New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flag读取优化 #352

Open

yanbochen97 opened this issue Jan 15, 2024 · 0 comments

Labels

yanbochen97 commented Jan 15, 2024

请简单描述一下需要改进/新增功能：
目前flag 写入实现的代码：
vulfocus-api/tasks/tasks.py

container_flag = "flag-{bmh%s}" % (uuid.uuid4(),)
···
command = 'touch /tmp/%s' % (container_flag,)
execute_result = docker_container_run(docker_container, command)

是通过touch 在/tmp下创建一个文件，文件名为flag-{xxx}，在一些任意文件读取漏洞靶场，如 “elasticsearch 目录遍历（CVE-2015-5531）”，不能正常读取flag。
描述你想要的解决方案：
可以考虑将command 命令修改为:

f'bash -c "echo {container_flag} > /tmp/flag && touch /tmp/{container_flag}"'

在/tmp 下同时再创建一个flag文件，向其中写入key,使得这些靶场能正确读取flag，
补充内容：
预计修改vulfocus-api/tasks/tasks.py两处位置即可实现：
修改后可以正常读取flag

yanbochen97 added the enhancement label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment