Research Institute
  • [ 오픈소스 컨트리뷰션 양성 과정/Project Discovery ]
    Nuclei Templates 연습문제 - level 1
    2024년 05월 08일 06시 30분 28초에 업로드 된 글입니다.
    작성자: IIIIIIIIIIIIIIIIIIIIl

    아래 문제 내용에서 취약점 원인을 찾고 Nuclei Templates을 작성하시오.

    문제 내용

    import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.util.HashMap;
import java.util.Map;


import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;

public class XLevel1Classic {

    public static void main(String[] args) throws Exception {
        HttpServer server = HttpServer.create(new InetSocketAddress(1337), 0);
        server.createContext("/", new WebHandler());
        server.setExecutor(null);
        server.start();
        System.out.println("Server started on port 1337.");
    }

    static class WebHandler implements HttpHandler {
        @Override
        public void handle(HttpExchange t) throws IOException {
            Map<String, String> param = queryToMap(t.getRequestURI().getQuery());

            if (param == null || !param.containsKey("q")) {
		        String response = "<h1>Hello World</h1>";
		        t.sendResponseHeaders(200, response.length());
		        OutputStream os = t.getResponseBody();
		        os.write(response.getBytes());
		        os.close();
            } else {
		        String response = String.format("<h1>%s</h1>", param.get("q"));
		        t.sendResponseHeaders(200, response.length());
		        OutputStream os = t.getResponseBody();
		        os.write(response.getBytes());
		        os.close();
            }
        }

        public Map<String, String> queryToMap(String query) {
            if(query == null) {
                return new HashMap<>();
            }
            Map<String, String> result = new HashMap<>();
            for (String param : query.split("&")) {
                String[] entry = param.split("=");
                if (entry.length > 1) {
                    result.put(entry[0], entry[1]);
                }else{
                    result.put(entry[0], "");
                }
            }
            return result;
        }
    }
}

    환경 구축하기

    • docker-compose.yml:
    version: '3.8'
services:
    java:
        container_name: vsnippet-x-level1-classic
        build:
            context: .
            dockerfile: Dockerfile
        ports:
            - 1337:1337
    • Dockerfile
    FROM openjdk:11

#Install and update system dependencies
RUN apt update -y; apt install -y supervisor

#Prepare and setup the working directory
RUN mkdir -p /app

WORKDIR /app

COPY vsnippet .
COPY config/supervisord.conf /etc/supervisord.conf

EXPOSE 1337

ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ]
    • supervisord.conf
    [supervisord]
user=root
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid

[program:java]
command=java /app/x-level1-classic.java
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0

     

    '오픈소스 컨트리뷰션 양성 과정 > Project Discovery' 카테고리의 다른 글

    Nuclei Templates 실전문제 - CVE-2023-30258  (0) 2024.05.11
    Nuclei Templates 연습문제 - level 2  (0) 2024.05.08
    Nuclei Templates 구조 이해하기  (0) 2024.05.07
    Project Discovery 도구 소개 및 실습하기 - Katana  (0) 2024.05.07
    Project Discovery 도구 소개 및 실습하기 - Nuclei  (0) 2024.05.06
      댓글

    티스토리툴바