Models without Annotations via Ground Remote Alignment
satai
3
440
CSP: Self-Supervised Contrastive Spatial Pre-Training for Geospatial-Visual Representations
satai
3
140
JSAI NeurIPS 2024 参加報告会(AI アライメント)
akifumi_wachi
5
980
SI-D案内資料_京都文教大学
ryojitakeuchi1116
0
1.3k
3D Gaussian Splattingによる高効率な新規視点合成技術とその応用
muskie82
0
660
rtrec@dbem6
myui
6
760
Scale-Aware Recognition in Satellite images Under Resource Constraints
satai
3
200
Data-centric AI勉強会 「ロボットにおけるData-centric AI」
haraduka
0
590
RapidPen: AIエージェントによるペネトレーションテスト 初期侵入全自動化の研究
laysakura
0
700
博士論文公聴会: Scaling Telemetry Workloads in Cloud Applications: Techniques for Instrumentation, Storage, and Mining / PhD Defence
yuukit
1
130
さくらインターネット研究所 アップデート2025年
matsumoto_r
PRO
0
540
データサイエンティストの採用に関するアンケート
datascientistsociety
PRO
0
660
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.2k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
800
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
179
53k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.7k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
430
RailsConf 2023
tenderlove
30
1.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
329
24k
Transcript
How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch> …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn