From 3c2d290d17b739f14774dfcdf48581c1fb212286 Mon Sep 17 00:00:00 2001 From: epochqwert Date: Fri, 6 Feb 2015 02:32:04 -0600 Subject: some new tools. clump is useful. httpd got some better logging. cuturl got some bugfixes I think. todo is just a version of segfault's !todo but for shell. don't remember what I did to telnet-gateway.sh --- nocompile/bin/decode_html_entities | 4 +++ nocompile/bin/encode_html_entities | 4 +++ nocompile/bin/todo | 2 ++ nocompile/libexec/telnet-gateway.sh | 19 +++++++------- rebuild.sh | 4 +-- src/bin/clump.c | 37 ++++++++++++++++++++++++++++ src/bin/cuturl.c | 49 ++++++++++++++++++++----------------- src/libexec/httpd.c | 47 +++++++++++++++++++++++++++++++++-- 8 files changed, 130 insertions(+), 36 deletions(-) create mode 100755 nocompile/bin/decode_html_entities create mode 100755 nocompile/bin/encode_html_entities create mode 100755 nocompile/bin/todo create mode 100644 src/bin/clump.c diff --git a/nocompile/bin/decode_html_entities b/nocompile/bin/decode_html_entities new file mode 100755 index 0000000..08bd7c9 --- /dev/null +++ b/nocompile/bin/decode_html_entities @@ -0,0 +1,4 @@ +#!/bin/sh +sed "s/\>/>/g" \ + | sed "s/\<//\>/g" diff --git a/nocompile/bin/todo b/nocompile/bin/todo new file mode 100755 index 0000000..611a25b --- /dev/null +++ b/nocompile/bin/todo @@ -0,0 +1,2 @@ +#!/bin/sh +cat -n /var/todo/$USER.txt | shuffle -f-| head -n1 diff --git a/nocompile/libexec/telnet-gateway.sh b/nocompile/libexec/telnet-gateway.sh index aac9dd6..5b98cde 100755 --- a/nocompile/libexec/telnet-gateway.sh +++ b/nocompile/libexec/telnet-gateway.sh @@ -1,4 +1,7 @@ #!/bin/bash +export PATH=$PATH:/usr/local/bin:/usr/pkg/bin +export CUTURL_PORT=23 + grep "^telnet:" /var/www/sites/hacking/links.txt \ | cat -n printf "Which do you want to connect to?\nnumber: " @@ -10,12 +13,10 @@ serverURL=$(grep "^telnet:" /var/www/sites/hacking/links.txt \ | tail -n1) echo "You've selected: $serverURL (#$N)" printf "connecting in...\n" -for i in `seq 5 1`;do - printf "\r%d..." $i - sleep 1 -done -port=$(printf "%s" "$serverURL" | cuturl | grep ^port | cut '-d ' -f2) -exec ncat -i 600 $(printf "%s" "$serverURL" \ - | cuturl \ - | grep ^domain \ - | cut '-d ' -f2 ) $port +#for i in `seq 5 1`;do +# printf "\r%d..." $i +# sleep 1 +#done +port=$(printf "%s" "$serverURL" | cuturl --port) +#yes ncat. I *really* meant 10 minutes. why force me to use ms for that? +exec ncat -i 600000ms $(printf "%s" "$serverURL" | cuturl --domain ) $port diff --git a/rebuild.sh b/rebuild.sh index 6a7e829..f0f9877 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -10,7 +10,7 @@ for i in src/*;do jout=$(basename $j | cut -d. -f1) gcc -Wall -o $iout/$jout $j done - cp $iout/* /usr/local/$iout/ + cp -f $iout/* /usr/local/$iout/ done echo "building and installing tools without compiling..." for i in nocompile/*;do @@ -18,5 +18,5 @@ for i in nocompile/*;do for j in nocompile/$i/* out=$(basename $i);do jout=$(basename $j) done - cp $i/* /usr/local/$iout/ + cp -f $i/* /usr/local/$iout/ done diff --git a/src/bin/clump.c b/src/bin/clump.c new file mode 100644 index 0000000..18c8e5b --- /dev/null +++ b/src/bin/clump.c @@ -0,0 +1,37 @@ +#include +#include +#include + +//clumps together consecutive rows containing the same first column +//to have column 2- printed after a single column 1 value. +//just try it out. +//printf "a a\na b\na c\nb a\nb b\nc a\nc b\n" | clump +//still working on the name. + +int main() { + char line[256]; + char *id; + char *value; + char *oldid=malloc(1); + *oldid=0; + while(fgets(line,sizeof(line),stdin)) { + id=line; + if(strchr(line,'\n')) *strchr(line,'\n')=0; + if(strchr(id,' ')) { + value=strchr(id,' '); + *value=0; + value++; + } + if(strcmp(id,oldid)) { + if(*oldid != 0) { + printf("\n"); + } + printf("%s:",id); + free(oldid); + oldid=strdup(id); + } + printf(" %s",value); + } + printf("\n"); + return 0; +} diff --git a/src/bin/cuturl.c b/src/bin/cuturl.c index 4a2f3f5..f8b02c7 100644 --- a/src/bin/cuturl.c +++ b/src/bin/cuturl.c @@ -1,4 +1,4 @@ - +#include #include #include #include @@ -33,14 +33,6 @@ #define AorB(a,b) ((a)?(a):(b)) -#define DEFAULT_SCHEME AorB(getenv("CUTURL_SCHEME"),"DEFAULT") -#define DEFAULT_USERNAME AorB(getenv("CUTURL_USERNAME"),"DEFAULT") -#define DEFAULT_PASSWORD AorB(getenv("CUTURL_PASSWORD"),"DEFAULT") -#define DEFAULT_PORT AorB(getenv("CUTURL_PORT"),"DEFAULT") -#define DEFAULT_PATH AorB(getenv("CUTURL_PATH"),"DEFAULT") -#define DEFAULT_QUERY_STRING AorB(getenv("CUTURL_QUERY_STRING"),"DEFAULT") -#define DEFAULT_FRAGMENT_ID AorB(getenv("CUTURL_FRAGMENT_ID"),"DEFAULT") - #define F_SCHEME 1<<0 #define F_USERNAME 1<<1 #define F_PASSWORD 1<<2 @@ -63,13 +55,15 @@ int main(int argc,char *argv[]) { char *path=0; char *query_string=0; char *fragment_id=0; + char sport[10]; + struct servent *serv; //exactly 8 parts! let's store that in a byte. unsigned char flags=0; int i; int size=1024; char using_stdin=1; char malloced=0; - if(argc > 0) { + if(argc > 1) { if(!strcmp(argv[1],"--help") || !strcmp(argv[1],"-h")) { printf("usage: echo urls | cuturl [options]\n"); printf("usage: cuturl [options] url [options] [url]\n\n"); @@ -82,11 +76,16 @@ int main(int argc,char *argv[]) { } } while(1) { - // - // todo: add argument parsing - // + scheme=0; + username=0; + password=0; + domain=0; + port=0; + path=0; + query_string=0; + fragment_id=0; if(!using_stdin) flags=0; - if(argc > 0) { + if(argc > 1) { for(argc--,argv++;argc>0;argc--,argv++) { for(i=0;long_opts[i];i++) { if(!strncmp(*argv,"--",2)) { @@ -111,7 +110,7 @@ int main(int argc,char *argv[]) { } } if(using_stdin) { - line=malloc(size); + line=malloc(size+1); malloced=1; if(!fgets(line,size,stdin)) { return 0; @@ -133,7 +132,6 @@ int main(int argc,char *argv[]) { break; } } - if(path) { if(strchr(path,'?')) { query_string=strchr(path,'?'); @@ -213,14 +211,19 @@ int main(int argc,char *argv[]) { // printf("scheme://username:password@domain:port/path?query_string#fragment_id\n\n"); //let's set them to what'll get printed now... - scheme=AorB(scheme,DEFAULT_SCHEME); - username=AorB(username,DEFAULT_USERNAME); - password=AorB(password,DEFAULT_PASSWORD); + scheme=AorB(scheme,AorB(getenv("CUTURL_SCHEME"),"DEFAULT")); + username=AorB(username,AorB(getenv("CUTURL_USERNAME"),"DEFAULT")); + password=AorB(password,AorB(getenv("CUTURL_PASSWORD"),"DEFAULT")); //domain=domain; doesn't change. heh. - port=AorB(port,DEFAULT_PORT); - path=AorB(path,DEFAULT_PATH); - query_string=AorB(query_string,DEFAULT_QUERY_STRING); - fragment_id=AorB(fragment_id,DEFAULT_FRAGMENT_ID); + serv=getservbyname(scheme,strcmp(scheme,"udp")?"tcp":"udp"); + if(serv) snprintf(sport,sizeof(sport)-1,"%d",ntohs(serv->s_port)); + port=AorB(port,AorB(getenv("CUTURL_PORT"),(serv?sport:"DEFAULT"))); + //port=AorB(port,AorB(getenv("CUTURL_PORT"),"DEFAULT")); + + + path=AorB(path,AorB(getenv("CUTURL_PATH"),"DEFAULT")); + query_string=AorB(query_string,AorB(getenv("CUTURL_QUERY_STRING"),"DEFAULT")); + fragment_id=AorB(fragment_id,AorB(getenv("CUTURL_FRAGMENT_ID"),"DEFAULT")); if(flags) { if(flags&F_SCHEME) printf("%s\n",scheme); diff --git a/src/libexec/httpd.c b/src/libexec/httpd.c index 8ba9413..f22e139 100644 --- a/src/libexec/httpd.c +++ b/src/libexec/httpd.c @@ -15,6 +15,37 @@ #define CGI "cgi-bin" #define SERVER "epochttpd/2.0 (Unix)" +// WARNING: this http software is vulnerable. I'm leaving it that way. + +/* just notes for environment variables for CGIs when I need them. + +Key Value +DOCUMENT_ROOT The root directory of your server +HTTP_COOKIE The visitor's cookie, if one is set +HTTP_HOST The hostname of the page being attempted +HTTP_REFERER The URL of the page that called your program +HTTP_USER_AGENT The browser type of the visitor +HTTPS "on" if the program is being called through a secure server +PATH The system path your server is running under +QUERY_STRING The query string (see GET, below) +REMOTE_ADDR The IP address of the visitor +REMOTE_HOST The hostname of the visitor (if your server has + reverse-name-lookups on; otherwise this is the IP address again) +REMOTE_PORT The port the visitor is connected to on the web server +REMOTE_USER The visitor's username (for .htaccess-protected pages) +REQUEST_METHOD GET or POST +REQUEST_URI The interpreted pathname of the requested document or CGI + (relative to the document root) +SCRIPT_FILENAME The full pathname of the current CGI +SCRIPT_NAME The interpreted pathname of the current CGI (relative to + the document root) +SERVER_ADMIN The email address for your server's webmaster +SERVER_NAME Your server's fully qualified domain name (e.g. + www.cgi101.com) +SERVER_PORT The port number your server is listening on +SERVER_SOFTWARE The server software you're using (e.g. Apache 1.3) +*/ + void standard_headers() { printf("Server: %s\r\n",SERVER); printf("Connection: close\r\n"); @@ -33,7 +64,9 @@ int main(int argc,char *argv[]) { struct sockaddr_in6 sa6; unsigned int sl=sizeof(sa6); char h[NI_MAXHOST]; - if(getpeername(0,(struct sockaddr *)&sa6,&sl) == -1) syslog(LOG_WARNING,"getpeername: %m"); + openlog("httpd",LOG_PID,LOG_DAEMON); + if(getpeername(0,(struct sockaddr *)&sa6,&sl) == -1) + syslog(LOG_WARNING,"getpeername: %m"); getnameinfo((struct sockaddr *)&sa6,sl,h,sizeof(h),0,0,NI_NUMERICHOST); setenv("REMOTE_ADDR",h,1); if(!strchr(line,'\n')) { @@ -41,10 +74,10 @@ int main(int argc,char *argv[]) { standard_headers(); printf("Content-type: text/plain\r\n\r\n"); printf("use smaller (<%d bytes) headers.\n",getpagesize()); + syslog(LOG_WARNING,"413 Entity Too Large %s len: %d\n",h,strlen(line)); return 0; } if(strchr(line,'\r')) *strchr(line,'\r')=0; - syslog(LOG_WARNING,"%s %s\n",h,line); method=strdup(line); if((page=strchr(method,' '))) { *page=0; @@ -67,24 +100,32 @@ int main(int argc,char *argv[]) { standard_headers(); printf("Content-type: text/plain\r\n\r\n"); printf("use smaller (<%d bytes) headers.\n",getpagesize()); + syslog(LOG_WARNING,"413 somewhere in request line 2+: %s %d\n",h,strlen(line)); return 0; } if(strchr(line,'\r')) *strchr(line,'\r')=0; if(!strncasecmp(line,"Host: ",6)) { setenv("HTTP_HOST",line+6,1); } + if(!strncasecmp(line,"User-agent: ",12)) { + setenv("HTTP_USER_AGENT",line+12,1); + } if(!strcmp(line,"")) { break; } } alarm(0);//no more timeout. + // + syslog(LOG_WARNING,"%s: %s %s %s\n",h,getenv("HTTP_USER_AGENT"),page,get_param); //TODO: sanitize this. if(chdir(VHOST_ROOT) == -1) { printf("HTTP/1.1 500 Internal Server Error\r\n"); standard_headers(); printf("Content-type: text/html\r\n\r\ncouldn't chdir(\"%s\");",VHOST_ROOT); + syslog(LOG_WARNING,"can't chdir to VHOST_ROOT: %s",VHOST_ROOT); exit(3); } + //I had fun exploiting this. :) if(chdir((char*)getenv("HTTP_HOST")) == -1) { if(chdir(SITES_ROOT) != -1) { if(chdir("default") == -1) { @@ -92,6 +133,7 @@ int main(int argc,char *argv[]) { printf("HTTP/1.1 500 Internal Server Error\r\n"); standard_headers(); printf("Content-type: text/html\r\n\r\nfuck"); + syslog(LOG_WARNING,"can't chdir to default site dir."); exit(1); } //we're good. @@ -100,6 +142,7 @@ int main(int argc,char *argv[]) { standard_headers(); printf("Content-type: text/html\r\n\r\ncouldn't chdir(\"%s\");",SITES_ROOT); //wtf? no sites dir??? + syslog(LOG_WARNING,"can't chdir to SITES_ROOT: %s",SITES_ROOT); exit(2); } } -- cgit v1.2.3