Professional Documents
Culture Documents
21
paulo@10.200.14.21's password:
Last login: Tue May 24 09:10:01 2022 from 10.19.14.246
paulo@PC991006948900:~$
paulo@PC991006948900:~$ cd s
s4s/ spring4shell/
paulo@PC991006948900:~$ cd s4s/
paulo@PC991006948900:~/s4s$ ls
find_vuln.py repositories.py todo-nexus.txt vulnerabilities.py
paulo@PC991006948900:~/s4s$ ls -lh
total 52K
-rw-rw-r-- 1 paulo paulo 2,3K mai 6 10:23 find_vuln.py
-rw-rw-r-- 1 paulo paulo 586 abr 6 15:05 repositories.py
-rw-rw-r-- 1 paulo paulo 4,9K mai 6 11:07 todo-nexus.txt
-rw-rw-r-- 1 paulo paulo 1009 abr 6 15:02 vulnerabilities.py
paulo@PC991006948900:~/s4s$ cat find_vuln.py
import requests
from urllib3.exceptions import InsecureRequestWarning
import json
import sys
def get_repositories(project):
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
url="https://harbor.pbh.gov.br/api/v2.0/search?q=" + project
headers = {
"accept": "application/json",
"authorization": "Basic YWRtaW46I2hwIUBLaEs0NQ=="
}
response = requests.get(url, headers = headers, verify = False)
response_json = json.loads(response.text)
repositories = []
for repository in response_json["repository"]:
repository_name = repository["repository_name"][len(project)
+1:].replace("/", "%252F")
repositories.append(repository_name)
return repositories
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
jobservice:
image: goharbor/harbor-jobservice:v2.4.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.4.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.4.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- /data/secret/cert:/etc/cert:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
- 443:8443
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
trivy-adapter:
container_name: trivy-adapter
image: goharbor/trivy-adapter-photon:v2.4.1
restart: always
cap_drop:
- ALL
depends_on:
- log
- redis
networks:
- harbor
volumes:
- type: bind
source: /data/trivy-adapter/trivy
target: /home/scanner/.cache/trivy
- type: bind
source: /data/trivy-adapter/reports
target: /home/scanner/.cache/reports
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "trivy-adapter"
env_file:
./common/config/trivy-adapter/env
networks:
harbor:
external: false
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ curl localhost
-bash: curl: command not found
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ wget localhost
--2022-05-25 15:28:52-- http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 308 Permanent Redirect
Location: https://localhost:443/ [following]
--2022-05-25 15:28:52-- https://localhost/
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
ERROR: The certificate of 'localhost' is not trusted.
ERROR: The certificate of 'localhost' doesn't have a known issuer.
The certificate's owner does not match hostname 'localhost'
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ nmap -p 80 localhost
-bash: nmap: command not found
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ telnet -p 80 localhost
telnet: invalid option -- 'p'
Usage: telnet [-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]
[-n tracefile] [ -b addr ] [-r] [host-name [port]]
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ telnet localhost 80
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> Connection closed.
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ telnet localhost 443
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> Connection closed.
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ telnet localhost 5432
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at
unix:///var/run/docker.sock: Get
"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix
/var/run/docker.sock: connect: permission denied
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ sudo su
root@vlcp-harbor01:/home/gpmi/harbor# docker ps
CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS
NAMES
8d8d10dc4ccb goharbor/harbor-jobservice:v2.4.1 "/harbor/entrypoint.…" 7
weeks ago Up 6 weeks (healthy)
harbor-jobservice
394852a1da35 goharbor/nginx-photon:v2.4.1 "nginx -g 'daemon of…" 7
weeks ago Up 6 weeks (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp
nginx
e61aaa6d6799 goharbor/harbor-core:v2.4.1 "/harbor/entrypoint.…" 7
weeks ago Up 6 weeks (healthy)
harbor-core
adf5e167f5a9 goharbor/trivy-adapter-photon:v2.4.1 "/home/scanner/entry…" 7
weeks ago Up 6 weeks (healthy)
trivy-adapter
0839fb90c8bf goharbor/harbor-portal:v2.4.1 "nginx -g 'daemon of…" 7
weeks ago Up 6 weeks (healthy)
harbor-portal
e3fb85f60a8c goharbor/harbor-registryctl:v2.4.1 "/home/harbor/start.…" 7
weeks ago Up 6 weeks (healthy)
registryctl
fbf7d7df9862 goharbor/redis-photon:v2.4.1 "redis-server /etc/r…" 7
weeks ago Up 6 weeks (healthy)
redis
1f510f838ee1 goharbor/harbor-db:v2.4.1 "/docker-entrypoint.…" 7
weeks ago Up 6 weeks (healthy)
harbor-db
40c16f93c1cd goharbor/registry-photon:v2.4.1 "/home/harbor/entryp…" 7
weeks ago Up 6 weeks (healthy)
registry
6552d5f55520 goharbor/harbor-log:v2.4.1 "/bin/sh -c /usr/loc…" 7
weeks ago Up 6 weeks (healthy) 127.0.0.1:1514->10514/tcp
harbor-log
root@vlcp-harbor01:/home/gpmi/harbor# docker exec -ti harbor-db sh
sh-5.0$ ls
bin dev docker-entrypoint.sh etc initdb.sh lib64 mnt root
sbin sys upgrade.sh var
boot docker-entrypoint-initdb.d docker-healthcheck.sh home lib media
proc run srv tmp usr
sh-5.0$ psql
psql (13.5)
Type "help" for help.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
pass=
authMethod=trust
fi
{
echo
echo "host all all all $authMethod"
} >> "$1/pg_hba.conf"
echo `whoami`
# internal start of server in order to allow set-up using psql-client
# does not listen on external TCP/IP and waits until start finishes
pg_ctl -D "$1" -o "-c listen_addresses=''" -w start
echo
if [ $2 == "true" ]; then
for f in /docker-entrypoint-initdb.d/*; do
case "$f" in
*.sh) echo "$0: running $f"; . "$f" ;;
*.sql) echo "$0: running $f"; "${psql[@]}" -f
"$f"; echo ;;
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" |
"${psql[@]}"; echo ;;
*) echo "$0: ignoring $f" ;;
esac
echo
done
fi
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$1" -m fast -w stop
echo
echo 'PostgreSQL init process complete; ready for start up.'
echo
}sh-5.0$ vi initdb.sh
sh: vi: command not found
sh-5.0$
sh-5.0$ env
HOSTNAME=1f510f838ee1
POSTGRES_PASSWORD=RO07123@
PWD=/
HOME=/home/postgres
TERM=xterm
SHLVL=1
PGDATA=/var/lib/postgresql/data
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
sh-5.0$ psql -U postgres -w
psql (13.5)
Type "help" for help.
postgres=# \dt+
Did not find any relations.
postgres=# \d
Did not find any relations.
postgres=# \d
\d \da \dAf \dAp \dC \dD \ddp \des \deu \dF \dFd \dFt
\di \dl \dn \do \dp \dPt \dRp \ds \dt \du \dx
\dA \dAc \dAo \db \dc \dd \dE \det \dew \df \dFp \dg
\dL \dm \dO \dP \dPi \drds \dRs \dS \dT \dv \dy
postgres=# \d
\d \da \dAf \dAp \dc \dd \ddp \des \deu \df \dFd \dFt
\di \dL \dn \dO \dp \dPt \dRp \ds \dT \du \dx
\dA \dAc \dAo \db \dC \dD \dE \det \dew \dF \dFp \dg
\dl \dm \do \dP \dPi \drds \dRs \dS \dt \dv \dy
postgres=# \d
\d \da \dAf \dAp \dc \dD \ddp \des \deu \df \dFd \dFt
\di \dl \dn \do \dp \dPt \dRp \ds \dT \du \dx
\dA \dAc \dAo \db \dC \dd \dE \det \dew \dF \dFp \dg
\dL \dm \dO \dP \dPi \drds \dRs \dS \dt \dv \dy
postgres=# \d+
Did not find any relations.
postgres=# \db
List of tablespaces
Name | Owner | Location
------------+----------+----------
pg_default | postgres |
pg_global | postgres |
(2 rows)
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access
privileges
--------------+----------+----------+-------------+-------------
+-----------------------
notaryserver | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres
+
| | | | |
postgres=CTc/postgres+
| | | | |
server=CTc/postgres
notarysigner | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres
+
| | | | |
postgres=CTc/postgres+
| | | | |
signer=CTc/postgres
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
registry | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
+
| | | | |
postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
+
| | | | |
postgres=CTc/postgres
(6 rows)
postgres=# \c postgres
Password:
You are now connected to database "postgres" as user "postgres".
postgres=# \dt
Did not find any relations.
postgres=# ^D\q
sh-5.0$ psql -U postgres -W
Password:
psql (13.5)
Type "help" for help.
postgres=# \c registry
Password:
You are now connected to database "registry" as user "postgres".
registry=# \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------------+-------+----------
public | access | table | postgres
public | alembic_version | table | postgres
public | artifact | table | postgres
public | artifact_blob | table | postgres
public | artifact_reference | table | postgres
public | artifact_trash | table | postgres
public | audit_log | table | postgres
public | blob | table | postgres
public | cve_allowlist | table | postgres
public | data_migrations | table | postgres
public | execution | table | postgres
public | harbor_label | table | postgres
public | harbor_resource_label | table | postgres
public | harbor_user | table | postgres
public | immutable_tag_rule | table | postgres
public | job_log | table | postgres
public | label_reference | table | postgres
public | notification_job | table | postgres
public | notification_policy | table | postgres
public | oidc_user | table | postgres
public | p2p_preheat_instance | table | postgres
public | p2p_preheat_policy | table | postgres
public | permission_policy | table | postgres
public | project | table | postgres
public | project_blob | table | postgres
public | project_member | table | postgres
public | project_metadata | table | postgres
public | properties | table | postgres
public | quota | table | postgres
public | quota_usage | table | postgres
public | registry | table | postgres
public | replication_policy | table | postgres
public | report_vulnerability_record | table | postgres
public | repository | table | postgres
public | retention_policy | table | postgres
public | robot | table | postgres
public | role | table | postgres
public | role_permission | table | postgres
public | scan_report | table | postgres
public | scanner_registration | table | postgres
public | schedule | table | postgres
public | schema_migrations | table | postgres
public | tag | table | postgres
public | task | table | postgres
public | user_group | table | postgres
public | vulnerability_record | table | postgres
(46 rows)
id | uuid |
digest | registration_uuid |
mime_type |
report
| id | report_uuid | vuln_record_id | id | cve_id
| registration_uuid | package | package_version |
package_type | severity | fixed_version | urls
| cvss_score_v3 | cvss_score_v2 | cvss_vector_v3 | cvss_vector_v2 |
description | cwe_ids |
vendor_attributes
------+--------------------------------------
+-------------------------------------------------------------------------
+--------------------------------------
+------------------------------------------------------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-+---------+--------------------------------------+----------------+----
+----------------+--------------------------------------+------------
+-----------------+--------------+----------+---------------
+--------------------------------------------+---------------+---------------
+----------------------------------------------------------------------------------
---------------------+---------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--------------------------------------------------------------
7240 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f |
sha256:e3918b244a52e99bf05332f4b903c7987c4ebc7d554e20aac8c694af2300ad45 | f624ecb2-
ab99-11ec-b0e3-0242ac130008 | application/vnd.security.vulnerability.report;
version=1.1 | {"generated_at":"2022-05-24T21:30:54.616565446Z","scanner":
{"name":"Trivy","vendor":"Aqua
Security","version":"v0.20.1"},"severity":"Critical","vulnerabilities":[]} |
2064052 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 95 | 95 | CVE-2019-
12900 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | bzip2-libs | 1.0.6-26.el8 |
Unknown | Low | | https://avd.aquasec.com/nvd/cve-2019-
12900 | | | | |
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write
when there are many selectors. | CWE-787 | {"CVSS":{"nvd":
{"V2Score":7.5,"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Score":9.8,"V3Vector":"CV
SS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"redhat":
{"V3Score":4,"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}}
(1 row)
registry=# \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------------+-------+----------
public | access | table | postgres
public | alembic_version | table | postgres
public | artifact | table | postgres
public | artifact_blob | table | postgres
public | artifact_reference | table | postgres
public | artifact_trash | table | postgres
public | audit_log | table | postgres
public | blob | table | postgres
public | cve_allowlist | table | postgres
public | data_migrations | table | postgres
public | execution | table | postgres
public | harbor_label | table | postgres
public | harbor_resource_label | table | postgres
public | harbor_user | table | postgres
public | immutable_tag_rule | table | postgres
public | job_log | table | postgres
public | label_reference | table | postgres
public | notification_job | table | postgres
public | notification_policy | table | postgres
public | oidc_user | table | postgres
public | p2p_preheat_instance | table | postgres
public | p2p_preheat_policy | table | postgres
public | permission_policy | table | postgres
public | project | table | postgres
public | project_blob | table | postgres
public | project_member | table | postgres
public | project_metadata | table | postgres
public | properties | table | postgres
public | quota | table | postgres
public | quota_usage | table | postgres
public | registry | table | postgres
public | replication_policy | table | postgres
public | report_vulnerability_record | table | postgres
public | repository | table | postgres
public | retention_policy | table | postgres
public | robot | table | postgres
public | role | table | postgres
public | role_permission | table | postgres
public | scan_report | table | postgres
public | scanner_registration | table | postgres
public | schedule | table | postgres
public | schema_migrations | table | postgres
public | tag | table | postgres
public | task | table | postgres
public | user_group | table | postgres
public | vulnerability_record | table | postgres
(46 rows)
registry=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access
privileges
--------------+----------+----------+-------------+-------------
+-----------------------
notaryserver | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres
+
| | | | |
postgres=CTc/postgres+
| | | | |
server=CTc/postgres
notarysigner | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres
+
| | | | |
postgres=CTc/postgres+
| | | | |
signer=CTc/postgres
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
registry | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
+
| | | | |
postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
+
| | | | |
postgres=CTc/postgres
(6 rows)
registry=# \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------------+-------+----------
public | access | table | postgres
public | alembic_version | table | postgres
public | artifact | table | postgres
public | artifact_blob | table | postgres
public | artifact_reference | table | postgres
public | artifact_trash | table | postgres
public | audit_log | table | postgres
public | blob | table | postgres
public | cve_allowlist | table | postgres
public | data_migrations | table | postgres
public | execution | table | postgres
public | harbor_label | table | postgres
public | harbor_resource_label | table | postgres
public | harbor_user | table | postgres
public | immutable_tag_rule | table | postgres
public | job_log | table | postgres
public | label_reference | table | postgres
public | notification_job | table | postgres
public | notification_policy | table | postgres
public | oidc_user | table | postgres
public | p2p_preheat_instance | table | postgres
public | p2p_preheat_policy | table | postgres
public | permission_policy | table | postgres
public | project | table | postgres
public | project_blob | table | postgres
public | project_member | table | postgres
public | project_metadata | table | postgres
public | properties | table | postgres
public | quota | table | postgres
public | quota_usage | table | postgres
public | registry | table | postgres
public | replication_policy | table | postgres
public | report_vulnerability_record | table | postgres
public | repository | table | postgres
public | retention_policy | table | postgres
public | robot | table | postgres
public | role | table | postgres
public | role_permission | table | postgres
public | scan_report | table | postgres
public | scanner_registration | table | postgres
public | schedule | table | postgres
public | schema_migrations | table | postgres
public | tag | table | postgres
public | task | table | postgres
public | user_group | table | postgres
public | vulnerability_record | table | postgres
(46 rows)