primepult

Запрос "Распознать Онлайн"

POST /pultdumper HTTP/1.0
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------042721092950688
Content-Length: 1227
Host: api.prime-pult.ru
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)

----------042721092950688
Content-Disposition: form-data; name="v"

1
----------042721092950688
Content-Disposition: form-data; name="a"

analyze
----------042721092950688
Content-Disposition: form-data; name="d"

B456B656B654B150BC5FB8718F5CB66E947697739146AD719D7C9948A77A9B439B7D987D9F7B9B45AE4EAC77974AAB1B5E055C075A0158688766816787608562FC1EFE1CF826CF1BF328CD2AC52FC912ED33D432DD0AEA35DE04E106E602E300DA03EA01EC3AD904EF5D045F0259005B1E28CC2ECE28CD29C526C025C022C31C08DE3FE103E501E60ED430E905EE05D02FF21BCC2ECA2BC922C420F814FC16C61FC22597CA91C893C69DC4F412F214F00AEF08EE0EE80AEA02D833E704DD3BDF46A34A9E7FA441A74F9A70A9459077936A8D688D6EB75EB65E8760BA5BE9B0EB8ED58CD78ABA5ABA52B657B456B156BC48A3499272A94D967F997D997AAE479987638B5FBE64805AB356B754B151B56F96739441AF779223762D742F722970409F7D997F9F789E7B92759076964CA7708A50B553B256BF6B8358B358B463825CC81EFE1CF91DF918F22BC229CA1EF42DD6653C673A6138633600E507E401E603DD3EDE3AD83BDB07EF35D008E50EE70EF62FC811FC17FF28C418FC26C720C5223ADD39E20DE70FDA32E80DBFE2B9E0BBFEA5FCCC2ACA2DC825C625C527C124C01CC024FD1EC420C521C522F411CD277056699F781AD1C152
----------042721092950688
Content-Disposition: form-data; name="s"

71E8FBC9659FE875

----------042721092950688--
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Apr 2021 16:29:58 GMT
Content-Type: text/html
Content-Length: 53
Connection: keep-alive
X-Powered-By: PHP/5.3.3

GateTx 40B7B0 (static format)|Gate-Tx|GateTx 40B7B0||

Запрос "Синтезировать онлайн"

POST /pultdumper HTTP/1.0
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------042721094114657
Content-Length: 359
Host: api.prime-pult.ru
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)

----------042721094114657
Content-Disposition: form-data; name="v"

1
----------042721094114657
Content-Disposition: form-data; name="a"

synthesize
----------042721094114657
Content-Disposition: form-data; name="d"

PT 84A2D1
----------042721094114657
Content-Disposition: form-data; name="s"

3EEE75192A9966A5

----------042721094114657--
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 Apr 2021 16:41:22 GMT
Content-Type: text/html
Content-Length: 882
Connection: keep-alive
X-Powered-By: PHP/5.3.3

r=ED1EC734C132C330E516CF3CE112E310D526FF0CD122D320DD2EF704D92AF300E516E714C93AE310ED1EEF1CE91AC330F5451C471A4EDB28FD0EFF0CF90AD3208576AF5CA95A8370A5568F7C897A8B78BD4E9764B94A93609D6EB744996A9B68A556A754897AA313461D44108172AB58B546B744996AB34095669764B94A936045B647B441B26B984DBE679449BA4BB87D8E57A451A253A05DAE778459E9B0EB8EDA4FBC619263906D9E47B4699A43B05DAE778459AA73807D8E7F8C51A27B882DDE07F401F22BD80DFE0FFC09FA0BF83DCE17A7FAA1F8AC35C61FEC19EA1BE80DFE27D409FA0BF82DDE07F429DA2BD835C61FEC31C21BE83DCE3FCC11E23BC8C536C734C132EB18CD7D247F2276E310D526D724D122FB08DD2EF704F102DB28CD3EE714E112E310C536EF1CC132EB18F506DF2CF102F300FD0EFF0CD122FB4B6E356C38A95A83708D7E8F7CA1528B78BD4EBF4C9162BB489D6E9F6C996AB340A5568F7CA152A3508576AF5CA95AAB58B5469F6CB101580356029764B94ABB4845B66F9C41B26B9865964FBC61924BB855A657A4798A53A075865FAC59AA7380659667946192639045B66FDF82D980301629DF3949C2D01C

Nmap

Scanning 5 services on api.prime-pult.ru (37.48.125.78)
22/tcp    open  ssh      syn-ack OpenSSH 5.3 (protocol 2.0)
80/tcp    open  http     syn-ack nginx
443/tcp   open  ssl/http syn-ack nginx
2204/tcp  open  ssh      syn-ack OpenSSH 4.3 (protocol 2.0)
10000/tcp open  http     syn-ack MiniServ 1.860 (Webmin httpd)

Dir search

-

Target: http://api.prime-pult.ru/rc-code-calc/

[20:44:27] 200 -    4KB - /rc-code-calc/index.php
[20:44:27] 200 -    4KB - /rc-code-calc/index.php/login/

_

Target: http://api.prime-pult.ru/


[20:40:41] Starting:
[20:40:42] 403 -  280B  - /.ht_wsr.txt
[20:40:42] 403 -  283B  - /.htaccess.bak1
[20:40:42] 403 -  283B  - /.htaccess.orig
[20:40:42] 403 -  283B  - /.htaccess_orig
[20:40:42] 403 -  281B  - /.htaccessBAK
[20:40:42] 403 -  284B  - /.htaccess_extra
[20:40:42] 403 -  285B  - /.htaccess.sample
[20:40:42] 403 -  281B  - /.htaccessOLD
[20:40:42] 403 -  281B  - /.htaccess_sc
[20:40:42] 403 -  282B  - /.htaccessOLD2
[20:40:42] 403 -  283B  - /.htaccess.save
[20:40:42] 403 -  273B  - /.htm
[20:40:42] 403 -  274B  - /.html
[20:40:42] 403 -  280B  - /.httr-oauth
[20:40:42] 403 -  279B  - /.htpasswds
[20:40:42] 403 -  283B  - /.htpasswd_test
[20:40:43] 412 -  584B  - /.mweval_history
[20:40:43] 412 -  584B  - /.selected_editor
[20:40:46] 200 -    0B  - /_index.php
[20:40:52] 403 -  277B  - /cgi-bin/
[20:40:53] 412 -  584B  - /dashboard/phpinfo.php
[20:40:54] 403 -  275B  - /error/
[20:40:56] 412 -  584B  - /lib/phpunit/src/Util/PHP/eval-stdin.php
[20:40:56] 412 -  584B  - /lib/phpunit/Util/PHP/eval-stdin.php
[20:40:56] 412 -  584B  - /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[20:40:56] 412 -  584B  - /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
[20:40:56] 412 -  584B  - /linusadmin-phpinfo.php
[20:40:57] 412 -  584B  - /msadc/Samples/selector/showcode.asp
[20:40:58] 412 -  584B  - /phpinfo.php3
[20:40:58] 412 -  584B  - /phpinfo
[20:40:58] 412 -  584B  - /phpinfo.php5
[20:40:58] 412 -  584B  - /phpinfo.php
[20:40:58] 412 -  584B  - /phpinfos.php
[20:40:58] 412 -  584B  - /phpinfo.php4
[20:40:59] 412 -  584B  - /phpunit/phpunit/src/Util/PHP/eval-stdin.php
[20:40:59] 412 -  584B  - /phpunit/src/Util/PHP/eval-stdin.php
[20:40:59] 412 -  584B  - /phpunit/phpunit/Util/PHP/eval-stdin.php
[20:40:59] 412 -  584B  - /phpunit/Util/PHP/eval-stdin.php
[20:41:02] 412 -  584B  - /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[20:41:02] 412 -  584B  - /vendor/phpunit/src/Util/PHP/eval-stdin.php
[20:41:02] 412 -  584B  - /vendor/phpunit/Util/PHP/eval-stdin.php
[20:41:02] 412 -  584B  - /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
Target: https://prime-pult.ru/

[20:56:33] Starting:
[20:56:41] 403 -  276B  - /.ht_wsr.txt
[20:56:41] 403 -  279B  - /.htaccess.bak1
[20:56:41] 403 -  279B  - /.htaccess.orig
[20:56:41] 403 -  279B  - /.htaccess.save
[20:56:41] 403 -  281B  - /.htaccess.sample
[20:56:41] 403 -  277B  - /.htaccessBAK
[20:56:41] 403 -  269B  - /.htm
[20:56:41] 403 -  277B  - /.htaccess_sc
[20:56:41] 403 -  279B  - /.htpasswd_test
[20:56:43] 403 -  280B  - /.htaccess_extra
[20:56:43] 403 -  276B  - /.httr-oauth
[20:56:43] 403 -  279B  - /.htaccess_orig
[20:56:43] 403 -  270B  - /.html
[20:56:43] 403 -  275B  - /.htpasswds
[20:56:43] 403 -  277B  - /.htaccessOLD
[20:56:43] 403 -  278B  - /.htaccessOLD2
[20:57:12] 301 -  298B  - /admin  ->  http://prime-pult.ru/admin/
[20:57:14] 403 -  280B  - /admin/.htaccess
[20:57:14] 200 -    3KB - /admin/?/login
[20:57:14] 200 -    3KB - /admin/
[20:57:15] 200 -    0B  - /admin/config.php
[20:57:15] 200 -    3KB - /admin/index.php
[20:57:42] 301 -  300B  - /catalog  ->  http://prime-pult.ru/catalog/
[20:57:42] 403 -  273B  - /cgi-bin/
[20:57:46] 200 -    0B  - /config.php
[20:57:59] 403 -  271B  - /error/
[20:58:07] 301 -  298B  - /image  ->  http://prime-pult.ru/image/
[20:58:09] 200 -   54KB - /index.php
[20:58:09] 200 -   54KB - /index.php/login/
[20:58:28] 200 -  435B  - /php.ini
[20:58:38] 200 -    1KB - /robots.txt
[20:58:48] 403 -  272B  - /system/
[20:58:48] 403 -  281B  - /system/error.txt
[20:58:48] 403 -  280B  - /system/storage/
[20:58:48] 301 -  299B  - /system  ->  http://prime-pult.ru/system/

Webmin

https://37.48.125.78:10000/

Password changing is not enabled!

https://medium.com/@knownsec404team/backdoor-exploration-of-webmin-remote-code-execution-vulnerabilities-cve-2019-15107-55234c0bd486

Сайты на одном ip

http://www.sabrinavi.ru

http://api.prime-pult.ru/rc-code-calc/