pirenga

I ran into the battle of running all of my VMs and the host node under a single public IP address. Luckily, the host is just pure Debian, and ships with iptables.

What needs to be done is essentially to run all the VMs on a private internal network. Outbound internet access is done via NAT. Inbound access is via port forwarding.

Network configuration

Here’s how it’s done:

Create a virtual interface that serves as the gateway for your VMs:

pirenga

Remote Code Execution via File Upload (CVE-2020-12255)


The rConfig 3.9.4 is vulnerable to remote code execution due to improper checks/validation via the file upload functionality. 
The vendor.crud.php accepts the file upload by checking through content-type and it is not restricting upload by checking the file extension and header. 
Due to this flaw, An attacker can exploit this vulnerability by uploading a PHP file that contains arbitrary code (shell) and changing the content-type to `image/gif` in the vendor.crud.php. 
since the validation checks are happening through content-type the server would accept the PHP file uploaded ultimately resulting code execution upon the response when invoked. 


Steps To Reproduce-:

pirenga

<!--
Description: The following is the example code to use recaptcha.
Notice: The function backend_API_challenge is the concept and you should implement it on the backend.
        Especially, you must keep your secret key in private all the time.
Flow:
1. Click the submit button.
2. On the console, execute backend_API_challenge function.
-->
<html>
<head>

pirenga

function ltrim(s) { sub(/^[ \t\r\n]+/, "", s); return s }
function rtrim(s) { sub(/[ \t\r\n]+$/, "", s); return s }
function trim(s)  { return rtrim(ltrim(s)); }
BEGIN {
# whatever
}
{
# whatever
}
END {

pirenga

Ansible playbook to setup HTTPS using Let's encrypt on nginx.

The Ansible playbook installs everything needed to serve static files from a nginx server over HTTPS.
The server pass A rating on [SSL Labs](https://www.ssllabs.com/).

To use:
 1. Install [Ansible](https://www.ansible.com/)
 2. Setup an Ubuntu 16.04 server accessible over ssh
 3. Create `/etc/ansible/hosts` according to template below and change example.com to your domain
 4. Copy the rest of the files to an empty directory (`playbook.yml` in the root of that folder and the rest in the `templates` subfolder)

pirenga

/ipv6 firewall filter
add action=accept chain=input comment="Allow established connections" connection-state=established disabled=no
add action=accept chain=input comment="Allow related connections" connection-state=related disabled=no
add action=accept chain=input comment="Allow limited ICMP" disabled=no limit=50/5s,5 protocol=icmpv6
add action=accept chain=input comment="Allow UDP" disabled=no protocol=udp
add action=drop chain=input comment="" disabled=no
add action=accept chain=forward comment="Allow any to internet" disabled=no out-interface=sit1
add action=accept chain=forward comment="Allow established connections" connection-state=established disabled=no
add action=accept chain=forward comment="Allow related connections" connection-state=related disabled=no
add action=drop chain=forward comment="" disabled=no

pirenga

18   ;;; 7/0 goes to WAN1
     chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes 
     dst-address-type=!local in-interface=LAN1 connection-mark=no-mark 
     per-connection-classifier=both-addresses-and-ports:7/0 

19   ;;; 7/1 goes to WAN2
     chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes 
     dst-address-type=!local in-interface=LAN1 connection-mark=no-mark 
     per-connection-classifier=both-addresses-and-ports:7/1