Looting the Symfony profiler with EOS
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Toggle automatic slides maximization | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Seek 1 frame backward | alt + left arrow |
| Seek 1 frame forward | alt + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Based on https://www.synacktiv.com/posts/pentest/looting-symfony-with-eos.html. Symfony is a popular open source PHP framework to create web applications. When configured with development parameters, Symfony exposes a sensitive component: the web profiler. This interface implements debug features to help developers identifying bugs while working on the application. However, as an attacker, multiple pieces of information are available to loot: configuration files, user credentials and even the application source code.
Exposing such features in a production environment is very dangerous and to gather all this intel, Synacktiv recently developed an open source tool named EOS (https://github.com/synacktiv/eos).
In this presentation, I would like to describe the different features provided by the profiler and how EOS exploits them to extract the valuable information.
Speaker
Matthieu Barjole (Synacktiv)
Other media in the channel "2020"
19 views, 2 this yearConclusion talkJuly 2nd, 2020
212 views, 16 this year, 2 this monthPique curiosity, not diabetic fingersJuly 2nd, 2020
39 views, 2 this yearWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
51 viewsTackling security issues in virtualizationJuly 2nd, 2020
30 views, 2 this yearEnarx - secured, attested execution on any cloudJuly 2nd, 2020
55 views, 1 this yearRemote Forensic Investigations For The WinJuly 2nd, 2020