Skillnad mellan versioner av "Harctf"
Hoppa till navigering
Hoppa till sök
Gea (diskussion | bidrag) |
Gea (diskussion | bidrag) |
||
(9 mellanliggande versioner av 3 användare visas inte) | |||
Rad 22: | Rad 22: | ||
root:blafa | root:blafa | ||
www-data:blafa | www-data:blafa | ||
+ | <br> | ||
+ | debian-sys-maint user password known: http://status.harctf.hcesperer.org/score/adv/a_36.html | ||
+ | <br> | ||
+ | http://status.harctf.hcesperer.org/score/adv/a_37.html | ||
*core-system | *core-system | ||
users: abashe (govmhttpd) | users: abashe (govmhttpd) | ||
<br> | <br> | ||
− | govmvote runs with root privileges | + | govmvote runs with root privileges<br> |
govmvote(http) runs with root privileges | govmvote(http) runs with root privileges | ||
+ | <br> | ||
+ | *HTTP: | ||
+ | perlhttpd http://status.harctf.hcesperer.org/score/adv/a_30.html http://status.harctf.hcesperer.org/score/adv/a_42.html | ||
+ | lighttp/foo.php http://status.harctf.hcesperer.org/score/adv/a_31.html http://status.harctf.hcesperer.org/score/adv/a_33.html | ||
+ | lighttpd http://status.harctf.hcesperer.org/score/adv/a_35.html | ||
+ | Information leak via http://10.x.1.3/mwys/version.php , fix: rm /var/www/mwys/version.php | ||
+ | |||
+ | =PATCHAT= | ||
+ | * http://status.harctf.hcesperer.org/score/adv/a_25.html Alla lösenord byta på användare | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_28.html root mysql ändrat till Clovarj5 | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_31.html rm fil | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_35.html rm fil | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_40.html rm fil | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_44.html pw bytt till Faschirvarj6 | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_53.html pw bytt | ||
+ | |||
+ | * http://status.harctf.hcesperer.org/score/adv/a_74.html mod satt till 755 | ||
=RANDOM= | =RANDOM= |
Nuvarande version från 14 augusti 2009 kl. 23.19
Hej fitta
TJÄNSTER[edit]
HÅL[edit]
MÅL[edit]
ERÖVRAT[edit]
FÖRLORAT[edit]
ATT PATCHA[edit]
- MYSQL:
The default password is (user:pass):
root:blafa
www-data:blafa
debian-sys-maint user password known: http://status.harctf.hcesperer.org/score/adv/a_36.html
http://status.harctf.hcesperer.org/score/adv/a_37.html
- core-system
users: abashe (govmhttpd)
govmvote runs with root privileges
govmvote(http) runs with root privileges
- HTTP:
perlhttpd http://status.harctf.hcesperer.org/score/adv/a_30.html http://status.harctf.hcesperer.org/score/adv/a_42.html lighttp/foo.php http://status.harctf.hcesperer.org/score/adv/a_31.html http://status.harctf.hcesperer.org/score/adv/a_33.html lighttpd http://status.harctf.hcesperer.org/score/adv/a_35.html Information leak via http://10.x.1.3/mwys/version.php , fix: rm /var/www/mwys/version.php
PATCHAT[edit]
- http://status.harctf.hcesperer.org/score/adv/a_25.html Alla lösenord byta på användare
- http://status.harctf.hcesperer.org/score/adv/a_28.html root mysql ändrat till Clovarj5
- http://status.harctf.hcesperer.org/score/adv/a_44.html pw bytt till Faschirvarj6
- http://status.harctf.hcesperer.org/score/adv/a_74.html mod satt till 755