After you deploy a Ceph cluster, you will probably need to perform several modifications to it occasionally. These include adding or removing new nodes, disks, or services. This chapter describes how you can achieve these administration tasks.
Quickly joined and there's a lot of challenges, but this unsolved easy php called our attention. I doubt it was easy, several hours of CTF had already passed and it remained unsolved.
Challenge details Not racing, just enjoying the slow pace of life: There's a login page, If you try to log in with any credential you will receive the code error message. Ok, they are leaking this sentence Code substr md5?
And this 5 bytes changes on every refresh. You need to solve a Proof-Of-Work, send the result with the login request. I believe they did this to minimize brute-force abuse. Very common in CTF challenges. So, I leave this aside and continued my enumeration Source code leaking By brute-forcing common filenames and directories we was able to leak the entire source code of the web application: Not much found, just confirmed the user are running apache2, cmdline, some log paths that we do not have permission to access and Linux header Linux dfa 3.
This code is stored in session cookie we leak the content but cannot control it yet. If the system return the Invalid user name means that we have sent the correct code. MD5 first 5 bytes hash collision generator We quickly wrote this code to get a valid collision.
Browsing the web application features, we can publish some content. As you can see, this flag enables the file sending option, a good way to get our RCE. Now we have more information stored on the cookie file, but only username I can control. And this is properly filtered.
This check is blocking invalid usernames. We cannot create a new user with some code on it. The queries are very simple and the Db controller are not properly filtering this. But the code are.
Sometimes it is converting the type to int before sending to query.Mike March 16, at This post was great! I have several simple apps on an https connection and got a certificate from Namecheap. I have a larger app that is running on another EC2 server with just shiny server installed, no apache, all is working.
This document can be used for Owncloud Ver 8 and Ubuntu Server If you are running owncloud and have it facing the public internet, you should really be enforcing https communication. Administration Guide.
The guide describes various administration tasks that are typically performed after the installation. The guide also introduces steps to integrate Ceph with virtualization solutions such as libvirt, Xen, or KVM, and ways to access objects stored in the cluster via iSCSI and RADOS gateways..
Book “Deployment Guide”. PHP Best Practices A short, practical guide for common and confusing PHP tasks. Last revised & maintainers; Introduction; What PHP version are we using?
Stack Exchange Network. Stack Exchange network consists of Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.. Visit Stack Exchange. A step-by-step guide to creating your own cloud server with NextCloud, potentially saving money and boosting security.