Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Interpret it!
Search
Bo0oM
August 15, 2020
Research
0
1.2k
Interpret it!
Let's look at the source code that wasn't interpriposed.
Bo0oM
August 15, 2020
Tweet
Share
More Decks by Bo0oM
See All by Bo0oM
Носок на сок
bo0om
0
1.8k
Выйди и зайди нормально
bo0om
0
74
Защита от вредоносной автоматизации сегодня
bo0om
0
580
Defending against automatization using nginx
bo0om
0
830
Antibot pitch deck
bo0om
0
150
31337
bo0om
0
180
Your back is white
bo0om
0
360
FTP2RCE
bo0om
1
7.5k
At Home Among Strangers
bo0om
1
3.9k
Other Decks in Research
See All in Research
SSII2025 [SS2] 横浜DeNAベイスターズの躍進を支えたAIプロダクト
ssii
PRO
7
4k
【輪講資料】Moshi: a speech-text foundation model for real-time dialogue
hpprc
3
640
【緊急警告】日本の未来設計図 ~沈没か、再生か。国民と断行するラストチャンス~
yuutakasan
0
150
投資戦略202508
pw
0
540
カスタマーサクセスの視点からAWS Summitの展示を考える~製品開発で活用できる勘所~
masakiokuda
2
190
SNLP2025:Can Language Models Reason about Individualistic Human Values and Preferences?
yukizenimoto
0
120
言語モデルの地図:確率分布と情報幾何による類似性の可視化
shimosan
5
1.4k
MetaEarth: A Generative Foundation Model for Global-Scale Remote Sensing Image Generation
satai
4
180
機械学習と数理最適化の融合 (MOAI) による革新
mickey_kubo
0
290
2025年度人工知能学会全国大会チュートリアル講演「深層基盤モデルの数理」
taiji_suzuki
25
18k
AIグラフィックデザインの進化:断片から統合(One Piece)へ / From Fragment to One Piece: A Survey on AI-Driven Graphic Design
shunk031
0
420
近似動的計画入門
mickey_kubo
4
1k
Featured
See All Featured
Raft: Consensus for Rubyists
vanstee
140
7.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
13k
Practical Orchestrator
shlominoach
190
11k
The Cost Of JavaScript in 2023
addyosmani
53
8.9k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Designing Experiences People Love
moore
142
24k
How to Think Like a Performance Engineer
csswizardry
26
1.9k
Building Applications with DynamoDB
mza
96
6.6k
It's Worth the Effort
3n
187
28k
Transcript
How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch> …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn