Yet Another Wiki

User Tools

Site Tools

Trace:
challenges-anssi-ecsc-web-php-sandbox

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
challenges-anssi-ecsc-web-php-sandbox [2019/05/16 13:28] didzkovitchzchallenges-anssi-ecsc-web-php-sandbox [2020/12/15 21:20] (current) – removed didzkovitchz
Line 1: Line 1:
-====== ANSSI ECSC ~~ Challenges web ~~ PHP Sandbox ====== 
-[[anssi-ecsc|Retour]] 
  
-===== Présentation ===== 
- 
-À vous de trouver les bons arguments pour lui parler. 
- 
-http://challenges.ecsc-teamfrance.fr:8000/ 
- 
-''<b>Command arguments not found!</b>'' 
- 
- 
-===== 1 - cURL ===== 
- 
-''curl http://challenges.ecsc-teamfrance.fr:8000/ -v'' 
- 
-<code> 
-* Expire in 0 ms for 6 (transfer 0x7fffd075a090) 
-* Expire in 1 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 0 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 2 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 1 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 1 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 4 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 4 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 4 ms for 1 (transfer 0x7fffd075a090) 
-* Expire in 5 ms for 1 (transfer 0x7fffd075a090) 
-*   Trying 51.91.7.35... 
-* TCP_NODELAY set 
-* Expire in 149990 ms for 3 (transfer 0x7fffd075a090) 
-* Expire in 200 ms for 4 (transfer 0x7fffd075a090) 
-* Connected to challenges.ecsc-teamfrance.fr (51.91.7.35) port 8000 (#0) 
-> GET / HTTP/1.1 
-> Host: challenges.ecsc-teamfrance.fr:8000 
-> User-Agent: curl/7.64.0 
-> Accept: */* 
-> 
-< HTTP/1.1 200 OK 
-< Date: Tue, 14 May 2019 11:42:19 GMT 
-< Server: Apache/2.4.25 (Debian) 
-< Content-Length: 35 
-< Content-Type: text/html; charset=UTF-8 
-< 
-* Connection #0 to host challenges.ecsc-teamfrance.fr left intact 
-<b>Command arguments not found!</b> 
-</code> 
- 
-''curl -sD - -o /dev/null http://challenges.ecsc-teamfrance.fr:8000/'' 
- 
-<code> 
-HTTP/1.1 200 OK 
-Date: Tue, 14 May 2019 11:43:50 GMT 
-Server: Apache/2.4.25 (Debian) 
-Content-Length: 35 
-Content-Type: text/html; charset=UTF-8 
-</code> 
- 
-Pas grand chose de mieux en changeant la version de HTTP (1.0 et 2.0). 
- 
-===== 2 - dirb (directory buster) ===== 
- 
-'' dirb http://challenges.ecsc-teamfrance.fr:8000/'' 
- 
-<code> 
------------------ 
-DIRB v2.22 
-By The Dark Raver 
------------------ 
- 
-START_TIME: Tue May 14 14:08:11 2019 
-URL_BASE: http://challenges.ecsc-teamfrance.fr:8000/ 
-WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt 
- 
------------------ 
- 
-GENERATED WORDS: 4612 
- 
----- Scanning URL: http://challenges.ecsc-teamfrance.fr:8000/ ---- 
-+ http://challenges.ecsc-teamfrance.fr:8000/index.php (CODE:200|SIZE:35) 
-+ http://challenges.ecsc-teamfrance.fr:8000/server-status (CODE:403|SIZE:319) 
- 
------------------ 
-END_TIME: Tue May 14 14:13:27 2019 
-DOWNLOADED: 4612 - FOUND: 2 
-</code> 
- 
-Nous avons donc 2 URL identifiées : 
-  * http://challenges.ecsc-teamfrance.fr:8000/index.php : page d'accueil 
-  * http://challenges.ecsc-teamfrance.fr:8000/server-status : accès refusé (403) 
- 
- 
-===== 3 - nikto ===== 
- 
-''nikto -h http://challenges.ecsc-teamfrance.fr:8000/'' 
- 
-<code> 
-- Nikto v2.1.6 
---------------------------------------------------------------------------- 
-+ Target IP:          51.83.96.75 
-+ Target Hostname:    challenges.ecsc-teamfrance.fr 
-+ Target Port:        8000 
-+ Message:            Multiple IP addresses found: 51.83.96.75, 51.91.16.154, 51.91.7.35 
-+ Start Time:         2019-05-14 13:57:26 (GMT2) 
---------------------------------------------------------------------------- 
-+ Server: Apache/2.4.25 (Debian) 
-+ The anti-clickjacking X-Frame-Options header is not present. 
-+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS 
-+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type 
-+ No CGI Directories found (use '-C all' to force check all possible dirs) 
-+ Apache/2.4.25 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch. 
-+ Web Server returns a valid response with junk HTTP methods, this may cause false positives. 
- 
- 
-+ OSVDB-3233: /icons/README: Apache default file found. 
- 
-+ 7865 requests: 0 error(s) and 6 item(s) reported on remote host 
-+ End Time:           2019-05-14 14:17:32 (GMT2) (1206 seconds) 
---------------------------------------------------------------------------- 
-+ 1 host(s) tested 
-</code> 
- 
-1 URL trouvée : http://challenges.ecsc-teamfrance.fr:8000/icons/README 
- 
-Il y a la liste des icônes accessibles dans ''icons'' mais ce sont des gifs par défaut. 
- 
-1 ancienne version d'Apache également à priori, mais ne s'agissant pas d'un challenge pwn ni misc je ne pense pas qu'il faille tenter d'exploiter une CVE. 
challenges-anssi-ecsc-web-php-sandbox.1558006100.txt.gz · Last modified: 2019/05/16 13:28 by didzkovitchz