querytest.txt
| 1 |
TIMESTAMP=$(ruby -r 'time' -e 'puts(Time.now.getutc.iso8601)') SIGNATURE=$(ruby -e "require 'rubygems'" -e "require 'AWS'" -e "require 'time'" -e "puts(AWS.encode('/DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Ted Hesselroth/CN=UID:tdh', AWS.canonical_string({'Action' => 'UploadImage', 'SignatureVersion' => '2', 'SignatureMethod' => 'HmacSHA1', 'AWSAccessKeyId' => ENV['USER'], 'Version' => '2010-11-15', 'Timestamp' => ENV['TIMESTAMP']}, 'localhost'), false))") curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -F Action=UploadImage -F SignatureVersion=2 -F SignatureMethod=HmacSHA1 -F Timestamp=$TIMESTAMP -F Signature=$SIGNATURE -F "file=@/home/tdh/tmp/ttylinux/ttylinux.img" https://proxyserver.hostname.edu:8443
|
|---|---|
| 2 |
|
| 3 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -d ImageLocation=ami-00000010 https://proxyserver.hostname.edu:8443/?Action=RegisterImage |
| 4 |
|
| 5 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem https://proxyserver.hostname.edu:8443/?Action=DescribeImages |
| 6 |
|
| 7 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -d Action=RunInstances -d ImageId=ami-00000010 -d InstanceType=m1.small -d UserData=mydata -d AWSAccessKeyId=tdh https://proxyserver.hostname.edu:8443 |
| 8 |
|
| 9 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem https://proxyserver.hostname.edu:8443/?Action=DescribeInstances |
| 10 |
|
| 11 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -d "InstanceId.1=20" https://proxyserver.hostname.edu:8443/?Action=TerminateInstances |