NASA hw12 sec - HackMD

# NASA hw12 sec ## 1. 好想吃摩斯漢堡 (Cryptography) (27 points) ### a Audacity 摩斯密碼為 `.. .-- .- -. - -- --- ... -... ..- .-. --. . .-.` 翻譯成英文是 IWANTMOSBURGER ![image](https://hackmd.io/_uploads/rJzqXdCmR.png) #### flag HW12{IWANTMOSBURGER} ### b 原文 `uj12{zbf_ohetre_vf_gur_orfg}` 凱薩密碼 ``` ↑↓ ↑↓ 🠞13 (🠜13) hw12{mos_burger_is_the_best} 🠞3 (🠜23) rg12{wyc_lebqob_sc_dro_locd} 🠞17 (🠜9) ds12{iko_xqncan_eo_pda_xaop} 🠞2 (🠜24) sh12{xzd_mfcrpc_td_esp_mpde} 🠞19 (🠜7) bq12{gim_volayl_cm_nby_vymn} 🠞1 (🠜25) ti12{yae_ngdsqd_ue_ftq_nqef} 🠞16 (🠜10) et12{jlp_yrodbo_fp_qeb_ybpq} 🠞25 (🠜1) vk12{acg_pifusf_wg_hvs_psgh} 🠞6 (🠜20) od12{tvz_ibynly_pz_aol_ilza} 🠞14 (🠜12) gv12{lnr_atqfdq_hr_sgd_adrs} 🠞23 (🠜3) xm12{cei_rkhwuh_yi_jxu_ruij} 🠞12 (🠜14) ix12{npt_cvshfs_jt_uif_cftu} 🠞20 (🠜6) ap12{fhl_unkzxk_bl_max_uxlm} 🠞9 (🠜17) la12{qsw_fyvkiv_mw_xli_fiwx} 🠞5 (🠜21) pe12{uwa_jczomz_qa_bpm_jmab} 🠞22 (🠜4) yn12{dfj_slixvi_zj_kyv_svjk} 🠞10 (🠜16) kz12{prv_exujhu_lv_wkh_ehvw} 🠞11 (🠜15) jy12{oqu_dwtigt_ku_vjg_dguv} 🠞7 (🠜19) nc12{suy_haxmkx_oy_znk_hkyz} 🠞18 (🠜8) cr12{hjn_wpmbzm_dn_ocz_wzno} 🠞4 (🠜22) qf12{vxb_kdapna_rb_cqn_knbc} 🠞15 (🠜11) fu12{kmq_zspecp_gq_rfc_zcqr} 🠞21 (🠜5) zo12{egk_tmjywj_ak_lzw_twkl} 🠞24 (🠜2) wl12{bdh_qjgvtg_xh_iwt_qthi} 🠞8 (🠜18) mb12{rtx_gzwljw_nx_ymj_gjxy} #25 ``` 🠞13 (🠜13) hw12{mos_burger_is_the_best} ![image](https://hackmd.io/_uploads/Hk8vNOAmR.png) #### flag hw12{mos_burger_is_the_best} ### c vigenère cipher key: mosburger ``` Lately, I've been craving some MOS BURGER, and I notice you want some MOS BURGER too. If it's not too much trouble, would you be able to pick up some of their delicious burgers for me? I trust your taste, so feel free to choose whichever flavors you think I'd like. Looking forward to catching up and enjoying a great meal together soon. Let me know if I can treat you to something in return! HW12{blaise_wants_MOS_BURGER_too} IXGNCQMNL ``` ![image](https://hackmd.io/_uploads/H1kPSdAXR.png) #### flag HW12{blaise_wants_MOS_BURGER_too} ### d 原文，這像是一封信 ``` Jgmh Dmovgj Wvsqzaghs, F lzkg qlfs agssmtg rfxjs yzv ugoo. F ma uhfqfxt qz mjjhgss mx vxrzhqvxmqg fxwfjgxq qlmq zwwvhhgj mq zvh AZS NVHTGH ozwmqfzx hgwgxqoy. Fq lms wzag qz zvh mqqgxqfzx qlmq qlg rhzxq jzzh zr zvh hgsqmvhmxq ums nhzigx, hgsvoqfxt fx fxwzxdgxfgxwg qz amxy zr yzv, zvh ozymo wvsqzaghs. Kogmsg mwwgkq ay sfxwghgsq mkzoztfgs rzh mxy jfshvkqfzx qlfs amy lmdg wmvsgj. Mq AZS NVHTGH, ug qmig thgmq khfjg fx khzdfjfxt mx gewgoogxq jfxfxt gekghfgxwg rzh gdghyzxg ulz umois qlhzvtl zvh jzzhs. F vxjghsqmxj lzu gssgxqfmo m sgmaogss gxqhmxwg mxj gefq mhg, mxj fq's qhvoy hgthgqqmnog qlmq qlg jmamtgj rhzxq jzzh mrrgwqgj yzvh mnfofqy qz gxqgh zvh gsqmnofslagxq wzarzhqmnoy. Ug hgwztxfpg qlmq qlfs fssvg lms nggx jfsmkkzfxqfxt, mxj ug'hg wzaafqqgj qz gxsvhfxt qlmq yzvh rvqvhg dfsfqs mhg qhzvnog-rhgg. Qlg smrgqy mxj wzarzhq zr zvh wvsqzaghs mhg zr kmhmazvxq fakzhqmxwg qz vs. Qz mjjhgss qlfs fssvg khzakqoy, ug'dg mhhmxtgj rzh m khzrgssfzxmo hgkmfh qgma qz rfe qlg jzzh, mxj ug'hg gxlmxwfxt zvh hgtvomh amfxqgxmxwg khzwgjvhgs qz khgdgxq sfafomh fxwfjgxqs. Zvh sqmrr ufoo mosz ng zx lmxj qz khzdfjg mssfsqmxwg ms xggjgj vxqfo qlg hgkmfhs mhg wzakogqg. Wvsqzaghs wmx wzag qlhzvtl qlg sfjg jzzh sz ms qz gxqgh AZS NVHTGH Ug jggkoy mkkhgwfmqg yzvh kmqfgxwg mxj vxjghsqmxjfxt ulfog ug hgszodg qlfs fssvg. Yzvh wzxqfxvgj svkkzhq agmxs qlg uzhoj qz vs, mxj ug'hg qhvoy thmqgrvo rzh qlg qhvsq yzv komwg fx vs ulgx wlzzsfxt AZS NVHTGH rzh yzvh jfxfxt xggjs. Fr yzv lmdg mxy wzxwghxs, cvgsqfzxs, zh rggjnmwi, kogmsg rggo rhgg qz hgmwl zvq qz ag jfhgwqoy zh skgmi ufql mxy agangh zr zvh qgma. Ms m tgsqvhg zr tzzjufoo, ug'j ofig qz zrrgh m 10% jfswzvxq zx yzvh xgeq agmo ufql vs. qlg jfswzvxq wzjg fs LU12{qlg_nhzigx_rhzxq_jzzh_zr_AZS} Sfakoy khgsgxq qlfs ogqqgh qz zvh sqmrr jvhfxt yzvh xgeq dfsfq, mxj ug'oo ng lmkky qz mkkoy qlg jfswzvxq. Qlmxi yzv zxwg mtmfx rzh yzvh vxjghsqmxjfxt, mxj ug ozzi rzhumhj qz ugowzafxt yzv nmwi qz m rvooy zkghmqfzxmo mxj fakhzdgj AZS NVHTGH gekghfgxwg dghy szzx. Umha hgtmhjs, mhwlgh wlgx Amxmtgh, AZS NVHTGH ``` 使用Substitution cipher breaker Key to decrypt the message `MJQVXIERKDPHABLZTFSGWUCNYO` Key used to encrypt the message `MNWJGRTLFBIOAXZKCHSQVDUEYP` Decrypted text: ``` DEAR VALUED CUSTOMERS, I HOPE THIS MESSAGE FINDS YOU WELL. I AM WRITING TO ADDRESS AN UNFORTUNATE INCIDENT THAT OCCURRED AT OUR MOS BURGER LOCATION RECENTLY. IT HAS COME TO OUR ATTENTION THAT THE FRONT DOOR OF OUR RESTAURANT WAS BROKEN, RESULTING IN INCONVENIENCE TO MANY OF YOU, OUR LOYAL CUSTOMERS. PLEASE ACCEPT MY SINCEREST APOLOGIES FOR ANY DISRUPTION THIS MAY HAVE CAUSED. AT MOS BURGER, WE TAKE GREAT PRIDE IN PROVIDING AN EXCELLENT DINING EXPERIENCE FOR EVERYONE WHO WALKS THROUGH OUR DOORS. I UNDERSTAND HOW ESSENTIAL A SEAMLESS ENTRANCE AND EXIT ARE, AND IT'S TRULY REGRETTABLE THAT THE DAMAGED FRONT DOOR AFFECTED YOUR ABILITY TO ENTER OUR ESTABLISHMENT COMFORTABLY. WE RECOGNIZE THAT THIS ISSUE HAS BEEN DISAPPOINTING, AND WE'RE COMMITTED TO ENSURING THAT YOUR FUTURE VISITS ARE TROUBLE-FREE. THE SAFETY AND COMFORT OF OUR CUSTOMERS ARE OF PARAMOUNT IMPORTANCE TO US. TO ADDRESS THIS ISSUE PROMPTLY, WE'VE ARRANGED FOR A PROFESSIONAL REPAIR TEAM TO FIX THE DOOR, AND WE'RE ENHANCING OUR REGULAR MAINTENANCE PROCEDURES TO PREVENT SIMILAR INCIDENTS. OUR STAFF WILL ALSO BE ON HAND TO PROVIDE ASSISTANCE AS NEEDED UNTIL THE REPAIRS ARE COMPLETE. CUSTOMERS CAN COME THROUGH THE SIDE DOOR SO AS TO ENTER MOS BURGER WE DEEPLY APPRECIATE YOUR PATIENCE AND UNDERSTANDING WHILE WE RESOLVE THIS ISSUE. YOUR CONTINUED SUPPORT MEANS THE WORLD TO US, AND WE'RE TRULY GRATEFUL FOR THE TRUST YOU PLACE IN US WHEN CHOOSING MOS BURGER FOR YOUR DINING NEEDS. IF YOU HAVE ANY CONCERNS, QUESTIONS, OR FEEDBACK, PLEASE FEEL FREE TO REACH OUT TO ME DIRECTLY OR SPEAK WITH ANY MEMBER OF OUR TEAM. AS A GESTURE OF GOODWILL, WE'D LIKE TO OFFER A 10% DISCOUNT ON YOUR NEXT MEAL WITH US. THE DISCOUNT CODE IS HW12{THE_BROKEN_FRONT_DOOR_OF_MOS} SIMPLY PRESENT THIS LETTER TO OUR STAFF DURING YOUR NEXT VISIT, AND WE'LL BE HAPPY TO APPLY THE DISCOUNT. THANK YOU ONCE AGAIN FOR YOUR UNDERSTANDING, AND WE LOOK FORWARD TO WELCOMING YOU BACK TO A FULLY OPERATIONAL AND IMPROVED MOS BURGER EXPERIENCE VERY SOON. WARM REGARDS, ARCHER CHEN MANAGER, MOS BURGER ``` https://planetcalc.com/8047/ ![image](https://hackmd.io/_uploads/r12fFdCmC.png) #### flag HW12{THE_BROKEN_FRONT_DOOR_OF_MOS} ### e 隱寫術這兩個都是1-bit grayscale的圖片使用xor顯示 ``` $ file *A.png english-menu_A.png: PNG image data, 4960 x 3508, 1-bit grayscale, non-interlaced $ file *B.png english-menu_B.png: PNG image data, 4960 x 3508, 1-bit grayscale, non-interlaced ``` ```python from PIL import Image import numpy as np def xor_images(image_path1, image_path2, output_path): img1 = Image.open(image_path1).convert('1') img2 = Image.open(image_path2).convert('1') assert img1.size == img2.size, "size must same" arr1 = np.array(img1) arr2 = np.array(img2) result_arr = np.bitwise_xor(arr1, arr2) result_img = Image.fromarray(result_arr.astype('uint8') * 255) result_img.save(output_path) return result_img result = xor_images('english-menu_A.png', 'english-menu_B.png', 'output_image.png') result.show() ``` ![image](https://hackmd.io/_uploads/ByY3kqbHC.png) ### flag > HW12{the_menu_of_MOS_BURGER} ref https://ithelp.ithome.com.tw/m/articles/10323318 https://georgeom.net/StegOnline/checklist ## 2. DNS Security ### (a) DNS Spoofing **What is DNS Spoofing?** DNS Spoofing occurs when an attacker injects false DNS responses into a DNS cache server, causing the server to return incorrect IP addresses during the cache period. **How it Affects DNS Services** - User data can be stolen, such as account credentials. - Users may download malicious software, leading to computer infections. - Economic loss or reputational damage to domain owners. ### (b) DNSSEC **Principle of DNSSEC** DNSSEC allows domain registrants to digitally sign the relevant information of their domain. This ensures that DNS data is signed and validated, preventing unauthorized changes and enhancing overall DNS infrastructure security. **How to Prevent DNS Spoofing** - DNSSEC ensures that only authorized DNS data is signed and verified. - Attackers cannot easily forge signatures, preventing the injection of false DNS data. - Enhances overall DNS infrastructure security to prevent unauthorized changes. ### (c) DNS Cache Poisoning **What is DNS Cache Poisoning?** DNS Cache Poisoning refers to attackers injecting false DNS responses into a DNS cache server, leading the server to return erroneous IP addresses during the cache period. **How it Affects DNS Services** - Users may be redirected to malicious websites. - Can cause widespread network security issues as poisoned cache servers can affect multiple users. - Increases network traffic and load, affecting service quality. ### (d) NXDOMAIN **What is NXDOMAIN Attack?** NXDOMAIN attack is a type of Denial of Service (DoS) attack where attackers flood DNS servers with requests for non-existent domain names, depleting server resources. **How it Affects DNS Services** - Increases the burden on DNS servers, impacting the efficiency of normal queries. - Legitimate DNS queries may be delayed or denied, affecting network service availability. ### (e) How to Prevent DNS Attacks - Enable DNSSEC to ensure all DNS queries and responses are digitally signed and verified. - Set query rate limits to prevent attacks like NXDOMAIN attacks involving massive queries. - Monitor and log DNS query traffic in real-time to detect anomalies promptly. - Regularly clean and refresh caches to prevent the impact of cache poisoning. - Update software and apply security patches to ensure DNS server software and operating systems are up to date, patching known vulnerabilities. ## 3. CIA Triad & Threat Modeling ### (a) CIA Cases **Real-life Cybersecurity Incidents Violating CIA** | Cybersecurity Incident | CIA Violated | Reason | |----------------------------|-------------------------|---------------------------------------------------------------| | Taiwan (Yilan County) Data Leak | Confidentiality (Confidentiality) | Hackers breached Yahoo's system, stealing users' personal information, including names, email addresses, phone numbers, birthdays, and passwords. | | WannaCry Ransomware | Availability (Availability) | Ransomware encrypted victims' files, making data inaccessible. | ### (b) Personal Laptop **System:** Personal Laptop **Security Requirement:** Only authorized users can access **Assumptions:** - Laptop has regular OS updates - Physical environment of the laptop is secure - User has set a strong password - Laptop has firewall and antivirus software enabled **Threat Model and Countermeasure:** - Attempted password guessing or brute force entry: Enable two-factor authentication to add an additional security layer. - USB device infection: Disable autorun for unknown USB devices, limit USB port usage, or require user authentication before access. ### (c) SMS Real-name System **System:** SMS Real-name System **Security Requirement:** All users must scan and send SMS under their real identity **Assumptions:** - All participants have legitimate phone numbers - SMS service provider's service is stable and reliable - Real-name system's scanning system can correctly identify each user - Users will correctly scan QR codes and send SMS **Threat Model and Countermeasure:** - Impersonation during scanning: Bind identity verification with phone numbers and use two-factor authentication for identity confirmation. - SMS server subjected to DDoS attacks: Deploy firewall and DDoS protection mechanisms to ensure system functionality under attack. ### (d) NASA Online Final Exam **System:** NASA Online Final Exam **Security Requirement:** During the exam, no communication with non-teammates is allowed in any way **Assumptions:** - All examinees have undergone identity verification before the exam begins. - Examinees cannot use external communication tools during the exam. - Devices used by examinees have installed and activated monitoring software. - The exam platform can monitor and record all activities in real-time. **Threat Model and Countermeasure:** - Use of social media or other communication tools: Monitor traffic, lock ports, and conduct on-site invigilation. - Use of multiple devices for communication or data retrieval: During the exam, enforce restrictions on the exam platform to allow only one authenticated device per examinee and enable monitoring of all network traffic. - Cheating using home or off-site devices: Mandate examinees to take the exam in designated environments and use monitoring cameras to supervise the exam environment to prevent unauthorized device entry. - Cheating using physical handwritten notes or paper materials: Require examinees to display their desktops and surroundings before the exam starts to ensure no unauthorized materials and conduct random checks regularly. - Communication with non-teammates through shared files for communication or answer sharing: Restrict document sharing features on the exam platform during the exam and use DLP to monitor and prevent data transmission. ## 4 web 進入記分板 ![image](https://hackmd.io/_uploads/rk6P75-S0.png) ### (a) DOM XSS 是攻擊者透過修改網頁的 DOM 結構，而插入惡意的腳本的攻擊手法。 XSS 全稱為 Cross-site scripting 中文為「跨站腳本攻擊」。通常是指利用網頁開發時留下的漏洞，巧妙地注入惡意指令代碼到網頁中，讓使用者載入並執行攻擊者製造的網頁程式。攻擊成功後，攻擊者可能可以存取更高的權限、私密網頁、網頁 session 和 cookie 等各種內容。搜尋以下內容 `<iframe src="javascript:alert(`xss`)">` ## (b) Bonus Payload 攻擊手法、防禦方法和解題做法和上一題都相同，只是在 search bar 上要加入的要改成 soundcloud：搜尋以下內容 `<iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe>` ## (c) Confidential Document 攻擊手法：未經授權的訪問漏洞允許攻擊者在未經適當驗證的情況下訪問敏感文件或資料防禦方法：確保只有授權使用者才能訪問這些文件解題方法：進到他們的 ftp server， http://localhost:3000/ftp ![image](https://hackmd.io/_uploads/rkxjKgzr0.png) ## (d) Error Handling 攻擊好處：不當的錯誤訊息處理會暴露應用的內部套件內容，可能被攻擊者用來發現並利用其他漏洞防禦方法：使用集中式錯誤處理來記錄 Error 資訊，但只在內部記錄，不在前端顯示。解題方法：嘗試戳一些會導致錯誤的網站。我是點進以下連結： http://localhost:3000/rest ![image](https://hackmd.io/_uploads/BkfpYxMHA.png) ## (e) Login Admin 攻擊好處：SQL Injection 允許攻擊者通過操縱 SQL Query 來繞過認證或執行其他未經授權的操作防禦方法：實施嚴格的輸入驗證來過濾惡意輸入解題方法：在登入頁面的 account 輸入以下資訊 Account: `' or 1=1;--` Password `whateveryoulike` ![image](https://hackmd.io/_uploads/ryjmHlzBR.png) ### CSRF CSRF 是指跨站的請求偽造，這種攻擊方法會強迫使用者在他們已經驗證身份的網站中，執行某些惡意的偽造操作，因為已經驗證過該使用者，所以網站就會以操作來自該使用者，因此接受了該操作。舉例來說，某個使用者登入銀行帳戶後，去逛別的網站，但不小心點開惡意網站，該惡意網站中的程式碼用這名使用者的名義，進行未經同意的轉帳操作。 CSRF 之所以成立，是因為使用者的身份已經先被驗證過。如果要白話一點理解，就像是別人偷拿你的會員點數卡去買東西。但因為店家認卡，所以當看到小偷拿著你的卡，就相信小偷是你本人，於是接受該小偷使用你的點數進行消費。 CSRF 防禦方法 * 加上驗證 * 不要用 GET 請求來做關鍵操作 * 檢查 Referrer * CSRF token ## red 進入kali linux ``` sudo nmap -V -sV -P- 10.0.2.17 ``` 可以看到 ``` Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-02 05:18 EDT Nmap scan report for 10.0.2.17 Host is up (0.0035s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 8888/tcp open sun-answerbook? | fingerprint-strings: | GetRequest, NULL: | Hi nasa2024! I am nasa2023. Let's perform Diffie Hellman Key Exchange to send my password to you. | Public Parameters: | 225767380178350802628778437017496348506176151258540877390435261797441405376925462353033943428250997896721871314848092198285782090854345048122054662118095093126460101634204669116245701349386199013259740156914957581998478910297520218610100534888946137650917794983893617171996522035814582359127824042121899808876773647935022915898374909936257339388284950991406069940410741988769988487367291151043794121895262510924165121260013652780395357015274005281249229129921041753074342019570856852279201214963524275697052753317172 92691027336085165189528066507004179996186174476800146427478310174828794820885700903184044808658319809 | ============================================================ | 14965785702608118671059841388855572745112883984598731034346214365919484521635855007471241 | HTTPOptions: | Hi nasa2024! I am nasa2023. Let's perform Diffie Hellman Key Exchange to send my password to you. | Public Parameters: | 225767380178350802628778437017496348506176151258540877390435261797441405376925462353033943428250997896721871314848092198285782090854345048122054662118095093126460101634204669116245701349386199013259740156914957581998478910297520218610100534888946137650917794983893617171996522035814582359127824042121899808876773647935022915898374909936257339388284950991406069940410741988769988487367291151043794121895262510924165121260013652780395357015274005281249229129921041753074342019570856852279201214963524275697052753317172 92691027336085165189528066507004179996186174476800146427478310174828794820885700903184044808658319809 | ============================================================ |_ 22574849584382218747010074440779251031277856685468928379820254487584175773972275826094426 9999/tcp open abyss? | fingerprint-strings: | GetRequest, NULL: |_ p = 22087/tcp open ssh OpenSSH 9.6 (protocol 2.0) | ssh-hostkey: | 256 93:18:d6:8d:59:e3:aa:03:ce:0e:a4:f1:8b:5b:db:d3 (ECDSA) |_ 256 32:de:ed:74:56:c6:ab:eb:1a:8c:d5:b1:b0:61:a7:8a (ED25519) 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : ``` 22087/tcp open ssh ``` ┌──(nasa2024__kali)-[~] └─$ ssh ssh -i ~/.ssh/id_ed25519 student@10.0.2.17 -p 22087 The authenticity of host '[10.0.2.17]:22087 ([10.0.2.17]:22087)' can't be established. ED25519 key fingerprint is SHA256:2DTjZdsNYys12tq2uH2WqHIFCIubqhxb6OrNom7rdPE. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[10.0.2.17]:22087' (ED25519) to the list of known hosts. Welcome to Alpine! The Alpine Wiki contains a large amount of how-to guides and general information about administrating Alpine systems. See <https://wiki.alpinelinux.org/>. You can setup the system with the command: setup-alpine You may change this message by editing /etc/motd. localhost:~$ ``` ``` localhost:~$ ls flag1 localhost:~$ cat flag1 NASA{W0W_Y0U_KN0W_NM49_70_5C4N_55H_H093_Y0U_D0N'7_BRU73_F0RC3_17} ``` ### 2 中間人攻擊傳1 給server 可是這樣key 會是 01000000000000000000000000000000 ![image](https://hackmd.io/_uploads/SyB7GyMB0.png) 找到了，密碼是 yLXGn4S3wYeAMnF7UySEsw9wMPdh5v2e ![image](https://hackmd.io/_uploads/SyhLfyGHA.png) #### flag ``` localhost:~$ cat flag2 NASA{CRY706R49HY_4150_1M90R74N7_1N_CYB3R53CUR17Y!} ``` ### 3 進入 nasa2024之後到 /root/comic/server 選項2 去用 comic-server 讀 ../../../etc/shadow 然後john破解 ``` root:$6$M03rcP5w38H7hYwm$HWKrqjG9ZdY97E2eKWjNIt6biVCVPkVxZZvsfYPoEtk9P30.PfAzgtjI2IPXj9u7Mo0vLxp7U0u.MjFGXehKu.:19850:0::::: nasa2023:$6$6qkngoIeqsMizLEE$Mw3jduV64bfY3yd0otGjaMh2nRJFO/WwXGE6qHF27bbZZq15MJORt3JMy54gfSiDJY43AhNeVynnQHGWp4cz41:19850:0:99999:7::: student:$6$I7GFgsWJRqjNEt1R$ZmWXyy8rK.Imn0V4Jk6Nr7DpjZmoNTZffrtH9pw4ZVr9GX3NYU09pCA7HOtw7flIxXsmjNt7pQwqk9xslrKhi1:19850:0:99999:7::: nasa2024:$6$fho8wb1AS1tFC5N3$/eNgObHyRphLNbS4FpeAd2wZG.lk33kIVVK21bJDG46rOJ7SsbglPPyw39IrS5YGyPibFD.S4MAih82ldPjFO1:19850:0:99999:7::: ``` 但是由於現在是2023/6/8 系統很慢，因為三成巢狀VM，現在john破解中QAQ ## 4 同上題 ## 5 ### 3 進入 nasa2024之後到 /root/comic/server 選項2 去用 comic-server 讀 ../../../etc/shadow 然後john破解 ``` root:$6$M03rcP5w38H7hYwm$HWKrqjG9ZdY97E2eKWjNIt6biVCVPkVxZZvsfYPoEtk9P30.PfAzgtjI2IPXj9u7Mo0vLxp7U0u.MjFGXehKu.:19850:0::::: ``` ## blue ### 1 ``` localhost:~# netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2196/php-fpm.conf) tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2237/sshd [listener tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2162/nginx.conf tcp 0 0 :::22 :::* LISTEN 2237/sshd [listener tcp 0 0 :::80 :::* LISTEN 2162/nginx.conf localhost:~# ss -tulnp -ash: ss: not found localhost:~# systemctl list-units --type=service --state=running -ash: systemctl: not found localhost:~# rc-status Runlevel: default crond [ started ] acpid [ started ] sshd [ started ] nginx [ started ] php-fpm82 [ started ] Dynamic Runlevel: hotplugged Dynamic Runlevel: needed/wanted sysfs [ started ] fsck [ started ] root [ started ] localmount [ started ] ``` 從輸出的結果我們可以看出： - 有幾個 TCP 端口正在被服務佔用，其中包括： - 127.0.0.1:9000 被 php-fpm 佔用 - 0.0.0.0:22 和 :::22 被 sshd 佔用 - 0.0.0.0:80 和 :::80 被 nginx 佔用 - 當前正在運行的服務包括： - crond - acpid - sshd - nginx - php-fpm82 ![image](https://hackmd.io/_uploads/B146OCbSC.png) 透過hacker 圖片去log翻是誰上傳即可知道IP **Attacker's IP:** 100.87.205.105 #### Vulnerabilities of the Service: The vulnerabilities of the service include: - Lack of input validation: The service fails to properly validate user input, allowing attackers to inject malicious code. - Buffer overflow: The service does not handle input buffer size properly, leading to potential buffer overflow vulnerabilities. - Outdated software: The service is running on outdated software versions, which may contain known security vulnerabilities. #### Exploitation: An attacker could exploit these vulnerabilities by: 1. Crafting specially crafted input payloads to trigger buffer overflows and execute arbitrary code. 2. Injecting malicious code through input fields to gain unauthorized access or perform unauthorized actions on the system. 3. Exploiting known vulnerabilities in outdated software to gain access to the system or escalate privileges. #### Attacker's Actions: #### Patching the Vulnerabilities: To patch the vulnerabilities in the service, the following measures can be taken: 1. Implement robust input validation to prevent injection attacks. 2. Update software components to the latest versions to address known security vulnerabilities. 3. Use secure coding practices to prevent buffer overflows and other memory-related vulnerabilities. #### Patching the Machine: To prevent future attacks and arbitrary code execution, the following steps can be taken: 1. Implement firewall rules to restrict access to the service. 2. Regularly update the system and software components to patch known vulnerabilities. 3. Implement intrusion detection and prevention systems to detect and block suspicious activities. 4. Use strong authentication mechanisms and access controls to limit unauthorized access to the system. 5. Implement logging and monitoring solutions to track and analyze system activities for signs of compromise. ## log ### nginx ``` 10.0.2.15 - - [23/Apr/2024:12:36:46 +0800] "GET /uploads/662628164b658.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:46 +0800] "GET /uploads/66262826e3225.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:46 +0800] "GET /uploads/66273ad2ddc44.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:46 +0800] "GET /uploads/662f99e7c3172.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:46 +0800] "GET /uploads/662f9a0490071.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:46 +0800] "GET /uploads/662f9a828a24b.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:49 +0800] "POST /upload.php HTTP/1.1" 200 81 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET / HTTP/1.1" 200 4221 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/66273ae1eb385.png HTTP/1.1" 200 4499 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/a.sh HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660a31ebc3658.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660a31f208959.jpg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660a3265bada8.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660b82cb90055.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660bd0d38b78a.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660bd0e309128.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660bd10b9ea0c.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660cd4d368e74.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660cd4ee44a40.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660cd50c0819b.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/660cd53435a52.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/66238430e97e4.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/662628164b658.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/66262826e3225.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/66273ad2ddc44.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/66273adc00158.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/662f99e7c3172.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/662f9a0490071.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [23/Apr/2024:12:36:52 +0800] "GET /uploads/662f9a828a24b.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:04 +0800] "POST /upload.php HTTP/1.1" 200 81 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET / HTTP/1.1" 200 4331 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/663af8c48b3d7.png HTTP/1.1" 200 8904 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/a.sh HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660a31ebc3658.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660a31f208959.jpg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660bd10b9ea0c.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660cd4d368e74.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660a3265bada8.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660b82cb90055.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660bd0d38b78a.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660bd0e309128.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660cd4ee44a40.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660cd50c0819b.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/660cd53435a52.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/66238430e97e4.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/662628164b658.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/66262826e3225.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/66273ad2ddc44.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/66273adc00158.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/662f99e7c3172.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/662f9a0490071.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/66273ae1eb385.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:06 +0800] "GET /uploads/662f9a828a24b.jpeg HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:16 +0800] "POST /upload.php HTTP/1.1" 200 81 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:22 +0800] "GET / HTTP/1.1" 200 4441 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:22 +0800] "GET /uploads/663af8d01d68d.png HTTP/1.1" 200 7478 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:22 +0800] "GET /uploads/663af8c48b3d7.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:22 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:40 +0800] "POST /upload.php HTTP/1.1" 200 81 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:42 +0800] "GET / HTTP/1.1" 200 4551 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:43 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:43 +0800] "GET /uploads/663af8e89df20.png HTTP/1.1" 200 5538 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:43 +0800] "GET /uploads/663af8c48b3d7.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 10.0.2.15 - - [08/May/2024:12:00:43 +0800] "GET /uploads/663af8d01d68d.png HTTP/1.1" 304 0 "http://10.0.2.18/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" "-" 100.87.205.105 - - [08/Jun/2024:21:11:13 +0800] "GET / HTTP/1.1" 200 4551 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:13 +0800] "GET /uploads/660a31ebc3658.jpeg HTTP/1.1" 200 6953 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660a3265bada8.png HTTP/1.1" 200 8904 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660cd4ee44a40.png HTTP/1.1" 200 11587 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660bd0e309128.png HTTP/1.1" 200 7478 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660bd0d38b78a.png HTTP/1.1" 200 2198 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660b82cb90055.png HTTP/1.1" 200 4499 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660bd10b9ea0c.jpeg HTTP/1.1" 200 9300 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660cd50c0819b.png HTTP/1.1" 200 4891 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660cd53435a52.png HTTP/1.1" 200 4650 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/660cd4d368e74.png HTTP/1.1" 200 6075 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/66273ae1eb385.png HTTP/1.1" 200 4499 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/66262826e3225.png HTTP/1.1" 200 2198 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/662f9a0490071.png HTTP/1.1" 200 5538 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/66273ad2ddc44.jpeg HTTP/1.1" 200 9300 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/662f9a828a24b.jpeg HTTP/1.1" 200 4928 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/662f99e7c3172.png HTTP/1.1" 200 4499 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/66238430e97e4.jpeg HTTP/1.1" 200 8080 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/66273adc00158.png HTTP/1.1" 200 7478 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/662628164b658.jpeg HTTP/1.1" 200 8080 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/663af8c48b3d7.png HTTP/1.1" 200 8904 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/663af8d01d68d.png HTTP/1.1" 200 7478 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/663af8e89df20.png HTTP/1.1" 200 5538 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/a.sh HTTP/1.1" 200 93 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:14 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:16 +0800] "GET /uploads/660a31f208959.jpg HTTP/1.1" 200 9494 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:11:16 +0800] "GET /favicon.ico HTTP/1.1" 200 4551 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:17 +0800] "GET / HTTP/1.1" 200 4551 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:17 +0800] "GET /uploads/a.sh HTTP/1.1" 304 0 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:17 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:18 +0800] "GET /favicon.ico HTTP/1.1" 200 4551 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:19 +0800] "GET / HTTP/1.1" 200 4551 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:19 +0800] "GET /uploads/662f9a8dc30bb.php HTTP/1.1" 500 5 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 100.87.205.105 - - [08/Jun/2024:21:15:19 +0800] "GET /favicon.ico HTTP/1.1" 200 4551 "http://100.105.98.111:38780/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" ``` ``` localhost:/var/log# tail -n 100 nginx/err* 2024/04/01 12:02:27 [error] 2597#2597: *1 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/65923b6760c38.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/65923b6760c38.php:2 Stack trace: #0 /var/www/html/uploads/65923b6760c38.php(2): system() #1 {main} thrown in /var/www/html/uploads/65923b6760c38.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/65923b6760c38.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/04/03 12:02:54 [warn] 2597#2597: *40 a client request body is buffered to a temporary file /var/lib/nginx/tmp/client_body/0000000001, client: 10.0.2.2, server: , request: "POST /upload.php HTTP/1.1", host: "127.0.0.1:38780", referrer: "http://127.0.0.1:38780/" 2024/04/29 21:03:17 [error] 2597#2597: *109 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.29, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/04/23 12:26:46 [error] 2597#2597: *153 upstream timed out (110: Operation timed out) while reading response header from upstream, client: 10.0.2.29, server: , request: "GET /uploads/662f9a8dc30bb.php?cmd=ash%20a.sh HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18" 2024/04/23 12:31:39 [error] 2597#2597: *162 upstream timed out (110: Operation timed out) while reading response header from upstream, client: 10.0.2.29, server: , request: "GET /uploads/662f9a8dc30bb.php?cmd=ash%20a.sh%20%26 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18" 2024/04/23 12:36:17 [error] 2597#2597: *166 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/04/23 12:36:25 [error] 2597#2597: *164 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/04/23 12:36:37 [error] 2597#2597: *166 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/04/23 12:36:46 [error] 2597#2597: *166 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/04/23 12:36:52 [error] 2597#2597: *166 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/05/08 12:00:06 [error] 2597#2597: *185 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/05/08 12:00:22 [error] 2597#2597: *185 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/05/08 12:00:43 [error] 2597#2597: *185 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 10.0.2.15, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "10.0.2.18", referrer: "http://10.0.2.18/" 2024/06/08 21:11:14 [error] 2172#2172: *4 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 100.87.205.105, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "100.105.98.111:38780", referrer: "http://100.105.98.111:38780/" 2024/06/08 21:15:17 [error] 2172#2172: *10 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 100.87.205.105, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "100.105.98.111:38780", referrer: "http://100.105.98.111:38780/" 2024/06/08 21:15:19 [error] 2172#2172: *10 FastCGI sent in stderr: "PHP message: PHP Warning: Undefined array key "cmd" in /var/www/html/uploads/662f9a8dc30bb.php on line 2; PHP message: PHP Fatal error: Uncaught ValueError: system(): Argument #1 ($command) cannot be empty in /var/www/html/uploads/662f9a8dc30bb.php:2 Stack trace: #0 /var/www/html/uploads/662f9a8dc30bb.php(2): system() #1 {main} thrown in /var/www/html/uploads/662f9a8dc30bb.php on line 2" while reading response header from upstream, client: 100.87.205.105, server: , request: "GET /uploads/662f9a8dc30bb.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "100.105.98.111:38780", referrer: "http://100.105.98.111:38780/" ``` ``` localhost:/var/log# tail -n 100 php82/err* [08-May-2024 21:23:56] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 21:23:56] NOTICE: fpm is running, pid 2932 [08-May-2024 21:23:56] NOTICE: ready to handle connections [08-May-2024 22:24:04] NOTICE: Terminating ... [08-May-2024 22:24:04] NOTICE: exiting, bye-bye! [08-May-2024 22:24:04] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 22:24:04] ERROR: [pool www] please specify user and group other than root [08-May-2024 22:24:04] ERROR: FPM initialization failed [08-May-2024 22:26:51] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 22:29:07] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 22:29:07] NOTICE: fpm is running, pid 3864 [08-May-2024 22:29:07] NOTICE: ready to handle connections [08-May-2024 22:30:54] NOTICE: Terminating ... [08-May-2024 22:30:54] NOTICE: exiting, bye-bye! [08-May-2024 22:30:54] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 22:30:54] NOTICE: fpm is running, pid 4102 [08-May-2024 22:30:54] NOTICE: ready to handle connections [08-May-2024 22:31:35] NOTICE: Terminating ... [08-May-2024 22:31:35] NOTICE: exiting, bye-bye! [08-May-2024 22:31:35] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 22:31:36] NOTICE: fpm is running, pid 4165 [08-May-2024 22:31:36] NOTICE: ready to handle connections [08-May-2024 22:39:36] NOTICE: Terminating ... [08-May-2024 22:39:36] NOTICE: exiting, bye-bye! [08-May-2024 22:39:36] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-May-2024 22:39:37] NOTICE: fpm is running, pid 4440 [08-May-2024 22:39:37] NOTICE: ready to handle connections [01-Jan-2024 12:07:49] NOTICE: Terminating ... [01-Jan-2024 12:07:49] NOTICE: exiting, bye-bye! [01-Jan-2024 12:08:13] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [01-Jan-2024 12:08:14] NOTICE: fpm is running, pid 2330 [01-Jan-2024 12:08:14] NOTICE: ready to handle connections [09-May-2024 00:41:12] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [09-May-2024 00:41:12] NOTICE: fpm is running, pid 2204 [09-May-2024 00:41:12] NOTICE: ready to handle connections [09-May-2024 19:55:41] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [09-May-2024 19:55:41] NOTICE: fpm is running, pid 2201 [09-May-2024 19:55:41] NOTICE: ready to handle connections [09-May-2024 22:29:20] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [09-May-2024 22:29:20] NOTICE: fpm is running, pid 2206 [09-May-2024 22:29:20] NOTICE: ready to handle connections [08-Jun-2024 20:52:57] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-Jun-2024 20:52:57] NOTICE: fpm is running, pid 2196 [08-Jun-2024 20:52:57] NOTICE: ready to handle connections [08-Jun-2024 23:23:22] NOTICE: configuration file /etc/php82/php-fpm.conf test is successful [08-Jun-2024 23:23:22] NOTICE: fpm is running, pid 2216 [08-Jun-2024 23:23:22] NOTICE: ready to handle connections ```