diff --git a/srv/www/DB/config.sqlite b/srv/www/DB/config.sqlite deleted file mode 100644 index e69de29b..00000000 diff --git a/srv/www/bin/db_builder.py b/srv/www/bin/db_builder.py deleted file mode 100644 index aa15ef02..00000000 --- a/srv/www/bin/db_builder.py +++ /dev/null @@ -1,278 +0,0 @@ -#!/usr/bin/env python -# linked to schema for web.py - -import defusedxml.ElementTree as ElementTree -import os -import sqlite3 - -requests = '..' + os.path.sep + "/etc/signatures.xml" -config = '..' + os.path.sep + 'DB' + os.path.sep + 'webserver.sqlite' - -# honeydb builder - can get database name - so be careful what you name it -honeydb = '..' + os.path.sep + 'DB' + os.path.sep + 'config.sqlite' - -def build_DB(): - # type: () -> object - # This is not necessary by connecting to the db it creates the file. - #db_is_new = not os.path.exists(config) - #if db_is_new: - # print 'configuration database is not initialized' - # sys.exit(0) - - # check if log directory exists - - #if not os.path.isdir(logdir): - # print 'log directory does not exist. '+logdir - # sys.exit(0) - - # each time we start, we start a new log file by appending to timestamp to access.log - #logfile = logdir+os.path.sep+'access.log.'+str(time.time()) - # not using above using dB for logging now. - - conn = sqlite3.connect(config) - c = conn.cursor() - - #Creates table for signatures will reference responses table below - imports xml from glastopf - # https://github.com/mushorg/glastopf/blob/master/glastopf/requests.xml - c.execute('''CREATE TABLE IF NOT EXISTS Sigs - ( - ID integer primary key, - patternDescription text, - patternString text, - db_ref text, - module text - ) - ''') - #Create's main table to reference all tables based on signatures. - #c.execute('''CREATE TABLE IF NOT EXISTS responses - # ( - # ID integer primary key, - # SigID integer, - # HdrID integer, - # PageID integer, - # SQLID integer, - # XSS integer, - # FileInject integer, - # module text - # ) - # ''') - - - - #Creates table for responses based on useragents.RefID will be IndexID - c.execute('''CREATE TABLE IF NOT EXISTS HdrResponses - ( - ID integer, - SigID integer, - HeaderField text, - dataField text - ) - ''') - #Creates table for response pages, don't actually want to serve up pages based on www - # hopefully all these requests don't get jacked with sql injection - c.execute('''CREATE TABLE IF NOT EXISTS paths - ( - SigID integer, - path text, - OSPath text - ) - ''') - # hopefully all these requests don't get jacked with sql injection - c.execute('''CREATE TABLE IF NOT EXISTS SQLResp - ( - SigID integer, - SQLInput text, - SQLOutput text - ) - ''') - # Create table to respond to XSS - c.execute('''CREATE TABLE IF NOT EXISTS XSSResp - ( - SigID integer, - ScriptReq text primary key, - ScriptResp text - ) - ''') - # Create table to respond to rfi - c.execute('''CREATE TABLE IF NOT EXISTS RFIResp - ( - SigID integer, - protocol text primary key, - remoteuri text - ) - ''') - # Create table to respond to file inclusion attack (metasploit and what not) - lofty but would be cool - c.execute('''CREATE TABLE IF NOT EXISTS FileResp - ( - ID integer, - SigID integer, - FileNamePost text, - FileDataPost blob, - FileTextPost text, - OSPath text, - FileResp blob, - CowrieRef text - ) - ''') - #post logging database - c.execute('''CREATE TABLE IF NOT EXISTS postlogs - ( - ID integer primary key, - date text, - headers text, - address text, - cmd text, - path text, - useragent text, - vers text, - formkey text, - formvalue text, - summary text - ) - ''') - #where the files go when someone uploads something - c.execute('''CREATE TABLE IF NOT EXISTS files - ( - ID integer primary key, - RID integer, - filename text, - DATA blob - ) - ''') - # gotta log the request somewhere. - c.execute('''CREATE TABLE IF NOT EXISTS requests - ( - date text, - headers text, - address text, - cmd text, - path text, - useragent text, - vers text, - summary text, - targetip text - ) - ''') - # Creates table for useragent unique values - refid will be response refid - c.execute('''CREATE TABLE IF NOT EXISTS useragents - ( - ID integer primary key, - refid integer, - useragent text, - CONSTRAINT useragent_unique UNIQUE (useragent) - ) - ''') - # Creates table for responses based on useragents.refid will be IndexID - c.execute('''CREATE TABLE IF NOT EXISTS responses - ( - ID integer primary key, - RID integer, - HeaderField text, - dataField text - ) - ''') - - # Create some standard header data for vulnerable servers - try: - server_headers = [ - ("1","1", "Server", "Apache/2.0.1"), - ("1","1", "Content-Type", "text/html"), - ("1","1", "Connection", "keep-alive") - ] - c.executemany("""INSERT INTO HdrResponses VALUES (?,?,?,?)""", server_headers) - except sqlite3.IntegrityError: - pass - finally: - conn.commit() - #ok let's load up the sigs - try: - with open(requests, 'rt') as f: - tree = ElementTree.parse(f) - signature = () - id = 'null' - desc = 'null' - str = 'null' - db_ref = 'null' - mod = 'null' - sigid = 'null' - table = 'null' - ptrnrqst = 'null' - rspnsetorqst = 'null' - for node in tree.iter(): - if node.tag == 'id': - id = node.text - if node.tag == 'patternDescription': - desc = node.text - if node.tag == 'patternString': - str = node.text - if node.tag == 'db_ref': - db_ref = node.text - if node.tag == 'module': - mod = node.text - if node.tag == 'sigID': - sigid = node.text - if node.tag == 'table': - table = node.text - if node.tag == 'patternRequest': - ptrnrqst = node.text - if node.tag == 'responseToRequest': - rspnsetorqst = node.text - if sigid != 'null' and table != 'null' and ptrnrqst != 'null' and rspnsetorqst != 'null': - try: - responses = [ - (table, sigid, ptrnrqst, rspnsetorqst) - ] - c.execute("""INSERT INTO """ + table + """ VALUES (?,?,?)""", [sigid, ptrnrqst, rspnsetorqst]) - table = 'null' - sigid = 'null' - ptrnrqst = 'null' - rspnsetorqst = 'null' - id = 'null' - desc = 'null' - str = 'null' - db_ref = 'null' - mod = 'null' - except sqlite3.IntegrityError: - pass - finally: - conn.commit() - if id != 'null' and desc != 'null' and str != 'null' and db_ref != 'null' and mod != 'null': - try: - signature = [ - (id, desc, str, db_ref, mod) - ] - c.executemany("""INSERT INTO Sigs VALUES (?,?,?,?,?)""", signature) - table = 'null' - sigid = 'null' - ptrnrqst = 'null' - rspnsetorqst = 'null' - id = 'null' - desc = 'null' - str = 'null' - db_ref = 'null' - mod = 'null' - except sqlite3.IntegrityError: - pass - finally: - conn.commit() - except sqlite3.IntegrityError: - pass - finally: - conn.commit() - - conn.close() - - #build honeydb - conn = sqlite3.connect(honeydb) - c = conn.cursor() - #build DB - - - conn.close() - - -if __name__ == '__main__': - #Create a web server and define the handler to manage the - #incoming request - build_DB() - diff --git a/srv/www/bin/sigmatch.py b/srv/www/bin/sigmatch.py deleted file mode 100644 index 2b070998..00000000 --- a/srv/www/bin/sigmatch.py +++ /dev/null @@ -1,243 +0,0 @@ -#!/usr/bin/env python -# linked to schema for web.py - -import re -import os -import sqlite3 -import time - - -def sigmatch(self, pattern, module): - config = '..' + os.path.sep + 'DB' + os.path.sep + 'webserver.sqlite' - honeydb = '..' + os.path.sep + 'DB' + os.path.sep + 'config.sqlite' - conn = sqlite3.connect(config) - c = conn.cursor() - match = 0 - pathmatch = c.execute("""SELECT patternString FROM Sigs""").fetchall() - for i in pathmatch: - if re.match(i[0], pattern) is not None: - sigDescription = c.execute("""SELECT patternDescription FROM Sigs WHERE patternString=?""", - [str(i[0])]).fetchone() - try: - if str(self.headers['user-agent']) is not None: - useragentstring = '%s' & str(self.headers['user-agent']) - except: - useragentstring = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36" - SigID = c.execute("""SELECT id FROM Sigs WHERE module=?""", [str(module)]).fetchone() - #self.send_header('Content-type', 'text/html') - #self.send_header('Server', 'Apache/2.0.1') - #self.send_response(200) # OK - #self.end_headers() - # display vuln page based on sigdescription - and set headers based on OSTarget - #response = c.execute("""SELECT * FROM HdrResponses WHERE SigID=?""", (str(SigID[0]))).fetchall() - #for r in response: - # hdrResponse = c.execute("""SELECT * FROM HdrResponses WHERE SigID=?""", (str(SigID[0]))).fetchall() - # if hdrResponse is not None: - # for i in hdrResponse: - # self.send_header(i[2], i[3]) - try: - db_ref = c.execute("""SELECT db_ref FROM Sigs WHERE ID=?""", [str(SigID[0])]).fetchone() - response = c.execute( - """SELECT * FROM """ + str(db_ref[0]) + """ WHERE SigID=?""", [str(SigID[0])]).fetchall() - except: - print ('Error detecting response DB.') - print ('SigID[0]') - print ('db_ref[0]') - if module == 'lfi': - for i in response: - if re.match(i[1], pattern) is not None: - match = 1 - responsepath = eval(str(i[2])) - f = open(responsepath) - self.wfile.write(f.read()) - f.close() - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: " + \ - sigDescription[0] + " - - " + pattern) - print(self.client_address[ - 0 - ] + " - - [" + self.date_time_string() + "] - - Responded with " + str( - module - ) + " response page.") - c.execute( - """INSERT INTO requests (date, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?)""", - ( - self.date_time_string(), - self.client_address[0], - self.command, self.path, - useragentstring, - self.request_version, - "Malicious pattern" + str(sigDescription) - ) - ) - conn.commit() - conn.close() - return match - if module == 'xss': - for i in response: - if re.match(i[1], pattern) is not None: - match = 1 - script = re.sub(r'\<|\/|\>|script', r'', pattern) - responsepath = eval(str(i[2])) - f = open(responsepath) - message = f.read().replace('Hello world', script,1) - self.wfile.write(message) - f.close() - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: " + \ - sigDescription[0] + " - - " + pattern) - print(self.client_address[ - 0 - ] + " - - [" + self.date_time_string() + "] - - Responded with " + str( - module - ) + " response page.") - c.execute( - """INSERT INTO requests (date, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?)""", - ( - self.date_time_string(), - self.client_address[0], - self.command, self.path, - useragentstring, - self.request_version, - "Malicious pattern" + str(sigDescription) - ) - ) - conn.commit() - conn.close() - return match - if module == 'phpmyadmin': - for i in response: - if re.match(i[1], pattern) is not None: - match = 1 - responsepath = eval(str(i[2])) - f = open(responsepath) - self.wfile.write(f.read()) - f.close() - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: " + \ - sigDescription[0] + " - - " + pattern) - print(self.client_address[ - 0 - ] + " - - [" + self.date_time_string() + "] - - Responded with " + str( - module - ) + " response page.") - c.execute( - """INSERT INTO requests (date, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?)""", - ( - self.date_time_string(), - self.client_address[0], - self.command, self.path, - useragentstring, - self.request_version, - "Malicious pattern" + str(sigDescription) - ) - ) - conn.commit() - conn.close() - return match - if module == 'robots': - for i in response: - if re.match(i[1], pattern) is not None: - match = 1 - responsepath = eval(str(i[2])) - f = open(responsepath, 'rb') - self.wfile.write(f.read()) - f.close() - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: " + \ - sigDescription[0] + " - - " + pattern) - print(self.client_address[ - 0 - ] + " - - [" + self.date_time_string() + "] - - Responded with " + str( - module - ) + " response page.") - c.execute( - """INSERT INTO requests (date, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?)""", - ( - self.date_time_string(), - self.client_address[0], - self.command, self.path, - useragentstring, - self.request_version, - "Malicious pattern" + str(sigDescription) - ) - ) - conn.commit() - conn.close() - return match - if module == 'rfi': - for i in response: - if re.match(i[1], pattern) is not None: - match = 1 - uri = re.findall(i[2], pattern) - remotefiledir = '..' + os.path.sep + 'html' + os.path.sep + 'www' - domain = sitecopy.sitecopy(uri[0], remotefiledir) - webdirlst = os.listdir(remotefiledir) - remote_file_path = '' - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: " + \ - sigDescription[0] + " - - " + pattern) - # Only downloads domain from site - to prevent being an open proxy - also has sleep to prevent DDOS. - for site in webdirlst: - remote_file_path = os.path.join(remotefiledir, domain) - if os.path.isfile(remote_file_path): # os.path.isfile(file_path): - # os.listdir(file_path) - f = open(remote_file_path) - self.wfile.write(f.read()) - time.sleep(1) - f.close() - c.execute( - """INSERT INTO requests (date, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?)""", - ( - self.date_time_string(), - self.client_address[0], - self.command, self.path, - useragentstring, - self.request_version, - "Malicious pattern" + str(sigDescription) - ) - ) - conn.commit() - conn.close() - return match - if module == 'sqli': - for i in response: - if re.match(i[1], pattern) is not None: - match = 1 - if "insert" in pattern: - script = re.sub(r'^.+insert', r'', pattern) - message = (i[2]).replace('replace', script, 1) - self.wfile.write(message) - else: - self.wfile.write(str(i[2])) - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: " + \ - sigDescription[0] + " - - " + pattern) - print(self.client_address[ - 0 - ] + " - - [" + self.date_time_string() + "] - - Responded with " + str( - module - ) + "response page.") - c.execute( - """INSERT INTO requests (date, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?)""", - ( - self.date_time_string(), - self.client_address[0], - self.command, self.path, - useragentstring, - self.request_version, - "Malicious pattern" + str(sigDescription) - ) - ) - conn.commit() - conn.close() - return match - conn.close() - -if __name__ == '__main__': - #Create a web server and define the handler to manage the - #incoming request - try: - sigmatch() - except: - print("Requires basehttpserver response, match, and module.") diff --git a/srv/www/bin/web.py b/srv/www/bin/web.py deleted file mode 100755 index 42485f34..00000000 --- a/srv/www/bin/web.py +++ /dev/null @@ -1,402 +0,0 @@ -#!/usr/bin/env python3 - -from http.server import BaseHTTPRequestHandler,HTTPServer -import ssl -import socket -from urllib.parse import urlparse -import db_builder -import sigmatch -import os -import sqlite3 -import time -import cgi -import re -import requests -import sys - -# Default port - feel free to change -PORT_NUMBER = 8000 -PRODSTRING = 'Apache/3.2.3' - - -# got a webserver DB and will prolly have honeypot DB for dorks if we have sqlinjection -config = '..' + os.path.sep + 'DB' + os.path.sep + 'webserver.sqlite' -honeydb = '..' + os.path.sep + 'DB' + os.path.sep + 'config.sqlite' -# will be if user sets up SSL cert and key -certpath = '..' + os.path.sep + 'domain.crt' -keypath = '..' + os.path.sep + 'domain.key' - -# Query to DShield API to determine local public IP address - -try: - local_pub_IP = requests.get('https://www4.dshield.org/api/myip?json', verify = True) -except requests.exceptions.RequestException as e: - raise SystemExit(e) -print("My IP Address %s" % (local_pub_IP.json()['ip'],)) - - -# have to build Certificates to get this to work with https requests - recommend to do so, better data - -# name them the same as the ../server.cert and ../server.key or change above. -# openssl req \ -# -newkey rsa:2048 -nodes -keyout domain.key \ -# -x509 -days 365 -out domain.crt -if not os.path.exists(certpath) and not os.path.exists(keypath): - _USE_SSL = False -else: - _USE_SSL = True - - -def build_db(): - dbpath = '..' + os.path.sep + 'DB' - if not os.path.exists(dbpath): - print('DB directory not found creating directory.') - os.makedirs(dbpath) - db_builder.build_DB() - -class SecureHTTPServer(HTTPServer): - def __init__(self, server_address, handlerclass): - HTTPServer.__init__(self, server_address, myhandler) - ctx = ssl.Context(ssl.SSLv23_METHOD) - # server.pem's location (containing the server private key and - # the server certificate). - ctx.use_privatekey_file('server.key') - ctx.use_certificate_file('server.crt') - self.socket = ssl.Connection(ctx, socket.socket(self.address_family, - self.socket_type)) - self.server_bind() - self.server_activate() - -# This class will handles any incoming request from -# the browser -class myhandler(BaseHTTPRequestHandler): - ''' #not using this but will - log_file = open(logfile, 'w') - def log_message(self, format, *args): - self.log_file.write("%s - - [%s] %s\n" % - (self.client_address[0], - self.log_date_time_string(), - format % args)) - ''' - server_version="GoAhead-Webs" - sys_version="" - def do_GET(self): - webpath = '..' + os.path.sep + 'srv' + os.path.sep + 'www' + os.path.sep - webpath_exists = os.path.exists(webpath) - if webpath_exists: - webdirlst = os.listdir(webpath) - file_path = '' - for i in webdirlst: - site = i - file_path = os.path.join(webpath, i) - dte = time.time() - targetip = local_pub_IP.json()['ip'] - # Each self. item specified here as a variable needs to be specified in models.py as well so that the db has a column to store it. - address = self.client_address[0] - cmd = '%s' % self.command # same as ubelow - path = '%s' % self.path # see below comment - headers = '%s' % self.headers - # content_len = int(self.headers.getheader('content-length', 0)) - # body = self.rfile.read(content_len) - - try: - if str(self.headers['user-agent']) is not None: - useragentstring = str(self.headers['user-agent']) - except: - useragentstring = "" - #self.send_response(200) - rvers = '%s' % self.request_version - c.execute("""INSERT INTO requests (date, headers, address, cmd, path, useragent, vers, summary,targetip) VALUES(?, ?, ?, ?, ?, ?, ?, ?,?)""", - (dte, headers, address, cmd, path, useragentstring, rvers, '- Standard Request.',targetip)) - try: - c.execute("""INSERT INTO useragents (useragent) VALUES (?)""", [useragentstring]) - except sqlite3.IntegrityError: - refid = c.execute("""SELECT refid FROM useragents WHERE useragent=?""", [useragentstring]).fetchone() - if str(refid[0]) != "None": - resp = c.execute("""SELECT * FROM responses WHERE RID=?""", (str(refid[0]))).fetchall() - for i in resp: - self.send_header(i[2], i[3]) - #self.send_header('Date', self.date_time_string(time.time())) - #self.end_headers() - else: - print(self.client_address[ - 0 - ] + " - - [" + self.date_time_string() + "] - - Useragent: '" + useragentstring + "' needs a custom response.") - self.send_response(200) # OK - self.send_header('Content-type', 'text/html') - self.end_headers() - except: - self.send_response(200) - # file deepcode ignore TooPermissiveCors: Not worried about CORS policy as this is intentionally vulnerable to web exploits. - self.send_header('Access-Control-Allow-Origin','*') - self.send_header('Content-type', 'text/html') - self.server_version=PRODSTRING - self.end_headers() - self.send_response(200) - self.send_header('Access-Control-Allow-Origin', '*') - self.send_header('Content-type', 'text/html') - self.server_version=PRODSTRING - self.end_headers() - # going to use xml or DB for this - - # glastopf sigs https://github.com/mushorg/glastopf/tree/master/glastopf - # or matches xml page see - https://github.com/mushorg/glastopf/blob/master/glastopf/requests.xml - #match = 0 - #sigmatch(self, path, 'robots') - if webpath_exists: # os.path.isfile(file_path): - try: - refid = c.execute("""SELECT ID FROM sites WHERE site=?""", (site,)).fetchone() - siteheaders = c.execute("""SELECT * FROM responses WHERE RID=?""", (str(refid[0]))).fetchall() - for i in siteheaders: - self.send_header(i[1], i[2]) - except: - pass - #os.listdir(file_path) - f = open(file_path) - self.wfile.write(f.read()) - f.close() - conn.commit() - if sigmatch.sigmatch(self, path, 'robots') == 1: - pass - elif sigmatch.sigmatch(self, path, 'lfi') == 1: - pass - elif sigmatch.sigmatch(self, path, 'rfi') == 1: - pass - elif sigmatch.sigmatch(self, path, 'phpmyadmin') == 1: - pass - else: # default - message_parts = [ - '\ - Upload\ -
\ - \ -
\ -
\ - Form Using GET\ -
\ -

Username:

\ -

Password:

\ - \ -
\ -
\ -

 

\ - ' - ] - message = '\r\n'.join(message_parts) - try: - self.wfile.write(message.encode()) - except: - print("IO Error writing response.") - - conn.commit() - return - - def do_HEAD(self): - self.send_response(200) - self.send_header('Access-Control-Allow-Origin', '*') - self.send_header('Content-type', 'text/html') - self.server_version=PRODSTRING - self.end_headers() - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: HEAD request - looking for open proxy.") - - def do_CONNECT(self): - if not _USE_SSL: - self.send_response(200) - self.send_header('Access-Control-Allow-Origin', '*') - self.send_header('Content-type', 'text/html') - self.send_header('Server', PRODSTRING) - self.server_version=PRODSTRING - self.end_headers() - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Malicious pattern detected: CONNECT request - looking for open proxy.") - - def do_POST(self): - # Parse the form data posted - # try: - dte = time.time() - address = '%s' % self.client_address[0] - cmd = '%s' % self.command - path = '%s' % self.path - headers = '%s' % self.headers - - try: - if str(self.headers['user-agent']) is not None: - useragentstring = str(self.headers['user-agent']) - except: - useragentstring = "" - - rvers = '%s' % self.request_version - c.execute('''INSERT INTO postlogs (date, headers, address, cmd, path, useragent, vers, summary) VALUES(?, ?, ?, ?, ?, ?, ?, ?)''', - (dte, headers, address, cmd, path, useragentstring, rvers, "- standard post")) - try: - c.execute('''INSERT INTO useragents (useragent) VALUES (?)''', [useragentstring]) - except sqlite3.IntegrityError: - refid = c.execute("""SELECT refid FROM useragents WHERE useragent=?""", [useragentstring]).fetchone() - if str(refid[0]) != "None": - resp = c.execute("""SELECT * FROM responses WHERE RID=?""", (str(refid[0]))).fetchall() - for i in resp: - self.send_header(i[2], i[3]) - self.send_header('Date', self.date_time_string(time.time())) - self.end_headers() - else: - print(self.client_address[ - 0] + " - - [" + self.date_time_string() + "] - - Useragent: '" + useragentstring + "' needs a custom response.") - self.send_response(200) # OK - self.send_header('Content-type', 'text/html') - self.end_headers() - # Manage post variables code set - # CITATION: http://stackoverflow.com/questions/4233218/python-basehttprequesthandler-post-variables - ctype, pdict = cgi.parse_header(self.headers['content-type']) - if ctype == 'multipart/form-data': - postvars = cgi.parse_multipart(self.rfile, pdict) - elif ctype == 'application/x-www-form-urlencoded': - length = int(self.headers['content-length']) - postvars = urlparse.parse_qs(self.rfile.read(length), keep_blank_values=1) - else: - postvars = {} - # Signatures identification section - will eventually - # or matches xml page see - https://github.com/mushorg/glastopf/blob/master/glastopf/requests.xml - match = 0 - conn.commit() - sigmatch.sigmatch(self, path, 'lfi') - sigmatch.sigmatch(self, path, 'robots') - sigmatch.sigmatch(self, path, 'rfi') - - for key in sorted(postvars): - val = postvars[key] - conn.commit() - sigmatch.sigmatch(self, val[0], 'sqli') - sigmatch.sigmatch(self, val[0], 'xss') - - if match != 1: - # Get the "Back" link. - back = self.path if self.path.find('?') < 0 else self.path[:self.path.find('?')] - - # Display the POST variables. - self.wfile.write(b'') - self.wfile.write(b' ') - self.wfile.write(b' Server POST Response') - self.wfile.write(b' ') - self.wfile.write(b' ') - self.wfile.write(b'

POST variables (%d).

' % (len(postvars))) - - if len(postvars): - # Write out the POST variables in 3 columns. - - self.wfile.write(b' ') - self.wfile.write(b' ') - i = 0 - for key in sorted(postvars): - i += 1 - val = postvars[key] - if key == "upfile": - refid = c.execute("""SELECT ID FROM postlogs WHERE ID=(SELECT MAX(ID) FROM postlogs)""").fetchone() - try: - c.execute("""INSERT INTO files (rid, filename, data) VALUES(?, ?, ?)""", - (str(refid[0]), key, val[0])) - except: - print("Need to handle binaries.") - else: - c.execute("""INSERT INTO postlogs (date, address, cmd, path, useragent, vers, formkey, formvalue)""" - """VALUES (?, ?, ?, ?, ?, ?, ?, ?)""", - (dte, address, cmd, path, useragentstring, rvers, key, val[0])) - self.wfile.write(b' ') - self.wfile.write(b' ' % i) - self.wfile.write(b' ' % key) - self.wfile.write(b' ' % val[0]) - self.wfile.write(b' ') - self.wfile.write(b' ') - self.wfile.write(b'
%d%s%s
') - - self.wfile.write(b'

Back

' % back) - self.wfile.write(b' ') - self.wfile.write(b'') - conn.commit() - return - - def deal_post_data(self): - boundary = self.headers.plisttext.split("=")[1] - remainbytes = int(self.headers['content-length']) - line = self.rfile.readline() - remainbytes -= len(line) - if boundary not in line: - return False, "Content NOT begin with boundary" - line = self.rfile.readline() - remainbytes -= len(line) - fn = re.findall(r'Content-Disposition.*name="file"; filename="(.*)"', line) - dfn=dir(fn) - if not dfn: - return False, "Can't find our file name..." - # TODO: is translate path ever defined? - path = self.translate_path(self.path) - fn = os.path.join(path, fn[0]) - line = self.rfile.readline() - remainbytes -= len(line) - line = self.rfile.readline() - remainbytes -= len(line) - try: - # deepcode ignore PT: Snyk interperets this as taking unsantized input. False positive. - out = open(fn, 'wb') - #magic.from_file(out) - except IOError: - return False, "Can't create file to write, do you have permission to write?" - - preline = self.rfile.readline() - remainbytes -= len(preline) - while remainbytes > 0: - line = self.rfile.readline() - remainbytes -= len(line) - if boundary in line: - preline = preline[0:-1] - if preline.endswith('\r'): - preline = preline[0:-1] - out.write(preline) - out.close() - return True, "File '%s' upload success!" % fn - else: - out.write(preline) - preline = line - return False, "Unexpected End of data." - -if __name__ == "__main__": - # check if pid file exists - pidfile = '/tmp/wwwpy.pid' - if os.path.exists(pidfile): - with open(pidfile,'r') as f: - pid = f.read() - pid = pid.strip() - if pid != '' and os.path.exists('/proc/'+pid): - sys.exit('web.py appears to be already running') - else: - print(f"stale lockfile for pid {pid}. Will overwrite.") - # setup a pid file - pid = os.getpid() - with open(pidfile,'w') as f: - f.write(str(pid)) - try: - # Create a web server, DB and define the handler to manage the - # incoming request - build_db() - conn = sqlite3.connect(config) - c = conn.cursor() - try: - server = HTTPServer(('', PORT_NUMBER), myhandler) - except OSError as e: - print("Something is already listening on port %s" % (PORT_NUMBER,)) - os.remove(pidfile) - sys.exit() - server.serve_forever() - if _USE_SSL: - server.socket = ssl.wrap_socket(server.socket, keyfile=keypath, - certfile=certpath, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1_2) - print("using SSL") - - print('Started httpserver on port ', PORT_NUMBER) - # Wait forever for incoming http requests - server.serve_forever() - except KeyboardInterrupt: - print('^C received, shutting down the web server') - os.remove(pidfile) - try: - conn.close() - except NameError: - pass diff --git a/srv/www/etc/signatures.xml b/srv/www/etc/signatures.xml deleted file mode 100644 index cdb80fbf..00000000 --- a/srv/www/etc/signatures.xml +++ /dev/null @@ -1,228 +0,0 @@ - - - - 1 - remote file inclusion - - RFIResp - rfi - - - 1 - RFIResp
- - - - - 2 - php code injection - - - unknown - - - 3 - basic php code execution - - - unknown - - - 4 - SQL benchmark and sleep - - - unknown - - - 5 - SQL injection - - SQLResp - sqli - - - 5 - SQLResp
- - replace

]]> - - - 5 - SQLResp
- - id=1,username=admin,password=admin123

id=2,username=webuser,password=password123

]]> - - - 5 - SQLResp
- - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"' at line 5

]]> - - - 5 - SQLResp
- - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"' at line 5

]]> - - - 8 - basic XSS - .+]]> - XSSResp - xss - - - 8 - XSSResp
- - '..'+ os.path.sep + 'html' + os.path.sep + 'js' + os.path.sep + 'hello.html' - - - 9 - JS properties and objects - - - unknown - - - 10 - local file inclusion linux - - paths - lfi - - - 11 - paths
- - '..'+ os.path.sep + 'html' + os.path.sep + 'etc' + os.path.sep + 'passwd' - - - 10 - paths
- - '..'+ os.path.sep + 'html' + os.path.sep + 'etc' + os.path.sep + 'passwd' - - - 11 - paths
- - '..'+ os.path.sep + 'html' + os.path.sep + 'etc' + os.path.sep + 'shadow' - - - 10 - paths
- - '..'+ os.path.sep + 'html' + os.path.sep + 'etc' + os.path.sep + 'shadow' - - - 11 - local file inclusion windows - |,]+)+.*]]> - paths - lfi - - - 12 - XSS - - XSSResp - xss - - - 12 - XSSResp
- - '..'+ os.path.sep + 'html' + os.path.sep + 'js' + os.path.sep + 'hello.html' - - - 13 - favicon.ico - - - unknown - - - 14 - style.css - - - style_css - - - 15 - robots.txt - - paths - robots - - - 15 - paths
- - '..'+ os.path.sep + 'html' + os.path.sep + 'robots.txt' - - - 16 - PHPMyAdmin - - paths - phpmyadmin - - - 16 - paths
- - '..'+ os.path.sep + 'html' + os.path.sep + 'phpMyAdmin.html' - - - 17 - comment spam - - - comments - - - 18 - login brute force - - - login - - - 19 - tomcat manager - - - tomcat_manager - - - 20 - tomcat manager status - - - tomcat_status - - - 21 - PHP CGI Source code disclosure CVE-2012-1823 - - - php_cgi_rce - - - 22 - PHP CGI Remote command execution CVE-2012-1823 - - - php_cgi_rce - - - 23 - Common PHPInfo test/debug resources - - - phpinfo - - \ No newline at end of file