filewriteexploitsimulator

command module

v0.0.0-...-31091ff Latest Latest Go to latest Published: Apr 18, 2024 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/magisterquis/filewriteexploitsimulator

Links

Open Source Insights

README ¶

File Write Exploit Simulator

Simulates an arbitrary file write exploit. Written to demonstrate how being able to stick arbitrary data in arbitrary files is one step away from code execution.

Very much not production-quality code. Don't run this unless you know exactly what you're doing. Put it nowhere near the internet.

For legal use only.

Features

Arbitrary file write
Arbitrary file read
JSON logging
Optional required HTTP basic auth
Logged creds
Questionable code quality
TLS with a self-signed certificate

Quickstart

Make sure to have the Go compiler installed.

Download and build

go install github.com/magisterquis/filewriteexploitsimulator@latest

Start serving

filewriteexploitsimulator -write-root / -basic-auth kittens:zoomies

There'll be a log line with the TLS fingerprint, something like

{"time":"2024-04-18T00:46:17.41510871+02:00","level":"INFO","msg":"Starting HTTPS server","address":"0.0.0.0:4433","tls_fingerprint":"9nkpEPFYzXMxoVTGImPROp+qkk+B1QQIut2jX4qohgY="}

Send someone a cURL comand

curl -u kittens:zoomies -svk --pinnedpubkey sha256//9nkpEPFYzXMxoVTGImPROp+qkk+B1QQIut2jX4qohgY= https://10.2.0.2:4433

Usage

Usage: filewriteexploitsimulator [options]

Simulates an arbitrary file write exploit.  Not safe.

Options:
  -basic-auth username:password
    	If set, required basic auth username:password
  -debug
    	Enable debug logging
  -listen address
    	Listen address (default "0.0.0.0:4433")
  -log logfile
    	Optional logfile
  -perms mode
    	Octal file mode, for file creation (default "0644")
  -read-root directory
    	Root directory for file reads (default "/")
  -request-timeout duration
    	Maximum HTTP request duration (default 10m0s)
  -server-header header
    	HTTP Server header (default "filewriteexploitsimulator v0.0.0")
  -write-root directory
    	Root directory for file writes

Arbitrary Read

Anything under the directory specified with -read-root (by default /) may be read by passing the path to a file or directory as the path of a GET request.

Arbitrary Write

If -write-root is set to a directory files under that directory may be written with a POST request. Missing directories won't be created.

For a true exploit simulation, run as root with -write-root /.

Security

In practical terms, none.

A username and password can be set with -basic-auth, but this should in no way be trusted. On the other hand, it'd probably make a pretty neat demo for a timing attack or stealing creds from logs or something.

Documentation ¶

Overview ¶

Program filewriteexploitsimulator - Simulates an arbitrary file write exploit

Source Files ¶

View all Source files

filewriteexploitsimulator.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL