The solution is to tell Docker to not touch our iptables. Due to the iptables rules Docker creates by default when we use the -p option to forward a port without specifying the interface we will find out that this port is also being exposed to the internet, something we don’t want in most of the cases. Today I have a little guide for you for those of you who want to install Docker in a server which interface is exposed to the internet. Hope I can update this part of the blog more often, thanks for your visit! This has been a really interesting challenge, thanks a lot to the HackerOne guys for it!!! com to another header:īut the reply was empty, wait, wasn’t the ID growing one by one? I just jumped from ID 10 to com but the usual characters where not allowed.So, lets try to move that. Seemed the obvious place but the problem was that the calls ended up looking like / This time we get the default page of Apache again, but now we can try to find other servicesĪppending the port, after a while I found something interesting in the port 1337:Īnd this time we get the message “Hmm, where would it be?” The flag page I found before Vulnerability so lets point our domain to 127.0.0.1 and repeat the call: So lets go back to read.php and see whats in there:ĭecoding the base64 shows the content of the website, so it seems we are facing an SSRF So it seems that the domain should follow the format : Something seems to be missing.In the mean time dirbuster found the uris /read.php and /reset.php, while reset just replied with and ok message read seemed to be more successful:Īfter several tries sending the parameter row as json (due to the reply’s type), url and even aĬookie I decided to go back to index and try posting there: GET is not allowed, so my next option is to try a POST:
Made me try to put the domain in my hosts file pointing to that ip resulting in a cookie being The fact that they gave us the domain of the company and the reference to the admin panel On the url provided we can see that also mentioned default page for Apache (Ubuntu version)Īfter some digging the only other page that have something interesting was the uri /flag with Page is still there, but according to him that’s intentional and doesn’t hurt anyone. Tripwire that notifies him when the flag file is read. He is completely confident that the server can’t be hacked. Long time everybody, I know I haven’t post in quite a lot of time but maintaining the blog in two languages takes more time that I expected I have more than a half a dozen posts half translated waiting for me to have some free time 🙁 but today I give you a little writeup about the CTF that HackerOne organized this past few days, I hope you enjoy it.Īn engineer of launched a new server for a new admin panel at
0 kommentar(er)
