Retour

À vous de trouver les bons arguments pour lui parler.

http://challenges.ecsc-teamfrance.fr:8000/

<b>Command arguments not found!</b>

curl http://challenges.ecsc-teamfrance.fr:8000/ -v

* Expire in 0 ms for 6 (transfer 0x7fffd075a090)
* Expire in 1 ms for 1 (transfer 0x7fffd075a090)
* Expire in 0 ms for 1 (transfer 0x7fffd075a090)
* Expire in 2 ms for 1 (transfer 0x7fffd075a090)
* Expire in 1 ms for 1 (transfer 0x7fffd075a090)
* Expire in 1 ms for 1 (transfer 0x7fffd075a090)
* Expire in 4 ms for 1 (transfer 0x7fffd075a090)
* Expire in 4 ms for 1 (transfer 0x7fffd075a090)
* Expire in 4 ms for 1 (transfer 0x7fffd075a090)
* Expire in 5 ms for 1 (transfer 0x7fffd075a090)
*   Trying 51.91.7.35...
* TCP_NODELAY set
* Expire in 149990 ms for 3 (transfer 0x7fffd075a090)
* Expire in 200 ms for 4 (transfer 0x7fffd075a090)
* Connected to challenges.ecsc-teamfrance.fr (51.91.7.35) port 8000 (#0)
> GET / HTTP/1.1
> Host: challenges.ecsc-teamfrance.fr:8000
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 14 May 2019 11:42:19 GMT
< Server: Apache/2.4.25 (Debian)
< Content-Length: 35
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host challenges.ecsc-teamfrance.fr left intact
<b>Command arguments not found!</b>

curl -sD - -o /dev/null http://challenges.ecsc-teamfrance.fr:8000/

HTTP/1.1 200 OK
Date: Tue, 14 May 2019 11:43:50 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 35
Content-Type: text/html; charset=UTF-8

Pas grand chose de mieux en changeant la version de HTTP (1.0 et 2.0).

dirb http://challenges.ecsc-teamfrance.fr:8000/

-----------------
DIRB v2.22
By The Dark Raver
-----------------

START_TIME: Tue May 14 14:08:11 2019
URL_BASE: http://challenges.ecsc-teamfrance.fr:8000/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612

---- Scanning URL: http://challenges.ecsc-teamfrance.fr:8000/ ----
+ http://challenges.ecsc-teamfrance.fr:8000/index.php (CODE:200|SIZE:35)
+ http://challenges.ecsc-teamfrance.fr:8000/server-status (CODE:403|SIZE:319)

-----------------
END_TIME: Tue May 14 14:13:27 2019
DOWNLOADED: 4612 - FOUND: 2

Nous avons donc 2 URL identifiées :

• http://challenges.ecsc-teamfrance.fr:8000/index.php : page d'accueil
• http://challenges.ecsc-teamfrance.fr:8000/server-status : accès refusé (403)

nikto -h http://challenges.ecsc-teamfrance.fr:8000/

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          51.83.96.75
+ Target Hostname:    challenges.ecsc-teamfrance.fr
+ Target Port:        8000
+ Message:            Multiple IP addresses found: 51.83.96.75, 51.91.16.154, 51.91.7.35
+ Start Time:         2019-05-14 13:57:26 (GMT2)
---------------------------------------------------------------------------
+ Server: Apache/2.4.25 (Debian)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.4.25 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.


+ OSVDB-3233: /icons/README: Apache default file found.

+ 7865 requests: 0 error(s) and 6 item(s) reported on remote host
+ End Time:           2019-05-14 14:17:32 (GMT2) (1206 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

1 URL trouvée : http://challenges.ecsc-teamfrance.fr:8000/icons/README

Il y a la liste des icônes accessibles dans icons mais ce sont des gifs par défaut.

1 ancienne version d'Apache également à priori, mais ne s'agissant pas d'un challenge pwn ni misc je ne pense pas qu'il faille tenter d'exploiter une CVE.