From 8c542d83091f9ba5ccb095fad730651f8e6c1eef Mon Sep 17 00:00:00 2001 From: Epoch Qwert Date: Thu, 23 Oct 2014 01:20:02 -0500 Subject: fixed gopherd's LFI and added excuting files. httpd had flushing issues. realpath is new! does what it says. gives absolute path of a file. deddos, peerip, peerip.pl, were laying around elsewhere. gethostbyname got a new trick. can do decimal addresses among other things. hop0 is a shell script that gets what IP will be put on the source address of outgoing packets sent to $1. rtfs. --- nocompile/libexec/gopherd.sh | 33 +++++++++++++++++++++++++++++++++ nocompile/libexec/peerip.pl | 5 +++++ 2 files changed, 38 insertions(+) create mode 100755 nocompile/libexec/gopherd.sh create mode 100755 nocompile/libexec/peerip.pl (limited to 'nocompile/libexec') diff --git a/nocompile/libexec/gopherd.sh b/nocompile/libexec/gopherd.sh new file mode 100755 index 0000000..6d12cd6 --- /dev/null +++ b/nocompile/libexec/gopherd.sh @@ -0,0 +1,33 @@ +#!/bin/bash +#I'm aware of the LFI. Have fun looking around my server. +read -t 10 req +base="$1" +req=$(echo "$req" | tr -d '\r') +realpath=$(realpath ${base}${req}) +if grep -v "^${base}" <<< "${realpath}" > /dev/null;then + echo ${base} + echo ${realpath} + exit 1 +fi +hostname=$(/usr/local/bin/hop0 $(/usr/local/libexec/peerip)) +type=$(file "${realpath}" | cut -d: -f2-) +if grep directory <<< "$type" 2>&1 > /dev/null; then + if [ -e "${realpath}/.header" ];then + cat "${realpath}/.header" | sed "s/^/i&/g" | sed "s/\$/"`printf "\r"`"/g" + fi + for i in $(ls "${realpath}");do + stype=$(file "${realpath}/${i}" | cut -d: -f2-) + if grep directory <<< "$stype" 2>&1 > /dev/null; then + printf "1%s\t%s\t%s\t70\r\n" ${req}/${i} ${req}/${i} $hostname + else + printf "0%s\t%s\t%s\t70\r\n" ${req}/${i} ${req}/${i} $hostname + fi + done + printf ".\r\n" +else + if stat "${realpath}" | cut '-d ' -f3 | grep x >/dev/null;then + "${realpath}" + else + cat "${realpath}" + fi +fi diff --git a/nocompile/libexec/peerip.pl b/nocompile/libexec/peerip.pl new file mode 100755 index 0000000..2000ad9 --- /dev/null +++ b/nocompile/libexec/peerip.pl @@ -0,0 +1,5 @@ +#!/usr/pkg/bin/perl +use Socket; +($port,$addr) = sockaddr_in(getpeername(STDIN)); +print inet_ntoa($addr) . "\n"; + -- cgit v1.2.3