$ nmap -sC -sV 10.10.11.15 Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 13:32 CST Nmap scan report for 10.10.11.15 Host is up (0.086s latency). Not shown: 997 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 b3:a8:f7:5d:60:e8:66:16:ca:92:f6:76:ba:b8:33:c2 (ECDSA) |_ 256 07:ef:11:a6:a0:7d:2b:4d:e8:68:79:1a:7b:a7:a9:cd (ED25519) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-title: Did not follow redirect to http://comprezzor.htb/ |_http-server-header: nginx/1.18.0 (Ubuntu) 6003/tcp filtered X11:3 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 42.01 seconds
from flask import Flask, request, redirect from blueprints.index.index import main_bp from blueprints.report.report import report_bp from blueprints.auth.auth import auth_bp from blueprints.dashboard.dashboard import dashboard_bp
if change_report_priority(report_id, priority_level): flash('Report priority level changed!', 'success') else: flash('Error occurred while trying to change the priority!', 'error')
return redirect(url_for('dashboard.dashboard'))
@dashboard_bp.route('/create_pdf_report', methods=['GET', 'POST']) @admin_required defcreate_pdf_report(): global pdf_report_ if request.method == 'POST': report_url = request.form.get('report_url') try: scheme = urlparse(report_url).scheme hostname = urlparse(report_url).netloc dissallowed_schemas = ["file", "ftp", "ftps"] if (scheme notin dissallowed_schemas) and ( (socket.gethostbyname(hostname.split(":")[0]) != '127.0.0.1') or (hostname in allowed_hostnames) ): print(scheme) urllib_request = urllib.request.Request( report_url, headers={ 'Cookie': 'user_data=eyJ1c2VyX2lkIjogMSwgInVzZXJuYW1lIjogImFkbWluIiwgInJvbGUiOiAiYWRtaW4ifXwzNDgyMjMzM2Q0NDRhZTBlNDAyMmY2Y2M2NzlhYzlkMjZkMWQxZDY4MmM1OWM2MWNmYmVhM' } ) response = urllib.request.urlopen(urllib_request) html_content = response.read().decode('utf-8') pdf_filename = f'{pdf_report_path}/report_{str(random.randint(10000,90000))}.pdf' pdfkit.from_string(html_content, pdf_filename) return send_file(pdf_filename, as_attachment=True) except Exception as e: flash('Unexpected error!', 'error') return render_template('dashboard/create_pdf_report.html') else: flash('Invalid URL', 'error') return render_template('dashboard/create_pdf_report.html') @dashboard_bp.route('/backup', methods=['GET']) @admin_required defbackup(): source_directory = os.path.abspath(os.path.dirname(__file__) + '../../../') current_datetime = datetime.now().strftime("%Y%m%d%H%M%S") backup_filename = f'app_backup_{current_datetime}.zip' with zipfile.ZipFile(backup_filename, 'w', zipfile.ZIP_DEFLATED) as zipf: for root, _, files in os.walk(source_directory): for file in files: file_path = os.path.join(root, file) arcname = os.path.relpath(file_path, source_directory) zipf.write(file_path, arcname=arcname) try: ftp = FTP('ftp.local') ftp.login(user='ftp_admin', passwd='u3jai8y71s2') ftp.cwd('/') with open(backup_filename, 'rb') as file: ftp.storbinary(f'STOR {backup_filename}', file) ftp.quit() os.remove(backup_filename) flash('Backup and upload completed successfully!', 'success') except Exception as e: flash(f'Error: {str(e)}', 'error') return redirect(url_for('dashboard.dashboard'))
intmain(int argc, char *argv[]){ if (argc < 2) { printf("Usage: %s [list|run playbook_number|install role_url] -a <auth_key>\n", argv[0]); return1; }
int auth_required = 0; char auth_key[128];
for (int i = 2; i < argc; i++) { if (strcmp(argv[i], "-a") == 0) { if (i + 1 < argc) { strncpy(auth_key, argv[i + 1], sizeof(auth_key)); auth_required = 1; break; } else { printf("Error: -a option requires an auth key.\n"); return1; } } }
if (!check_auth(auth_key)) { printf("Error: Authentication failed.\n"); return1; }
if (strcmp(argv[1], "list") == 0) { listPlaybooks(); } elseif (strcmp(argv[1], "run") == 0) { int playbookNumber = atoi(argv[2]); if (playbookNumber > 0) { DIR *dir = opendir(PLAYBOOK_LOCATION); if (dir == NULL) { perror("Failed to open the playbook directory"); return1; }
structdirent *entry; int currentPlaybookNumber = 1; char *playbookName = NULL;
while ((entry = readdir(dir)) != NULL) { if (entry->d_type == DT_REG && strstr(entry->d_name, ".yml") != NULL) { if (currentPlaybookNumber == playbookNumber) { playbookName = entry->d_name; break; } currentPlaybookNumber++; } }