def update(self): data_obj = data.Data() build_path = data_obj.get_build_path() docker = Client() container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) print('Installing new build dependencies...') build_deps = "" for dep in data_obj.get_build_deps_to_install(): build_deps = build_deps + " " + dep for line in container_obj.execute("apt-get install -y " + build_deps): print(line, end="") print('Removing old build dependencies...') build_deps = "" for dep in data_obj.get_build_deps_to_remove(): build_deps = build_deps + " " + dep for line in container_obj.execute("apt-get purge -y " + build_deps): print(line, end="") print('Removing orphaned dependencies...') for line in container_obj.execute("apt-get autoremove -y"): print(line, end="") print("Installing new app dependencies...") deps = "" for dep in data_obj.get_deps_to_install(): deps = deps + " " + dep for line in container_obj.execute('rm -rf /tmp/debs && mkdir /tmp/debs && cd /tmp/debs && apt-get download ' + deps): print(line, end="") print('Decompressing new dependencies...') container_obj.execute('ls -1 /tmp/debs | while read line ; do dpkg-deb -R /tmp/debs/$line /mnt/appimager/build ; done') print('Removing old dependencies...') container_obj.execute('ls -1 /tmp/debs | while read line ; do dpkg-deb -R /tmp/debs/$line /mnt/appimager/build ; done') print('Configuring permissions...') container_obj.execute('chown -R ' + str(os.getuid()) + ':' + str(os.getgid()) + ' /mnt/appimager/build') shutil.rmtree('build/DEBIAN') print('Writing lock file...') data_obj.write_lock_file() print("Complete")
def package(self): data_obj = data.Data() path = data_obj.get_work_path() # Also search for dependency binaries and libraries next to myself dependenciesdir = path + "/usr/" os.environ['PATH'] = dependenciesdir + "/bin:" + os.getenv('PATH') # print os.environ['PATH'] lddp = os.getenv('LD_LIBRARY_PATH') if lddp == None: lddp = "" os.environ['LD_LIBRARY_PATH'] = dependenciesdir + "/lib:" + lddp sourcedir = path destinationfile = data_obj.get_out_path() should_compress = True if should_compress == True: if not os.path.exists(sourcedir): print("Application work directory not found: %s" % (sourcedir)) exit(1) if should_compress == True: H = xdgappdir.AppDirXdgHandler(sourcedir) iconfile = H.get_icon_path_by_icon_name(H.get_icon_name_from_desktop_file(H.desktopfile)) if iconfile == None: print("Icon could not be found based on information in desktop file") #exit(1) print("Creating %s..." % (destinationfile)) if os.path.exists(destinationfile): print (_("Destination path already exists, exiting")) # xorriso would append another session to a pre-existing image exit(1) # As great as xorriso is, as cryptic its usage is :-( command = ["xorriso", "-joliet", "on", "-volid", "AppImage", "-dev", destinationfile, "-padding", "0", "-map", sourcedir, "/", "--", "-map", iconfile, "/.DirIcon", "-zisofs", "level=9:block_size=128k:by_magic=off", "-chown_r", "0", "/", "--", "set_filter_r", "--zisofs", "/" ] subprocess.Popen(command).communicate() print("ok") print("Embedding runtime...") elf = os.path.realpath(os.path.dirname(__file__)) + "/runtime" s = open(elf, 'rb') f = open(destinationfile, 'rb+') f.write(bytes(s.read())) f.close() s.close() print("ok") print("Making %s executable..." % (destinationfile)) os.chmod(destinationfile, 0o755) print("ok") filesize = int(os.stat(destinationfile).st_size) print (_("Size: %f MB") % (filesize/1024/1024))
def setup(self): data_obj = data.Data() path = data_obj.get_work_path() docker = Client() print('Setting up environment, please wait...') volume = os.getcwd() container_name = data_obj.get_path_hash() docker.create_container( 'nimbusoft/appimager', tty=True, command="/bin/bash", name=container_name, volumes=['/mnt/appimager'], host_config=docker.create_host_config(binds={ os.getcwd(): { 'bind': '/mnt/appimager', 'mode': 'rw', } })) docker.start(container_name) print('Setup Complete')
def install(self): data_obj = data.Data() yaml = data_obj.get_yml_data() arch = data_obj.architecture() if not os.path.exists("build"): print("Creating build directory") os.mkdir("build") print("Downloading app dependencies...") for package, version in yaml['require'].items(): url = "https://archive.archlinux.org/packages/" + package[ 0] + "/" + package + "/" + package + "-" + version + "-" + arch + ".pkg.tar.xz" def reporthook(blocknum, blocksize, totalsize): readsofar = blocknum * blocksize if totalsize > 0: percent = readsofar * 1e2 / totalsize s = "\rDownloading " + package + " (" + version + ") %5.1f%% %*d / %dK" % ( percent, len(str(totalsize)), readsofar / 1024, totalsize / 1024) sys.stderr.write(s) if readsofar >= totalsize: # near the end sys.stderr.write("\n") else: # total size is unknown sys.stderr.write("read %d\n" % (readsofar, )) urlretrieve(url, "build/" + package + ".tar.xz", reporthook) print("Complete")
def build(self): data_obj = data.Data() container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) yml_data = data_obj.get_yml_data() for line in container_obj.execute('cd /mnt/appimager/cwd && ' + yml_data['build']): print(line, end="") if 'integration' in yml_data.keys(): print('Setting up desktop integration...') for line in container_obj.execute( 'wget -O /mnt/appimager/build/' + yml_data['integration'] + '.wrapper https://raw.githubusercontent.com/probonopd/AppImageKit/master/desktopintegration' ): print(line) for line in container_obj.execute( 'chmod +x /mnt/appimager/build/' + yml_data['integration'] + '.wrapper'): print(line) print('Configuring permissions...') container_obj.execute('chown -R ' + str(os.getuid()) + ':' + str(os.getgid()) + ' /mnt/appimager/build')
def __init__(self, args, logger, cfg): self.pool = ThreadPoolExecutor(cfg['max_threads']) self.logger = logger self.data = data.Data(logger=logger, redis_host=cfg['master_redis_host'], redis_port=cfg['master_redis_port'], redis_db=cfg['master_redis_db']) self.payments = payments.Payments( logger=logger, data=self.data, redis_host=cfg['payments_redis_host'], redis_port=cfg['payments_redis_port'], redis_db=cfg['payments_redis_db']) self.payments.initialize(args.config_path) handlers = [ # Payments (r'/api/v1/order/(.*)', api.payments.OrderApiHandler), ] settings = dict( cookie_secret= "%T38*30$25^G2N43@13%6*0-OJtRew@134^7(OjgTR$4yIJv042!-8y74+5+=JI&TGu6t58", login_url="", xsrf_cookies=False, template_path=os.path.join(os.path.dirname(__file__), "templates"), static_path=os.path.join(os.path.dirname(__file__), "templates/static"), autoescape=None, ) # prepend path to each handler with path to the app tornado.web.Application.__init__(self, handlers, **settings)
def package(self): data_obj = data.Data() container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) for line in container_obj.execute( 'AppImageAssistant.AppImage /mnt/appimager/build /mnt/appimager/out/' + data_obj.get_name()): print(line, end="")
def stop(self): data_obj = data.Data() container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) print('Stopping container...') container_obj.stop() print("Container stopped")
def execute(self, command): data_obj = data.Data() cmd = self.docker.exec_create( self.name, '/bin/sh -c "' + data_obj.get_env_vars_string(True) + ' && ' + command + '"') cmd_id = cmd['Id'] for line in self.docker.exec_start(cmd_id, stream=True): yield (line.decode('ascii'))
def start(self): data_obj = data.Data() container_name = data_obj.get_path_hash() docker = container.Container(container_name) print('Starting container...') docker.start() print("Container started")
def stop(self): data_obj = data.Data() container_name = data_obj.get_path_hash() docker = Client() print('Stopping container...') docker.stop(container_name) print("Container stopped")
def build(self): data_obj = data.Data() container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) yml_data = data_obj.get_yml_data() for line in container_obj.execute('cd /mnt/appimager && ' + yml_data['build']): print(line, end="") print('Configuring permissions...') container_obj.execute('chown -R ' + str(os.getuid()) + ':' + str(os.getgid()) + ' /mnt/appimager/build')
def run_poller_worker(*args, **kwargs): logger = config.get_logger(kwargs['log_path'], kwargs['name']) try: db = data.Data(logger, kwargs['redis_host'], kwargs['redis_port'], kwargs['redis_db']) p = PollerWorker(logger, kwargs['name'], db, None, kwargs['config_path']) logger.info('Starting poller worker: {0}'.format(kwargs['name'])) p.run(args, kwargs) except Exception as e: logger.error( 'ERROR: Exception in run_poller_worker: {0}\r\n{1}'.format( e, traceback.format_exc()))
def destroy(self): data_obj = data.Data() container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) print('Stopping container...') container_obj.stop() print('Destroying container...') container_obj.destroy() print("Container destroyed")
def __init__(self, args, logger, cfg): self.logger = logger self.data = data.Data(logger=logger, redis_host=cfg['master_redis_host'], redis_port=cfg['master_redis_port'], redis_db=cfg['master_redis_db']) handlers = [ # Google (r'/gl/login/?(.*)', google.GoogleLoginHandler), (r'/gl/logout/?', google.GoogleLogoutHandler), # Facebook (r'/fb/login', facebook.AuthLoginHandler), (r'/fbp/login', facebook.AuthLoginHandler, dict(m='p')), (r'/fbg/login', facebook.AuthLoginHandler, dict(m='g')), (r'/fba/login', facebook.AuthLoginHandler, dict(m='pg')), (r'/fb/logout', facebook.AuthLogoutHandler), # Twitter (r'/tw/login', twitter.AuthLoginHandler), (r'/tw/logout', twitter.AuthLogoutHandler), # Tumblr (r'/tl/login', tumblr.AuthLoginHandler), (r'/tl/logout', tumblr.AuthLogoutHandler), # Flickr (r'/fr/login', flickr.AuthLoginHandler), (r'/fr/logout', flickr.AuthLogoutHandler), # 500px (r'/5p/login', px500.AuthLoginHandler), (r'/5p/logout', px500.AuthLogoutHandler), # LinkedIn (r'/in/login', linkedin.AuthLoginHandler), (r'/in/logout', linkedin.AuthLogoutHandler), # RSS (r'/feed/??', feed.FeedHandler), # API (r'/api/v1/view/(.*)', api.view.ViewApiHandler), (r'/api/v1/user/?(.*)', api.user.UserApiHandler), (r'/api/v1/account/(.*)', api.account.AccountApiHandler), (r'/api/v1/source/(.*)', api.source.SourceApiHandler), (r'/api/v1/service/?(.*)', api.service.ServiceApiHandler), ] settings = dict( cookie_secret="%T38*30$25^G2N43@13%6*0-OJtRew@134^7(OjgTR$4yIJv042!-8y74+5+=JI&TGu6t58", login_url="", xsrf_cookies=False, template_path=os.path.join(os.path.dirname(__file__), "templates"), static_path=os.path.join(os.path.dirname(__file__), "templates/static"), autoescape=None, api_path=cfg['api_path'], payments_node=cfg['payments_node'] ) # prepend path to each handler with path to the app tornado.web.Application.__init__(self, handlers, **settings)
def install(self): data_obj = data.Data() build_path = data_obj.get_build_path() docker = Client() if not os.path.exists(build_path): print("Creating build directory") os.mkdir(build_path) container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) print("Downloading app dependencies...") deps = "" for dep in data_obj.get_deps(): deps = deps + " " + dep for line in container_obj.execute('rm -rf /tmp/debs && mkdir /tmp/debs && cd /tmp/debs && apt-get download ' + deps): print(line, end="") print('Decompressing dependencies...') for line in container_obj.execute('ls -1 /tmp/debs | while read line ; do dpkg-deb -R /tmp/debs/$line /mnt/appimager/build ; done'): print(line) print('Configuring permissions...') container_obj.execute('chown -R ' + str(os.getuid()) + ':' + str(os.getgid()) + ' /mnt/appimager/build') shutil.rmtree('build/DEBIAN') print('Writing lock file...') data_obj.write_lock_file() print("Complete")
def main(): if not len(sys.argv): print("[!] Not Enough Arguments!") # TODO: Add usage sys.exit(0) parser = argparse.ArgumentParser() parser.add_argument("url", help="URL to test for LFI") parser.add_argument("-d", "--data", help="Use data:// technique", action="store_true") parser.add_argument("-i", "--input", help="Use input:// technique", action="store_true") parser.add_argument("-e", "--expect", help="Use expect:// technique", action="store_true") parser.add_argument("-f", "--filter", help="Use filter:// technique", action="store_true") parser.add_argument("-p", "--proc", help="Use /proc/self/environ technique", action="store_true") parser.add_argument("-a", "--access", help="Apache access logs technique", action="store_true") parser.add_argument("-ns", "--nostager", help="execute payload directly, do not use stager", action="store_true") parser.add_argument("-r", "--relative", help="use path traversal sequences for attack", action="store_true") parser.add_argument("--ssh", help="SSH auth log poisoning", action="store_true") parser.add_argument("-l", "--location", help="path to target file (access log, auth log, etc.)") parser.add_argument("--cookies", help="session cookies for authentication") args = parser.parse_args() url = args.url nostager = args.nostager relative = args.relative cookies = args.cookies parsed = urllib.parse.urlsplit(url) print(colors("[~] Checking Target: {0}".format(parsed.netloc), 93)) # if ping(parsed.netloc): # print(colors("[+] Target looks alive ", 92)) # else: # print(colors("[!] Target irresponsive ", 91)) # sys.exit(1) if not parsed.query: print(colors("[!] No GET parameter Provided ", 91)) # TODO: Find a better way to do these checks if args.data: print(colors("[~] Testing with data:// ", 93)) d = data.Data(url, nostager, cookies) d.execute_data() elif args.input: print(colors("[~] Testing with input:// ", 93)) i = Input.Input(url, nostager, cookies) i.execute_input() elif args.expect: print(colors("[~] Testing with expect:// ", 93)) e = Expect.Expect(url, nostager, cookies) e.execute_expect() elif args.proc: print(colors("[~] /proc/self/environ Technique Selected!", 93)) i = proc.Environ(url, nostager, relative, cookies) i.execute_environ() elif args.access: print(colors("[~] Testing for Apache access.log poisoning", 93)) if not args.location: print(colors("[~] Log Location Not Provided! Using Default", 93)) l = '/var/log/apache2/access.log' else: l = args.location a = accesslog(url, l, nostager, relative, cookies) a.execute_logs() elif args.ssh: print(colors("[~] Testing for SSH log poisoning ", 93)) if not args.location: print(colors("[~] Log Location Not Provided! Using Default", 93)) l = '/var/log/auth.log' else: l = args.location a = sshlog.SSHLogs(url, l, relative, cookies) a.execute_ssh() elif args.filter: print(colors("[~] Testing with expect://", 93)) f = Filter.Filter(url, cookies) f.execute_filter() else: print(colors("[!] Please select atleast one technique to test", 91)) sys.exit(0)
parser.add_argument('--redis_port', default=6379, type=int) parser.add_argument('--redis_host', default='127.0.0.1') parser.add_argument('--redis_db', default=0, type=int) parser.add_argument('--log_path', required=True) parser.add_argument('--gid_set', required=True) parser.add_argument('--period', default=60, type=int) args = parser.parse_args() logging.basicConfig(format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %H:%M:%S') logger = logging.getLogger(__name__) logger.addHandler( config.getLogHandler(os.path.join(args.log_path, 'poller_test.log'))) logger.level = logging.DEBUG data = data.Data(logger, args.redis_host, args.redis_port, args.redis_db) while True: logger.warning( 'Invoking poll for all, next poll in {0} seconds'.format( args.period)) with open(args.gid_set) as f_set: gid_set = [gid.strip() for gid in f_set.readlines()] logger.info('Read [{0}] gids'.format(len(gid_set))) for n in range(0, len(gid_set)): gid = gid_set[randint(0, len(gid_set) - 1)] logger.info('Invoking rebalance for [{0}]'.format(gid)) data.rc.sadd(S1.register_set(), gid) data.register_gid(gid) t = randint(5, 20)
def setup(self): data_obj = data.Data() yml = data_obj.get_yml_data() docker = Client() print('Setting up environment, please wait...') volume = os.getcwd() base_os_version = yml['base'] container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) print('Pulling Ubuntu ' + str(base_os_version) + '...') docker.pull('ubuntu', str(base_os_version)) data_obj = data.Data() print('Creating container...') docker.create_container('ubuntu:' + str(base_os_version), tty=True, command="/bin/bash", name=container_name, volumes=['/mnt/appimager'], host_config=docker.create_host_config(privileged=True, cap_add=['SYS_ADMIN'], binds={ os.getcwd(): { 'bind': '/mnt/appimager/cwd', 'mode': 'ro', }, data_obj.get_work_path(): { 'bind': '/mnt/appimager/work', 'mode': 'rw', }, data_obj.get_build_path(): { 'bind': '/mnt/appimager/build', 'mode': 'rw', }, data_obj.get_out_path(): { 'bind': '/mnt/appimager/out', 'mode': 'rw', } })) print('Starting container...') container_obj.start() print('Updating APT repositories...') for line in container_obj.execute("apt-get update"): print(line, end="") print('Installing common dependencies...') for line in container_obj.execute('apt-get -y install software-properties-common python-software-properties wget fuse'): print(line, end="") print('Downloading AppImageAssistant...') for line in container_obj.execute('wget -O /usr/bin/AppImageAssistant.AppImage https://github.com/probonopd/AppImageKit/releases/download/6/AppImageAssistant_6-' + data_obj.architecture() + '.AppImage && chmod +x /usr/bin/AppImageAssistant.AppImage'): print(line, end="") print('Adding additional APT repositories...') for repo in data_obj.get_repositories(): for line in container_obj.execute('add-apt-repository -y ' + repo): print(line, end="") print('Updating APT repositories...') for line in container_obj.execute("apt-get update"): print(line, end="") print('Installing build dependencies...') build_deps = "" for dep in data_obj.get_build_deps(): build_deps = build_deps + " " + dep for line in container_obj.execute("apt-get install -y " + build_deps): print(line, end="") print('Writing lock file...') data_obj.write_lock_file() print('Setup Complete')
def get_data(logger, redis_host, redis_port, redis_db): return data.Data(logger, redis_host, redis_port, redis_db)
def setup(self): data_obj = data.Data() yml = data_obj.get_yml_data() docker = Client() print('Setting up environment, please wait...') volume = os.getcwd() base_os_version = yml['base'] container_name = data_obj.get_path_hash() container_obj = container.Container(container_name) print('Pulling Ubuntu ' + str(base_os_version) + '...') docker.pull('ubuntu', str(base_os_version)) print('Creating container...') docker.create_container('ubuntu:' + str(base_os_version), tty=True, command="/bin/bash", name=container_name, volumes=['/mnt/appimager'], host_config=docker.create_host_config( privileged=True, cap_add=['SYS_ADMIN'], binds={ os.getcwd(): { 'bind': '/mnt/appimager', 'mode': 'rw', } })) print('Starting container...') container_obj.start() print('Updating APT repositories...') for line in container_obj.execute("apt-get update"): print(line, end="") print('Installing common dependencies...') for line in container_obj.execute( 'apt-get -y install software-properties-common python-software-properties' ): print(line, end="") print('Adding additional APT repositories...') for repo in data_obj.get_repositories(): for line in container_obj.execute('add-apt-repository -y ' + repo): print(line, end="") print('Updating APT repositories...') for line in container_obj.execute("apt-get update"): print(line, end="") print('Installing build dependencies...') build_deps = "" for dep in data_obj.get_build_deps(): build_deps = build_deps + " " + dep for line in container_obj.execute("apt-get install -y " + build_deps): print(line, end="") print('Writing lock file...') data_obj.write_lock_file() print('Setup Complete')