Differences

This shows you the differences between two versions of the page.

--- challenges-anssi-ecsc-web-php-sandbox [2019/05/16 13:16] – didzkovitchz
+++ challenges-anssi-ecsc-web-php-sandbox [2020/12/15 21:20] (current) – removed didzkovitchz
@@ Line 1: / Line 1: @@
-====== ANSSI ECSC ~~ Challenges web ~~ PHP Sandbox ======
-[[anssi-ecsc|Retour]]
-À vous de trouver les bons arguments pour lui parler.
-http://challenges.ecsc-teamfrance.fr:8000/
-''<b>Command arguments not found!</b>''
-===== 1 - cURL =====
-''curl http://challenges.ecsc-teamfrance.fr:8000/ -v''
-<code>
-* Expire in 0 ms for 6 (transfer 0x7fffd075a090)
-* Expire in 1 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 0 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 2 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 1 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 1 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 4 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 4 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 4 ms for 1 (transfer 0x7fffd075a090)
-* Expire in 5 ms for 1 (transfer 0x7fffd075a090)
-*   Trying 51.91.7.35...
-* TCP_NODELAY set
-* Expire in 149990 ms for 3 (transfer 0x7fffd075a090)
-* Expire in 200 ms for 4 (transfer 0x7fffd075a090)
-* Connected to challenges.ecsc-teamfrance.fr (51.91.7.35) port 8000 (#0)
-> GET / HTTP/1.1
-> Host: challenges.ecsc-teamfrance.fr:8000
-> User-Agent: curl/7.64.0
-> Accept: */*
->
-< HTTP/1.1 200 OK
-< Date: Tue, 14 May 2019 11:42:19 GMT
-< Server: Apache/2.4.25 (Debian)
-< Content-Length: 35
-< Content-Type: text/html; charset=UTF-8
-<
-* Connection #0 to host challenges.ecsc-teamfrance.fr left intact
-<b>Command arguments not found!</b>
-</code>
-''curl -sD - -o /dev/null http://challenges.ecsc-teamfrance.fr:8000/''
-<code>
-HTTP/1.1 200 OK
-Date: Tue, 14 May 2019 11:43:50 GMT
-Server: Apache/2.4.25 (Debian)
-Content-Length: 35
-Content-Type: text/html; charset=UTF-8
-</code>
-Pas grand chose de mieux en changeant la version de HTTP (1.0 et 2.0).
-===== 2 - dirb (directory buster) =====
-'' dirb http://challenges.ecsc-teamfrance.fr:8000/''
-<code>
------------------
-DIRB v2.22
-By The Dark Raver
------------------
-START_TIME: Tue May 14 14:08:11 2019
-URL_BASE: http://challenges.ecsc-teamfrance.fr:8000/
-WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
------------------
-GENERATED WORDS: 4612
----- Scanning URL: http://challenges.ecsc-teamfrance.fr:8000/ ----
-+ http://challenges.ecsc-teamfrance.fr:8000/index.php (CODE:200|SIZE:35)
-+ http://challenges.ecsc-teamfrance.fr:8000/server-status (CODE:403|SIZE:319)
------------------
-END_TIME: Tue May 14 14:13:27 2019
-DOWNLOADED: 4612 - FOUND: 2
-</code>
-Nous avons donc 2 URL identifiées :
-  * http://challenges.ecsc-teamfrance.fr:8000/index.php : page d'accueil
-  * http://challenges.ecsc-teamfrance.fr:8000/server-status : accès refusé (403)
-===== 3 - nikto =====
-''nikto -h http://challenges.ecsc-teamfrance.fr:8000/''
-<code>
-- Nikto v2.1.6
----------------------------------------------------------------------------
-+ Target IP:          51.83.96.75
-+ Target Hostname:    challenges.ecsc-teamfrance.fr
-+ Target Port:        8000
-+ Message:            Multiple IP addresses found: 51.83.96.75, 51.91.16.154, 51.91.7.35
-+ Start Time:         2019-05-14 13:57:26 (GMT2)
----------------------------------------------------------------------------
-+ Server: Apache/2.4.25 (Debian)
-+ The anti-clickjacking X-Frame-Options header is not present.
-+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
-+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
-+ No CGI Directories found (use '-C all' to force check all possible dirs)
-+ Apache/2.4.25 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
-+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
-+ OSVDB-3233: /icons/README: Apache default file found.
-+ 7865 requests: 0 error(s) and 6 item(s) reported on remote host
-+ End Time:           2019-05-14 14:17:32 (GMT2) (1206 seconds)
----------------------------------------------------------------------------
-+ 1 host(s) tested
-</code>
-URL trouvée : http://challenges.ecsc-teamfrance.fr:8000/icons/README
-Il y a la liste des icônes accessibles dans ''icons'' mais ce sont des gifs par défaut.
-ancienne version d'Apache également à priori, mais ne s'agissant pas d'un challenge pwn ni misc je ne pense pas qu'il faille tenter d'exploiter une CVE.