Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Interpret it!
Search
Bo0oM
August 15, 2020
Research
0
1.1k
Interpret it!
Let's look at the source code that wasn't interpriposed.
Bo0oM
August 15, 2020
Tweet
Share
More Decks by Bo0oM
See All by Bo0oM
Носок на сок
bo0om
0
1.7k
Выйди и зайди нормально
bo0om
0
67
Защита от вредоносной автоматизации сегодня
bo0om
0
570
Defending against automatization using nginx
bo0om
0
820
Antibot pitch deck
bo0om
0
140
31337
bo0om
0
170
Your back is white
bo0om
0
350
FTP2RCE
bo0om
1
7.4k
At Home Among Strangers
bo0om
1
3.9k
Other Decks in Research
See All in Research
数理最適化と機械学習の融合
mickey_kubo
15
8.9k
Self-supervised audiovisual representation learning for remote sensing data
satai
3
230
言語モデルによるAI創薬の進展 / Advancements in AI-Driven Drug Discovery Using Language Models
tsurubee
2
380
2025年度 生成AIの使い方/接し方
hkefka385
1
710
集合間Bregmanダイバージェンスと置換不変NNによるその学習
wasyro
0
110
Looking for Escorts in Sydney?
lunsophia
1
120
Cross-Media Information Spaces and Architectures
signer
PRO
0
230
作業記憶の発達的特性が言語獲得の臨界期を形成する(NLP2025)
chemical_tree
2
610
LLM-as-a-Judge: 文章をLLMで評価する@教育機関DXシンポ
k141303
3
830
電通総研の生成AI・エージェントの取り組みエンジニアリング業務向けAI活用事例紹介
isidaitc
1
660
ウッドスタックチャン:木材を用いた小型エージェントロボットの開発と印象評価 / ec75-sato
yumulab
1
420
20250502_ABEJA_論文読み会_スライド
flatton
0
170
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Into the Great Unknown - MozCon
thekraken
40
1.9k
Thoughts on Productivity
jonyablonski
69
4.7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Agile that works and the tools we love
rasmusluckow
329
21k
For a Future-Friendly Web
brad_frost
179
9.8k
Code Reviewing Like a Champion
maltzj
524
40k
Statistics for Hackers
jakevdp
799
220k
Speed Design
sergeychernyshev
32
1k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Transcript
How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch> …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn