Hej fitta

TJÄNSTER

HÅL

MÅL

ERÖVRAT

FÖRLORAT

ATT PATCHA

• MYSQL:

The default password is (user:pass): root:blafa www-data:blafa
debian-sys-maint user password known: http://status.harctf.hcesperer.org/score/adv/a_36.html
http://status.harctf.hcesperer.org/score/adv/a_37.html

• core-system

users: abashe (govmhttpd)
govmvote runs with root privileges
govmvote(http) runs with root privileges

• HTTP:

perlhttpd http://status.harctf.hcesperer.org/score/adv/a_30.html http://status.harctf.hcesperer.org/score/adv/a_42.html lighttp/foo.php http://status.harctf.hcesperer.org/score/adv/a_31.html http://status.harctf.hcesperer.org/score/adv/a_33.html lighttpd http://status.harctf.hcesperer.org/score/adv/a_35.html Information leak via http://10.x.1.3/mwys/version.php , fix: rm /var/www/mwys/version.php

PATCHAT

• http://status.harctf.hcesperer.org/score/adv/a_25.html Alla lösenord byta på användare

• http://status.harctf.hcesperer.org/score/adv/a_28.html root mysql ändrat till Clovarj5

• http://status.harctf.hcesperer.org/score/adv/a_31.html rm fil

• http://status.harctf.hcesperer.org/score/adv/a_35.html rm fil

RANDOM