some new tools. clump is useful. httpd got some better logging. cuturl got some bugfixes I think. todo is just a version of segfault's !todo but for shell. don't remember what I did to telnet-gateway.sh

author: epochqwert <epoch@53flpnlls43fcguy.onion> 2015-02-06 02:32:04 -0600
committer: epochqwert <epoch@53flpnlls43fcguy.onion> 2015-02-06 02:32:04 -0600
commit: 3c2d290d17b739f14774dfcdf48581c1fb212286 (patch)
tree: 4b3bcf021e9994c21030aad99f84831ad31dbe02 /src/libexec
parent: abe09a4717370f331b050ad39da3a7e9a478f02d (diff)
download: misc-3c2d290d17b739f14774dfcdf48581c1fb212286.tar.gz
misc-3c2d290d17b739f14774dfcdf48581c1fb212286.zip
1 files changed, 45 insertions, 2 deletions
diff --git a/src/libexec/httpd.c b/src/libexec/httpd.c
index 8ba9413..f22e139 100644
--- a/src/libexec/httpd.c
+++ b/src/libexec/httpd.c
@@ -15,6 +15,37 @@
 #define CGI "cgi-bin"
 #define SERVER "epochttpd/2.0 (Unix)"
 
+// WARNING: this http software is vulnerable. I'm leaving it that way.
+
+/* just notes for environment variables for CGIs when I need them.
+
+Key             Value
+DOCUMENT_ROOT   The root directory of your server
+HTTP_COOKIE     The visitor's cookie, if one is set
+HTTP_HOST       The hostname of the page being attempted
+HTTP_REFERER    The URL of the page that called your program
+HTTP_USER_AGENT The browser type of the visitor
+HTTPS           "on" if the program is being called through a secure server
+PATH            The system path your server is running under
+QUERY_STRING    The query string (see GET, below)
+REMOTE_ADDR     The IP address of the visitor
+REMOTE_HOST     The hostname of the visitor (if your server has
+                reverse-name-lookups on; otherwise this is the IP address again)
+REMOTE_PORT     The port the visitor is connected to on the web server
+REMOTE_USER     The visitor's username (for .htaccess-protected pages)
+REQUEST_METHOD  GET or POST
+REQUEST_URI     The interpreted pathname of the requested document or CGI
+                (relative to the document root)
+SCRIPT_FILENAME The full pathname of the current CGI
+SCRIPT_NAME     The interpreted pathname of the current CGI (relative to
+                the document root)
+SERVER_ADMIN    The email address for your server's webmaster
+SERVER_NAME     Your server's fully qualified domain name (e.g.
+                www.cgi101.com)
+SERVER_PORT     The port number your server is listening on
+SERVER_SOFTWARE The server software you're using (e.g. Apache 1.3)
+*/
+
 void standard_headers() {
  printf("Server: %s\r\n",SERVER);
  printf("Connection: close\r\n");
@@ -33,7 +64,9 @@ int main(int argc,char *argv[]) {
  struct sockaddr_in6 sa6;
  unsigned int sl=sizeof(sa6);
  char h[NI_MAXHOST];
- if(getpeername(0,(struct sockaddr *)&sa6,&sl) == -1) syslog(LOG_WARNING,"getpeername: %m");
+ openlog("httpd",LOG_PID,LOG_DAEMON);
+ if(getpeername(0,(struct sockaddr *)&sa6,&sl) == -1) 
+  syslog(LOG_WARNING,"getpeername: %m");
  getnameinfo((struct sockaddr *)&sa6,sl,h,sizeof(h),0,0,NI_NUMERICHOST);
  setenv("REMOTE_ADDR",h,1);
  if(!strchr(line,'\n')) {
@@ -41,10 +74,10 @@ int main(int argc,char *argv[]) {
   standard_headers();
   printf("Content-type: text/plain\r\n\r\n");
   printf("use smaller (<%d bytes) headers.\n",getpagesize());
+  syslog(LOG_WARNING,"413 Entity Too Large %s len: %d\n",h,strlen(line));
   return 0;
  }
  if(strchr(line,'\r')) *strchr(line,'\r')=0;
- syslog(LOG_WARNING,"%s %s\n",h,line);
  method=strdup(line);
  if((page=strchr(method,' '))) {
   *page=0;
@@ -67,24 +100,32 @@ int main(int argc,char *argv[]) {
    standard_headers();
    printf("Content-type: text/plain\r\n\r\n");
    printf("use smaller (<%d bytes) headers.\n",getpagesize());
+   syslog(LOG_WARNING,"413 somewhere in request line 2+: %s %d\n",h,strlen(line));
    return 0;
   }
   if(strchr(line,'\r')) *strchr(line,'\r')=0;
   if(!strncasecmp(line,"Host: ",6)) {
    setenv("HTTP_HOST",line+6,1);
   }
+  if(!strncasecmp(line,"User-agent: ",12)) {
+   setenv("HTTP_USER_AGENT",line+12,1);
+  }
   if(!strcmp(line,"")) {
    break;
   }
  }
  alarm(0);//no more timeout.
+ //
+ syslog(LOG_WARNING,"%s: %s %s %s\n",h,getenv("HTTP_USER_AGENT"),page,get_param);
  //TODO: sanitize this.
  if(chdir(VHOST_ROOT) == -1) {
    printf("HTTP/1.1 500 Internal Server Error\r\n");
    standard_headers();
    printf("Content-type: text/html\r\n\r\ncouldn't chdir(\"%s\");",VHOST_ROOT);
+   syslog(LOG_WARNING,"can't chdir to VHOST_ROOT: %s",VHOST_ROOT);
    exit(3);
  }
+ //I had fun exploiting this. :)
  if(chdir((char*)getenv("HTTP_HOST")) == -1) {
   if(chdir(SITES_ROOT) != -1) {
    if(chdir("default") == -1) {
@@ -92,6 +133,7 @@ int main(int argc,char *argv[]) {
     printf("HTTP/1.1 500 Internal Server Error\r\n");
     standard_headers();
     printf("Content-type: text/html\r\n\r\nfuck");
+    syslog(LOG_WARNING,"can't chdir to default site dir.");
     exit(1);
    }
    //we're good.
@@ -100,6 +142,7 @@ int main(int argc,char *argv[]) {
    standard_headers();
    printf("Content-type: text/html\r\n\r\ncouldn't chdir(\"%s\");",SITES_ROOT);
    //wtf? no sites dir???
+   syslog(LOG_WARNING,"can't chdir to SITES_ROOT: %s",SITES_ROOT);
    exit(2);
   }
  }
author	epochqwert <epoch@53flpnlls43fcguy.onion>	2015-02-06 02:32:04 -0600
committer	epochqwert <epoch@53flpnlls43fcguy.onion>	2015-02-06 02:32:04 -0600
commit	3c2d290d17b739f14774dfcdf48581c1fb212286 (patch)
tree	4b3bcf021e9994c21030aad99f84831ad31dbe02 /src/libexec
parent	abe09a4717370f331b050ad39da3a7e9a478f02d (diff)
download	misc-3c2d290d17b739f14774dfcdf48581c1fb212286.tar.gz misc-3c2d290d17b739f14774dfcdf48581c1fb212286.zip