API tools faq
paste
Guest User

smartcat3

a guest
Mar 19th, 2016
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.34 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2. # encoding: utf-8
  3.  
  4. import cgi
  5. import subprocess
  6. import string
  7. import os
  8.  
  9. # FWIW: The same vulnerability was found in the real world ;)
  10. #       Devs have crazy ideas sometimes...
  11.  
  12. # The firewall only allows the strict minimum required for this chall, aka
  13. # OUTPUT on udp/53 and icmp. INPUT is port 80 only.
  14.  
  15. def sanity_check(txt):
  16.     charset = list(string.ascii_letters + string.digits + string.punctuation)
  17.  
  18.     for _ in r"$&\;`|*":
  19.         charset.remove(_)
  20.  
  21.     return any(c not in charset for c in txt)
  22.  
  23. print("Content-type: text/html")
  24. print
  25. print("""
  26. <html>
  27. <head>
  28.      <title>Can I haz Smart Cat ???</title>
  29.      <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.1.0/styles/github.min.css">
  30.      <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.1.0/highlight.min.js"></script>
  31.      <style>code { border: 1px solid black; padding: 10px; }</style>
  32. </head>
  33. <body>
  34.  <h3> Smart Cat interface [<a href="ping.cgi?src=1">source</a>]</h3>
  35. """)
  36.  
  37. form = cgi.FieldStorage()
  38. dest = form.getvalue("dest", "127.0.0.1")
  39. src = form.getvalue("src")
  40.  
  41.  
  42. if sanity_check(dest):
  43.     out = "Invalid characters!"
  44.     color = "red"
  45. else:
  46.     # No env tricks this time, find something that is not CGI-specific :)
  47.  
  48.     os.environ.clear()
  49.     try:
  50.         status = subprocess.call("ping -c1 " + dest,
  51.                                  timeout=2,
  52.                                  shell=True,
  53.                                  executable="/bin/bash",
  54.                                  stdin=None,
  55.                                  stdout=subprocess.PIPE,
  56.                                  stderr=subprocess.PIPE)
  57.     except subprocess.TimeoutExpired:
  58.         status = 1
  59.  
  60.     out = "Host is " + ("down" if status else "up")
  61.     color = "red" if status else "green"
  62.  
  63. print("""
  64.  <form method="post" action="ping.cgi">
  65.    <p>Host to check: <input type="text" name="dest" placeholder="127.0.0.1" /></p>
  66.  </form>
  67.  
  68.  <p>Status: <tt style="color: %s;">%s</tt></p>
  69.  <img src="../img/cat.jpg"/><!-- grimmlin loves cats -->
  70. """ % (color, cgi.escape(out)))
  71.  
  72. if src:
  73.     with open(__file__, "rb") as f:
  74.         print('<script>hljs.initHighlightingOnLoad();</script>')
  75.         print('''<pre><code class="python hljs">%s</code></pre>''' % cgi.escape(f.read().decode()))
  76.  
  77. print("</body></html>")
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!