Welcome to Scribd!

Dev Oops

Uploaded by

0% found this document useful (0 votes)

11 views7 pages

This document provides instructions for gaining access to a system called DevOops. It outlines exploiting vulnerabilities in XML external entities and Python pickle to gain an initial foothold. It then describes using an XXE attack to read the feed.py file and discover a vulnerable POST route. This route can be exploited by passing a base64-encoded Python pickle payload to achieve remote code execution. The document further explains how privilege escalation to root can be achieved by examining the git commit history to find an incorrect SSH key.

Original Description:

Original Title

DevOops

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

11 views7 pages

Dev Oops

Uploaded by

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 7

Search inside document

DevOops
October 2018 / Document No D18.100.21
13th
Prepared By: Alexander Reid (Arrexel)
Machine Author: lokori

Difficulty: Medium
Classification: Official

Page 1 / 7

SYNOPSIS
DevOops is a relatively quick machine to complete which focuses on XML external entities and
Python pickle vulnerabilities to gain a foothold.

Skills Required Skills Learned

● Basic/intermediate knowledge of Linux ● Exploiting XML external entities

● Basic/intermediate knowledge of ● Exploiting Python pickle
Python ● Enumerating git revision history

Page 2 / 7

Enumeration

Services

Masscan finds ports 22 and 5000 open. Nmap identifies these services as OpenSSH and
Gunicorn.

Page 3 / 7

Dirbuster

Dirbuster finds /feed and /upload. The upload page allows uploading of XML files.

Page 4 / 7

Exploitation

XML External Entities

By uploading an XML file which references external entities, it is possible to read arbitrary files on
the target system.

Using the XXE vulnerability to read feed.py reveals a /newpost route in the Python web
application which accepts POST data.

Page 5 / 7

Python Pickle

With access to feed.py, it is fairly straightforward to exploit the newpost route. Simply passing a
base64-encoded pickle exploit will achieve a shell.

Page 6 / 7

Privilege Escalation

Git History

There is a git repository located at /home/roosa/work/blogfeed. Examining the commit history

with git log shows a commit referencing an incorrect key file.

Checking the commit with git diff d387abf63e05c9628a59195cec9311751bdb283f reveals the

root SSH key.

Page 7 / 7

C Bw4hana 27
Document10 pages
C Bw4hana 27
ccreddy83
No ratings yet
Learn Git in a Month of Lunches
From Everand
Learn Git in a Month of Lunches
Rick Umali
No ratings yet
Exam-Part-1/ Guide-April-2019-Corrected-Flash-Cards/: A System Logs B Activity Logs
Document16 pages
Exam-Part-1/ Guide-April-2019-Corrected-Flash-Cards/: A System Logs B Activity Logs
Avi Sutanto
No ratings yet
AutoSys Training
Document30 pages
AutoSys Training
amy_7
50% (2)
Shrek
Document7 pages
Shrek
maverick
No ratings yet
Mlfinlab PyPI
Document7 pages
Mlfinlab PyPI
Vijay Kumar
No ratings yet
GitHub - OnionIoT - Python-Spidev Python Module For Interfacing With SPI Devices
Document8 pages
GitHub - OnionIoT - Python-Spidev Python Module For Interfacing With SPI Devices
ronald decimus MAD-BONDO
No ratings yet
Shocker: 3 October 2017 / Document No D17.100.01
Document7 pages
Shocker: 3 October 2017 / Document No D17.100.01
Rapeepat Thampaisan
No ratings yet
Bashed
Document6 pages
Bashed
Rapeepat Thampaisan
No ratings yet
Howto Urllib2
Document11 pages
Howto Urllib2
lil tel
No ratings yet
2 Mobile Network Architecture SigPloiter - SigPloit Wiki GitHub
Document2 pages
2 Mobile Network Architecture SigPloiter - SigPloit Wiki GitHub
rosslovelady
No ratings yet
Meta Hids by eBPF
Document27 pages
Meta Hids by eBPF
ninggou.yang
No ratings yet
HOWTO Fetch Internet Resources Using Urllib2: Guido Van Rossum and The Python Development Team
Document10 pages
HOWTO Fetch Internet Resources Using Urllib2: Guido Van Rossum and The Python Development Team
Ranu Games
No ratings yet
Howto Urllib2
Document11 pages
Howto Urllib2
Moked Cpx
No ratings yet
Interplanetary File System For Business (Ipfsfb)
Document6 pages
Interplanetary File System For Business (Ipfsfb)
Abu Hayat M Hasnat
No ratings yet
Bank
Document7 pages
Bank
Nguyễn Thịnh
No ratings yet
Howto Urllib2
Document11 pages
Howto Urllib2
aleks3
No ratings yet
Python Library - Spidev
Document6 pages
Python Library - Spidev
ronald decimus MAD-BONDO
No ratings yet
Howto Urllib2
Document11 pages
Howto Urllib2
Jason Davis
No ratings yet
Inject
Document14 pages
Inject
mafihokand123
No ratings yet
Irked: 21 April 2019 / Document No D19.100.15
Document11 pages
Irked: 21 April 2019 / Document No D19.100.15
bosan
No ratings yet
Apocalyst
Document8 pages
Apocalyst
Mohamed Asem
No ratings yet
Pysftp
Document39 pages
Pysftp
Taras
No ratings yet
Present Azi One
Document292 pages
Present Azi One
sistr piosp
No ratings yet
What Is Python?: in Data Science
Document17 pages
What Is Python?: in Data Science
prashant kumar
No ratings yet
Python Digsilent
Document16 pages
Python Digsilent
Sunil Måüřÿä
No ratings yet
21 - Haircut
Document6 pages
21 - Haircut
avaldiris
No ratings yet
Technical Note
Document7 pages
Technical Note
gelerod250
No ratings yet
HOWTO Fetch Internet Resources Using The Urllib Package: Guido Van Rossum and The Python Development Team
Document12 pages
HOWTO Fetch Internet Resources Using The Urllib Package: Guido Van Rossum and The Python Development Team
Sumit Halder
No ratings yet
Python Garbage Collector Implementations Cpython, Pypy and Gas
Document8 pages
Python Garbage Collector Implementations Cpython, Pypy and Gas
xxx
No ratings yet
En - Abusing Shared Libraries - Boiteaklou
Document11 pages
En - Abusing Shared Libraries - Boiteaklou
Josh Ualton
No ratings yet
Ipdb 0.13.9: Project Description
Document12 pages
Ipdb 0.13.9: Project Description
asdasd
No ratings yet
10 Awesome Python 3.9 Features. The Must-Know Python 3.9 Features - by Farhad Malik - Oct, 2020 - Towards Data Science
Document14 pages
10 Awesome Python 3.9 Features. The Must-Know Python 3.9 Features - by Farhad Malik - Oct, 2020 - Towards Data Science
deepak_senior
No ratings yet
Python Introd U6
Document62 pages
Python Introd U6
Subhiksha S
No ratings yet
Biopython: Ahmed G. A. Ali
Document13 pages
Biopython: Ahmed G. A. Ali
Samir Sabry
No ratings yet
Clonar Chat GPT de Forma Local
Document4 pages
Clonar Chat GPT de Forma Local
languages gym valencia
No ratings yet
16.parallel IO 2
Document28 pages
16.parallel IO 2
spareyash
No ratings yet
Popcorn
Document7 pages
Popcorn
Inzamam Nizam
No ratings yet
Write Log in Console Procedures Are Given Below-: Using System
Document40 pages
Write Log in Console Procedures Are Given Below-: Using System
muhammad danish butt
No ratings yet
Simpy Documentation: Release 2.3.3
Document373 pages
Simpy Documentation: Release 2.3.3
akhil
No ratings yet
Basic Python
Document15 pages
Basic Python
Trần Tuấn Phong
No ratings yet
Glossary of Python Related Terms
Document2 pages
Glossary of Python Related Terms
jbooysen
No ratings yet
Install Metasploit From Git On Arch Linux-Ruby2.4.2
Document9 pages
Install Metasploit From Git On Arch Linux-Ruby2.4.2
whiterg
No ratings yet
Category - Python - Rosetta Code
Document13 pages
Category - Python - Rosetta Code
Prem Kumar
No ratings yet
Nightmare: 7 July 2018 / Document No D18.100.09
Document9 pages
Nightmare: 7 July 2018 / Document No D18.100.09
bosan
No ratings yet
Pyttsx3 Documentation: Release 2.6
Document21 pages
Pyttsx3 Documentation: Release 2.6
Prabha Sri.K 18MTCS09
No ratings yet
Nerating The Parser - Reading 4 - Parser Generators - 6.005.2x Courseware - Edx
Document2 pages
Nerating The Parser - Reading 4 - Parser Generators - 6.005.2x Courseware - Edx
Annie Voinova
No ratings yet
Documenting A GRPC API With OpenAPI
Document7 pages
Documenting A GRPC API With OpenAPI
ShortShot
No ratings yet
Metasploit
Document4 pages
Metasploit
saleenaoliveira
No ratings yet
Python DIgSILENT
Document16 pages
Python DIgSILENT
PRi TOm
No ratings yet
All About Proto DataStore. in This Post, We Will Learn About Proto - by Simona Milanović - Android Developers - Medium
Document22 pages
All About Proto DataStore. in This Post, We Will Learn About Proto - by Simona Milanović - Android Developers - Medium
Arpan Peter
No ratings yet
OpenPiton System Block Manual
Document26 pages
OpenPiton System Block Manual
nhungdieubatchot
No ratings yet
Python Snap7
Document61 pages
Python Snap7
Zulfikar Fahmi
No ratings yet
Blocky
Document6 pages
Blocky
Constantino Miguelez Peña
No ratings yet
Python Programming - Unit-1
Document168 pages
Python Programming - Unit-1
VIJAY G
No ratings yet
Howto Cporting PDF
Document8 pages
Howto Cporting PDF
LALITHA
No ratings yet
Nokogiri (Software)
Document2 pages
Nokogiri (Software)
linda976
No ratings yet
XBee-2 0 0-Documentation
Document17 pages
XBee-2 0 0-Documentation
DLinh2210
No ratings yet
Building Microservices With Spring Boot
Document37 pages
Building Microservices With Spring Boot
Rohit Pandey
50% (2)
Curso Python
Document159 pages
Curso Python
maruxasi
No ratings yet
Project Overview: Examples
Document2 pages
Project Overview: Examples
P K
No ratings yet
Biopython: Python Tools For Computational Biology: Brad Chapman Chang
Document5 pages
Biopython: Python Tools For Computational Biology: Brad Chapman Chang
malla ashwini
No ratings yet
Module IV Data Visualization Using Python v2.6
Document21 pages
Module IV Data Visualization Using Python v2.6
KEESHA
No ratings yet
Ignition Writeup: Introduction To Networking
Document11 pages
Ignition Writeup: Introduction To Networking
MK
No ratings yet
Control
Document15 pages
Control
MK
No ratings yet
Calamity
Document9 pages
Calamity
MK
No ratings yet
Blue
Document5 pages
Blue
MK
No ratings yet
Buff
Document11 pages
Buff
MK
No ratings yet
Tcodes For Transport Management System
Document7 pages
Tcodes For Transport Management System
Prakash
No ratings yet
Datastage and Qualitystage Parallel Stages and Activities
Document154 pages
Datastage and Qualitystage Parallel Stages and Activities
babjeereddy
No ratings yet
ICDL IT Security
Document62 pages
ICDL IT Security
c.shajid
100% (1)
OGG BP Instantiation Oracle DocID 1276058.1
Document32 pages
OGG BP Instantiation Oracle DocID 1276058.1
baraka08
No ratings yet
Computer Organization
Document8 pages
Computer Organization
meenakshimeenu480
No ratings yet
IA 313: Operating Systems Security: Lecture 3: File System Security
Document42 pages
IA 313: Operating Systems Security: Lecture 3: File System Security
isaya
No ratings yet
Application Adapters Guide For Oracle Data Integrator - 11v
Document110 pages
Application Adapters Guide For Oracle Data Integrator - 11v
sagarika panda
No ratings yet
Operating Systems Full
Document150 pages
Operating Systems Full
Harvey Specter
100% (1)
Oracle HCM Cloud: Global Human Resources: Duration
Document4 pages
Oracle HCM Cloud: Global Human Resources: Duration
Shubham Goel
No ratings yet
List of Top Networking Companies in India
Document23 pages
List of Top Networking Companies in India
HOD-DIT PSG-PTC
No ratings yet
DBMS Support of The Data Mining
Document54 pages
DBMS Support of The Data Mining
cuong_pv86
No ratings yet
Citizen Survey Form and Guidance To Conduct Citizen Survey
Document20 pages
Citizen Survey Form and Guidance To Conduct Citizen Survey
ITDP India
No ratings yet
Hospital Management System
Document22 pages
Hospital Management System
Miroku YT
No ratings yet
IS Project Proposal
Document2 pages
IS Project Proposal
k200462 Syed Muhammad Mohtashim
No ratings yet
T10 - Pointers
Document3 pages
T10 - Pointers
Glory of Billy's Empire Jorton Knight
No ratings yet
Unit 2 Processes: Structure Page Nos
Document24 pages
Unit 2 Processes: Structure Page Nos
Gaytri Dhingra
No ratings yet
Visual Programming Report: Assigned by Sir Azeem
Document5 pages
Visual Programming Report: Assigned by Sir Azeem
SAIMA SHAHZADI
No ratings yet
Log
Document25 pages
Log
Vina Karyanti
No ratings yet
SWOT AND TECHNICAL ANALYSIS OF CHANDIGARH UNIVERSITY With LOVELY PROFESSION UNIVERISTY AND CHITKARA UNIVERSITY
Document2 pages
SWOT AND TECHNICAL ANALYSIS OF CHANDIGARH UNIVERSITY With LOVELY PROFESSION UNIVERISTY AND CHITKARA UNIVERSITY
vicky kumar
No ratings yet
HNU EDGE Getting Started With Google Classroom
Document5 pages
HNU EDGE Getting Started With Google Classroom
Karl Tudtud
100% (2)
Zscaler Inc - Form 10-K (Sep-17-2020)
Document186 pages
Zscaler Inc - Form 10-K (Sep-17-2020)
akumar4u
No ratings yet
Project Communication Plan
Document5 pages
Project Communication Plan
Craig Vance
No ratings yet
Zeta Pms
Document5 pages
Zeta Pms
bangaloretoons
No ratings yet
cs605 Mcqs Mid Term by Vu Topper RM
Document28 pages
cs605 Mcqs Mid Term by Vu Topper RM
ayeshaasghar170
No ratings yet
Data Mining: Concepts & Techniques
Document29 pages
Data Mining: Concepts & Techniques
Deepika Aggarwal
100% (1)
DRM Readme 1123
Document11 pages
DRM Readme 1123
Arnaud G.
No ratings yet
Swift Certifications Swiftnet Security Officer Certification Summary
Document5 pages
Swift Certifications Swiftnet Security Officer Certification Summary
eliud.cardenas
No ratings yet