{"id":21908,"date":"2025-02-15T16:27:22","date_gmt":"2025-02-15T19:27:22","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=21908"},"modified":"2025-02-17T12:15:23","modified_gmt":"2025-02-17T15:15:23","slug":"asp-net-tem-chaves-vazadas","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/02\/exploits\/asp-net-tem-chaves-vazadas\/","title":{"rendered":"ASP.NET tem chaves vazadas"},"content":{"rendered":"\n<div class=\"dad65929\">\n<div class=\"f9bf7997 d7dc56a8 c05b5566\">\n<div class=\"ds-markdown ds-markdown--block\">\n<p class=\"story-title\"><strong>Microsoft identifica 3.000 chaves ASP.NET vazadas que permitem ataques de inje\u00e7\u00e3o de c\u00f3digo<\/strong><\/p>\n<p style=\"text-align: justify;\">A Microsoft recentemente alertou sobre uma pr\u00e1tica insegura adotada por desenvolvedores de software: o uso de chaves\u00a0<strong>ASP.NET machine keys<\/strong>\u00a0vazadas publicamente em seus aplicativos. Essa pr\u00e1tica coloca os sistemas em risco de ataques de inje\u00e7\u00e3o de c\u00f3digo, como o uso do framework p\u00f3s-explora\u00e7\u00e3o\u00a0<strong>Godzilla<\/strong>. A empresa identificou mais de\u00a0<strong>3.000 chaves vazadas<\/strong>\u00a0que podem ser usadas em ataques do tipo\u00a0<strong>ViewState code injection<\/strong>, representando uma amea\u00e7a significativa para aplica\u00e7\u00f5es ASP.NET.<\/p>\n<p style=\"text-align: justify;\">Neste artigo, vamos explorar os detalhes dessa vulnerabilidade, seu impacto e fornecer exemplos de scripts e pr\u00e1ticas recomendadas para mitigar riscos.<\/p>\n<p>\u00a0<\/p>\n<p><strong>O Que \u00e9 o ataque de inje\u00e7\u00e3o de ViewState?<\/strong><\/p>\n<p style=\"text-align: justify;\">O\u00a0<strong>ViewState<\/strong>\u00a0\u00e9 um mecanismo do framework\u00a0<strong>ASP.NET<\/strong>\u00a0usado para preservar valores de p\u00e1ginas e controles entre postbacks. Por padr\u00e3o, os dados do ViewState s\u00e3o armazenados em um campo oculto na p\u00e1gina, codificados em\u00a0<strong>base64<\/strong>\u00a0e protegidos por um valor de hash gerado a partir de uma chave de autentica\u00e7\u00e3o de m\u00e1quina (<strong>MAC key<\/strong>). Esse hash garante que os dados n\u00e3o foram adulterados.<\/p>\n<p style=\"text-align: justify;\">No entanto, se as chaves MAC forem comprometidas ou vazadas, um atacante pode us\u00e1-las para injetar c\u00f3digo malicioso no ViewState. Quando o servidor processa a requisi\u00e7\u00e3o, o c\u00f3digo malicioso \u00e9 decriptado e executado, permitindo\u00a0<strong>execu\u00e7\u00e3o remota de c\u00f3digo (RCE)<\/strong>\u00a0no servidor IIS.<\/p>\n<p>\u00a0<\/p>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiVoW40-QIiQLq-Oev6SR4JOxqPvHz6kGrfaNIo8KNE2taMrVwHZ1Ax-KniVuTTjNBeEV93O66RKupYvMB1XRKzo_cstxNkORu7biO_U-Si6GiEyKeXa4dF4wuePLqQdOkz6TGheoQEERNuIp8SmsZKlFbKAPfMSqeQ01Oa6s95PPwbjUnmykx7ugHQCrL0\/s728-rw-e365\/ms.png\" width=\"638\" height=\"333\" \/><\/p>\n<div class=\"ds-markdown ds-markdown--block\">\n<p>\u00a0<\/p>\n<p><strong>Impacto da vulnerabilidade<\/strong><\/p>\n<ul>\n<li>\n<p style=\"text-align: justify;\"><strong>Execu\u00e7\u00e3o Remota de C\u00f3digo (RCE)<\/strong>: Ataques de inje\u00e7\u00e3o de ViewState permitem que atacantes executem c\u00f3digo arbitr\u00e1rio no servidor.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Persist\u00eancia no Sistema<\/strong>: Mesmo ap\u00f3s a rota\u00e7\u00e3o das chaves, os atacantes podem manter acesso persistente ao sistema.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Exposi\u00e7\u00e3o de Dados Sens\u00edveis<\/strong>: Ataques bem-sucedidos podem resultar em vazamento de dados confidenciais.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Comprometimento de Aplica\u00e7\u00f5es Web<\/strong>: Ataques podem comprometer aplica\u00e7\u00f5es ASP.NET hospedadas em servidores IIS.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Exemplos de scripts para mitiga\u00e7\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">Abaixo est\u00e3o exemplos de scripts e pr\u00e1ticas recomendadas para mitigar riscos associados a ataques de inje\u00e7\u00e3o de ViewState.<\/p>\n<p>\u00a0<\/p>\n<p>1.\u00a0<strong>Verifica\u00e7\u00e3o de chaves vazadas<\/strong><\/p>\n<p style=\"text-align: justify;\">A Microsoft forneceu uma lista de valores de hash para chaves vazadas. Use o seguinte script Python para verificar se suas chaves est\u00e3o na lista:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token keyword\">import<\/span> hashlib\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">check_leaked_keys<\/span><span class=\"token punctuation\">(<\/span>your_machine_key<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token comment\"># Lista de hashes de chaves vazadas (exemplo)<\/span>\n    leaked_hashes <span class=\"token operator\">=<\/span> <span class=\"token punctuation\">[<\/span>\n        <span class=\"token string\">\"5f4dcc3b5aa765d61d8327deb882cf99\"<\/span><span class=\"token punctuation\">,<\/span>  <span class=\"token comment\"># Exemplo de hash MD5<\/span>\n        <span class=\"token string\">\"e99a18c428cb38d5f260853678922e03\"<\/span>\n    <span class=\"token punctuation\">]<\/span>\n\n    <span class=\"token comment\"># Calcula o hash da sua chave<\/span>\n    key_hash <span class=\"token operator\">=<\/span> hashlib<span class=\"token punctuation\">.<\/span>md5<span class=\"token punctuation\">(<\/span>your_machine_key<span class=\"token punctuation\">.<\/span>encode<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span>hexdigest<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n    <span class=\"token comment\"># Verifica se o hash est\u00e1 na lista de chaves vazadas<\/span>\n    <span class=\"token keyword\">if<\/span> key_hash <span class=\"token keyword\">in<\/span> leaked_hashes<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"ALERTA: Chave comprometida encontrada!\"<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">else<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"Chave segura.\"<\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token comment\"># Exemplo de uso<\/span>\nyour_machine_key <span class=\"token operator\">=<\/span> <span class=\"token string\">\"sua_chave_aqui\"<\/span>\ncheck_leaked_keys<span class=\"token punctuation\">(<\/span>your_machine_key<span class=\"token punctuation\">)<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>2.\u00a0<strong>Rota\u00e7\u00e3o de chaves MAC<\/strong><\/p>\n<p style=\"text-align: justify;\">Rotacione as chaves MAC regularmente para reduzir o risco de explora\u00e7\u00e3o. Use o seguinte script PowerShell para gerar uma nova chave:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token comment\"># Gera uma nova chave MAC<\/span>\n<span class=\"token variable\">$newKey<\/span> = <span class=\"token namespace\">[System.Web.Security.MachineKey]<\/span>::GenerateKey<span class=\"token punctuation\">(<\/span>32<span class=\"token punctuation\">)<\/span>\n<span class=\"token variable\">$newKeyBase64<\/span> = <span class=\"token namespace\">[System.Convert]<\/span>::ToBase64String<span class=\"token punctuation\">(<\/span><span class=\"token variable\">$newKey<\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token comment\"># Atualiza a chave no arquivo web.config<\/span>\n<span class=\"token variable\">$webConfigPath<\/span> = <span class=\"token string\">\"C:\\caminho\\para\\seu\\web.config\"<\/span>\n<span class=\"token variable\">$xml<\/span> = <span class=\"token namespace\">[xml]<\/span><span class=\"token punctuation\">(<\/span><span class=\"token function\">Get-Content<\/span> <span class=\"token variable\">$webConfigPath<\/span><span class=\"token punctuation\">)<\/span>\n<span class=\"token variable\">$machineKeyNode<\/span> = <span class=\"token variable\">$xml<\/span><span class=\"token punctuation\">.<\/span>SelectSingleNode<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"\/\/system.web\/machineKey\"<\/span><span class=\"token punctuation\">)<\/span>\n<span class=\"token variable\">$machineKeyNode<\/span><span class=\"token punctuation\">.<\/span>SetAttribute<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"validationKey\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token variable\">$newKeyBase64<\/span><span class=\"token punctuation\">)<\/span>\n<span class=\"token variable\">$machineKeyNode<\/span><span class=\"token punctuation\">.<\/span>SetAttribute<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"decryptionKey\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token variable\">$newKeyBase64<\/span><span class=\"token punctuation\">)<\/span>\n<span class=\"token variable\">$xml<\/span><span class=\"token punctuation\">.<\/span>Save<span class=\"token punctuation\">(<\/span><span class=\"token variable\">$webConfigPath<\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token function\">Write-Output<\/span> <span class=\"token string\">\"Chave MAC atualizada com sucesso: <span class=\"token variable\">$newKeyBase64<\/span>\"<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>3.\u00a0<strong>Monitoramento de requisi\u00e7\u00f5es suspeitas<\/strong><\/p>\n<p>Use um script para monitorar requisi\u00e7\u00f5es HTTP em busca de ViewStates maliciosos:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token keyword\">from<\/span> flask <span class=\"token keyword\">import<\/span> Flask<span class=\"token punctuation\">,<\/span> request\n<span class=\"token keyword\">import<\/span> base64\n<span class=\"token keyword\">import<\/span> re\n\napp <span class=\"token operator\">=<\/span> Flask<span class=\"token punctuation\">(<\/span>__name__<span class=\"token punctuation\">)<\/span>\n\n<span class=\"token decorator annotation punctuation\">@app<span class=\"token punctuation\">.<\/span>route<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">'\/'<\/span><span class=\"token punctuation\">)<\/span>\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">monitor_viewstate<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    viewstate <span class=\"token operator\">=<\/span> request<span class=\"token punctuation\">.<\/span>args<span class=\"token punctuation\">.<\/span>get<span class=\"token punctuation\">(<\/span><span class=\"token string\">'__VIEWSTATE'<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">if<\/span> viewstate<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n            decoded <span class=\"token operator\">=<\/span> base64<span class=\"token punctuation\">.<\/span>b64decode<span class=\"token punctuation\">(<\/span>viewstate<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span>decode<span class=\"token punctuation\">(<\/span><span class=\"token string\">'utf-8'<\/span><span class=\"token punctuation\">)<\/span>\n            <span class=\"token keyword\">if<\/span> re<span class=\"token punctuation\">.<\/span>search<span class=\"token punctuation\">(<\/span><span class=\"token string\">r\"&lt;script|eval\\(|System\\.\"<\/span><span class=\"token punctuation\">,<\/span> decoded<span class=\"token punctuation\">,<\/span> re<span class=\"token punctuation\">.<\/span>IGNORECASE<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"ALERTA: ViewState malicioso detectado!\"<\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token comment\"># Tomar a\u00e7\u00e3o, como bloquear o IP<\/span>\n        <span class=\"token keyword\">except<\/span><span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">pass<\/span>\n    <span class=\"token keyword\">return<\/span> <span class=\"token string\">\"Monitoramento ativo.\"<\/span>\n\n<span class=\"token keyword\">if<\/span> __name__ <span class=\"token operator\">==<\/span> <span class=\"token string\">\"__main__\"<\/span><span class=\"token punctuation\">:<\/span>\n    app<span class=\"token punctuation\">.<\/span>run<span class=\"token punctuation\">(<\/span>host<span class=\"token operator\">=<\/span><span class=\"token string\">'0.0.0.0'<\/span><span class=\"token punctuation\">,<\/span> port<span class=\"token operator\">=<\/span><span class=\"token number\">5000<\/span><span class=\"token punctuation\">)<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>4.\u00a0<strong>Configura\u00e7\u00e3o de pol\u00edticas de seguran\u00e7a no Kubernetes (b\u00f4nus)<\/strong><\/p>\n<p style=\"text-align: justify;\">Se voc\u00ea usa Kubernetes, evite bypasses de pol\u00edticas como o\u00a0<strong>OPA Gatekeeper<\/strong>. Use o seguinte exemplo de pol\u00edtica Rego para garantir que apenas reposit\u00f3rios autorizados sejam usados:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token keyword\">package<\/span> kubernetes<span class=\"token punctuation\">.<\/span>admission\n\ndeny<span class=\"token punctuation\">[<\/span>msg<span class=\"token punctuation\">]<\/span> <span class=\"token punctuation\">{<\/span>\n    input<span class=\"token punctuation\">.<\/span>request<span class=\"token punctuation\">.<\/span>kind<span class=\"token punctuation\">.<\/span>kind <span class=\"token operator\">==<\/span> <span class=\"token string\">\"Pod\"<\/span>\n    repo <span class=\"token operator\">:=<\/span> input<span class=\"token punctuation\">.<\/span>request<span class=\"token punctuation\">.<\/span>object<span class=\"token punctuation\">.<\/span>spec<span class=\"token punctuation\">.<\/span>containers<span class=\"token punctuation\">[<\/span><span class=\"token operator\">_<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">.<\/span>image\n    <span class=\"token keyword\">not<\/span> <span class=\"token function\">startswith<\/span><span class=\"token punctuation\">(<\/span>repo<span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"allowed-repo\/\"<\/span><span class=\"token punctuation\">)<\/span>\n    msg <span class=\"token operator\">:=<\/span> <span class=\"token function\">sprintf<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"Reposit\u00f3rio n\u00e3o autorizado: %v\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token punctuation\">[<\/span>repo<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\"><br \/><\/span>\n<span class=\"token punctuation\">}<br \/><br \/><\/span><\/pre>\n<\/div>\n<p><strong>Recomenda\u00e7\u00f5es adicionais<\/strong><\/p>\n<ul>\n<li>\n<p><strong>N\u00e3o use chaves p\u00fablicas<\/strong>:<\/p>\n<ul>\n<li>\n<p>Evite copiar chaves de fontes p\u00fablicas ou reposit\u00f3rios de c\u00f3digo.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Proteja o arquivo <code>web.config<\/code><\/strong>:<\/p>\n<ul>\n<li>\n<p>Restrinja o acesso ao arquivo\u00a0<code>web.config<\/code>\u00a0para evitar vazamentos de chaves.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Use HTTPS<\/strong>:<\/p>\n<ul>\n<li>\n<p>Certifique-se de que todas as comunica\u00e7\u00f5es com o servidor sejam criptografadas.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Monitore logs de acesso<\/strong>:<\/p>\n<ul>\n<li>\n<p>Configure ferramentas de monitoramento para detectar atividades suspeitas.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Atualize o framework ASP.NET<\/strong>:<\/p>\n<ul>\n<li>\n<p>Mantenha o framework e suas depend\u00eancias atualizados para corrigir vulnerabilidades conhecidas.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<\/div>\n<div class=\"ds-markdown ds-markdown--block\">\n<p><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">A descoberta de 3.000 chaves ASP.NET vazadas pela Microsoft destaca a import\u00e2ncia de pr\u00e1ticas seguras no desenvolvimento e manuten\u00e7\u00e3o de aplica\u00e7\u00f5es web. Ao adotar medidas como a rota\u00e7\u00e3o de chaves, monitoramento de requisi\u00e7\u00f5es e verifica\u00e7\u00e3o de chaves vazadas, as organiza\u00e7\u00f5es podem reduzir significativamente o risco de ataques de inje\u00e7\u00e3o de c\u00f3digo.<\/p>\n<p>\u00a0<\/p>\n<\/div>\n<\/div>\n<p>Fonte e imagens: <a href=\"https:\/\/thehackernews.com\/2025\/02\/microsoft-identifies-3000-publicly.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2025\/02\/microsoft-identifies-3000-publicly.html<\/a><\/p>\n<div class=\"f9bf7997 d7dc56a8 c05b5566\">\n<p>\u00a0<\/p>\n<div class=\"ds-flex\">\n<div class=\"ds-flex abe97156\">\n<div class=\"ds-icon-button\" tabindex=\"0\">\n<div class=\"ds-icon\">\u00a0<\/div>\n<\/div>\n<div class=\"ds-icon-button\" tabindex=\"0\">\n<div class=\"ds-icon\">\u00a0<\/div>\n<\/div>\n<div class=\"ds-icon-button\" tabindex=\"0\">\n<div class=\"ds-icon\">\u00a0<\/div>\n<\/div>\n<div class=\"ds-icon-button\" tabindex=\"0\">\n<div class=\"ds-icon\">\u00a0<\/div>\n<\/div>\n<\/div>\n<div>\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"e886deb9\">\n<div class=\"e214291b\">\u00a0<\/div>\n<\/div>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Microsoft identifica 3.000 chaves ASP.NET vazadas que permitem ataques de inje\u00e7\u00e3o de c\u00f3digo A Microsoft recentemente alertou sobre uma pr\u00e1tica insegura adotada por desenvolvedores de software: o uso de chaves\u00a0ASP.NET machine keys\u00a0vazadas publicamente em seus aplicativos. Essa pr\u00e1tica coloca os sistemas em risco de ataques de inje\u00e7\u00e3o de c\u00f3digo, como o uso do framework p\u00f3s-explora\u00e7\u00e3o\u00a0Godzilla. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":21915,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-21908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=21908"}],"version-history":[{"count":6,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21908\/revisions"}],"predecessor-version":[{"id":21914,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21908\/revisions\/21914"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/21915"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=21908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=21908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=21908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}