Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Interpret it!
Search
Bo0oM
August 15, 2020
Research
0
1.1k
Interpret it!
Let's look at the source code that wasn't interpriposed.
Bo0oM
August 15, 2020
Tweet
Share
More Decks by Bo0oM
See All by Bo0oM
Защита от вредоносной автоматизации сегодня
bo0om
0
530
Defending against automatization using nginx
bo0om
0
790
Antibot pitch deck
bo0om
0
120
31337
bo0om
0
140
Your back is white
bo0om
0
320
FTP2RCE
bo0om
1
7.3k
At Home Among Strangers
bo0om
1
3.8k
2000day in Safari
bo0om
2
2.2k
Partyhack 3.0 - Telegram bugbounty writeup
bo0om
0
4k
Other Decks in Research
See All in Research
新規のC言語処理系を実装することによる 組込みシステム研究にもたらす価値 についての考察
zacky1972
1
340
Poster: Feasibility of Runtime-Neutral Wasm Instrumentation for Edge-Cloud Workload Handover
chikuwait
0
430
CUNY DHI_Lightning Talks_2024
digitalfellow
0
620
DeepSeek-R1の論文から読み解く背景技術
personabb
3
460
Vision Language Modelと完全自動運転AIの最新動向
tsubasashi
1
290
言語モデルによるAI創薬の進展 / Advancements in AI-Driven Drug Discovery Using Language Models
tsurubee
1
230
JSAI NeurIPS 2024 参加報告会(AI アライメント)
akifumi_wachi
5
910
Collaborative Development of Foundation Models at Japanese Academia
odashi
2
420
クラウドのテレメトリーシステム研究動向2025年
yuukit
3
740
Large Vision Language Model (LVLM) に関する最新知見まとめ (Part 1)
onely7
25
6.2k
Data-centric AI勉強会 「ロボットにおけるData-centric AI」
haraduka
0
510
A Segment Anything Model based weakly supervised learning method for crop mapping using Sentinel-2 time series images
satai
3
180
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Typedesign – Prime Four
hannesfritz
41
2.6k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.3k
How GitHub (no longer) Works
holman
314
140k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
A Tale of Four Properties
chriscoyier
158
23k
Writing Fast Ruby
sferik
628
61k
KATA
mclloyd
29
14k
A better future with KSS
kneath
238
17k
Practical Orchestrator
shlominoach
186
10k
Bash Introduction
62gerente
611
210k
Transcript
How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch> …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn