querytest.txt
1 |
TIMESTAMP=$(ruby -r 'time' -e 'puts(Time.now.getutc.iso8601)') SIGNATURE=$(ruby -e "require 'rubygems'" -e "require 'AWS'" -e "require 'time'" -e "puts(AWS.encode('/DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Ted Hesselroth/CN=UID:tdh', AWS.canonical_string({'Action' => 'UploadImage', 'SignatureVersion' => '2', 'SignatureMethod' => 'HmacSHA1', 'AWSAccessKeyId' => ENV['USER'], 'Version' => '2010-11-15', 'Timestamp' => ENV['TIMESTAMP']}, 'localhost'), false))") curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -F Action=UploadImage -F SignatureVersion=2 -F SignatureMethod=HmacSHA1 -F Timestamp=$TIMESTAMP -F Signature=$SIGNATURE -F "file=@/home/tdh/tmp/ttylinux/ttylinux.img" https://proxyserver.hostname.edu:8443 |
---|---|
2 |
|
3 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -d ImageLocation=ami-00000010 https://proxyserver.hostname.edu:8443/?Action=RegisterImage |
4 |
|
5 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem https://proxyserver.hostname.edu:8443/?Action=DescribeImages |
6 |
|
7 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -d Action=RunInstances -d ImageId=ami-00000010 -d InstanceType=m1.small -d UserData=mydata -d AWSAccessKeyId=tdh https://proxyserver.hostname.edu:8443 |
8 |
|
9 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem https://proxyserver.hostname.edu:8443/?Action=DescribeInstances |
10 |
|
11 |
curl -s --capath /etc/grid-security/certificates --cert $HOME/.globus/usercert.pem --key $HOME/.globus/vulnerable_passwordless_key.pem -d "InstanceId.1=20" https://proxyserver.hostname.edu:8443/?Action=TerminateInstances |