PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 9d:db:a2:46:55:7b:55:67:e3:21:c6:73:62:8c:f8:36 (RSA) | 256 7f:b7:da:42:ca:47:1e:86:56:65:83:e0:4f:c7:c4:b6 (ECDSA) |_ 256 4b:4c:5b:e7:75:dd:cb:46:41:a6:51:44:5e:47:2b:bd (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Apache2 Ubuntu Default Page: It works |_http-server-header: Apache/2.4.41 (Ubuntu) 8000/tcp open http Python http.server 3.5 - 3.10 |_http-title: VOIP Solutions |_http-server-header: VOIP Server 8080/tcp open http Python http.server 3.5 - 3.10 |_http-title: 404 Not Found |_http-server-header: Internal Server MAC Address: 00:0C:29:9F:D0:20 (VMware) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 4.X|5.X OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 OS details: Linux 4.15 - 5.19, OpenWrt 21.02 (Linux 5.4) Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
<script src="/static/js/login.js"></script> <script> // Get the modal var modal = document.getElementById('id01');
// When the user clicks anywhere outside of the modal, close it
</script>
跟过去看看 login.js
1 2 3 4 5 6
/****************************************** User Login /****************************************** */
var delog = atob('dmFyIF8weGI1YzM9WyJceDZBXHg2OVx4NkVceDZEXHg2Rlx4NzJceDY5IiwiXHg1NFx4NjhceDY1XHgyMFx4NzFceDc1XHg2OVx4NjNceDZCXHgyMFx4NjJceDcyXHg2Rlx4NzdceDZFXHgyMFx4NjZceDZGXHg3OFx4MjBceDZBXHg3NVx4NkRceDcwXHg3M1x4MjBceDZGXHg3Nlx4NjVceDcyXHgyMFx4NzRceDY4XHg2NVx4MjBceDZDXHg2MVx4N0FceDc5XHgyMFx4NjRceDZGXHg2NyIsIlx4NjNceDY4XHg2MVx4NzJceDQzXHg2Rlx4NjRceDY1XHg0MVx4NzQiLCJceDY2XHg3Mlx4NkZceDZEXHg0M1x4NjhceDYxXHg3Mlx4NDNceDZGXHg2NFx4NjUiXTt2YXIgdT1fMHhiNWMzWzBdO3ZhciBzdHJpbmc9XzB4YjVjM1sxXTt2YXIgYT1zdHJpbmdbXzB4YjVjM1syXV0oMCk7dmFyIGI9c3RyaW5nW18weGI1YzNbMl1dKDM2KTt2YXIgYz1zdHJpbmdbXzB4YjVjM1syXV0oMik7dmFyIGQ9c3RyaW5nW18weGI1YzNbMl1dKDgpO3ZhciBlPXN0cmluZ1tfMHhiNWMzWzJdXSgxMyk7dmFyIGY9c3RyaW5nW18weGI1YzNbMl1dKDEyKTt2YXIgZz1zdHJpbmdbXzB4YjVjM1syXV0oMTQpO3ZhciBoPXN0cmluZ1tfMHhiNWMzWzJdXSg0MCk7dmFyIGk9c3RyaW5nW18weGI1YzNbMl1dKDEyKTt2YXIgcD1TdHJpbmdbXzB4YjVjM1szXV0oYSxiLGMsZCxlLGYsZyxoLGkp')
看上去是加密了 但是hash-identifier认不出来
问问ai, atob函数是base64解密用的 本地解密:
1 2 3 4 5 6 7 8 9 10 11 12 13
var _0xb5c3=["\x6A\x69\x6E\x6D\x6F\x72\x69","\x54\x68\x65\x20\x71\x75\x69\x63\x6B\x20\x62\x72\x6F\x77\x6E\x20\x66\x6F\x78\x20\x6A\x75\x6D\x70\x73\x20\x6F\x76\x65\x72\x20\x74\x68\x65\x20\x6C\x61\x7A\x79\x20\x64\x6F\x67","\x63\x68\x61\x72\x43\x6F\x64\x65\x41\x74","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65"]; var u=_0xb5c3[0]; var string=_0xb5c3[1]; var a=string[_0xb5c3[2]](0); var b=string[_0xb5c3[2]](36); var c=string[_0xb5c3[2]](2); var d=string[_0xb5c3[2]](8); var e=string[_0xb5c3[2]](13); var f=string[_0xb5c3[2]](12); var g=string[_0xb5c3[2]](14); var h=string[_0xb5c3[2]](40); var i=string[_0xb5c3[2]](12); var p=String[_0xb5c3[3]](a,b,c,d,e,f,g,h,i)
console.log()
1 2 3
console.log(_0xb5c3)
console.log(p);
给出了一个提示信息
1 2 3
> Array ["jinmori", "The quick brown fox jumps over the lazy dog", "charCodeAt", "fromCharCode"]
Security Issue Warning: The installation assistant file: cmsms-2.2.9-install.php still exists in the root directory. As this could potentially be a security vulnerability, please delete it.