search

1N3 / Sn1per

Attack Surface Management Platform
https://sn1persecurity.com
Other
7.93k stars 1.82k forks source link

Command Execution Add-on returns no output #287

Closed 1N3 closed 4 years ago

1N3 commented 4 years ago

I am having the same issue, no results, no action, just he spinning blue circle.

image

Originally posted by @GraylockInc in https://github.com/1N3/Sn1per/issues/281#issuecomment-689163159

1N3 commented 4 years ago

@graylockinc can you try running the same command from the command line to see if any errors are displayed?

GraylockInc commented 4 years ago

Yes, I tried the same process with a clean load on Kali 2020.3, the latest version of FireFox.

1N3 commented 4 years ago

Yes, I tried the same process with a clean load on Kali 2020.3, the latest version of FireFox.

Were there any errors when you ran the same command from the command line?

Also, what happens if you just run a quick test scan (ie. target: 127.0.0.1 mode: fullportonly)? Do the results display in the command execution add-on window?

GraylockInc commented 4 years ago

From terminal everything runs as it should, from the command line module in the sniper web console it just freezes and does nothing when you choose an option, "top" shows nothing running as sniper in the background as well, so the actions are not executing for some reason.

1N3 commented 4 years ago

From terminal everything runs as it should, from the command line module in the sniper web console it just freezes and does nothing when you choose an option, "top" shows nothing running as sniper in the background as well, so the actions are not executing for some reason.

Thanks.

What happens if you run a 'reimport' on a given workspace (ie. from workspace navigator, select a workspace, from the "Quick Commands" section under Workspace Management, choose 'reimport all' and click 'Run'. Does the command complete and show the results?

GraylockInc commented 4 years ago

Status is the only command that is working.

GraylockInc commented 4 years ago

Just tried FireFox in safe mode with all options and addons disabled, same result.

1N3 commented 4 years ago

Okay.. Can you tail the error.log (tail -F /usr/share/sniper/pro/error.log) and run a simple scan command from the web UI (ie. target: 127.0.0.1 mode: fullportonly) and paste any relevant errors received after?

GraylockInc commented 4 years ago

[Thu Sep 10 14:17:32.400102 2020] [php7:notice] [pid 3557396] [client 192.168.137.23:54256] PHP Notice: Undefined index: show in /usr/share/sniper/pro/workspace-report.php on line 196, referer: https://192.168.137.210:1337/pro/workspace-navigator.php [Thu Sep 10 14:17:38.151076 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: target in /usr/share/sniper/pro/addons/server-scan.php on line 113, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151122 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt1 in /usr/share/sniper/pro/addons/server-scan.php on line 113, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151136 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt2 in /usr/share/sniper/pro/addons/server-scan.php on line 113, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151147 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt3 in /usr/share/sniper/pro/addons/server-scan.php on line 113, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151158 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt4 in /usr/share/sniper/pro/addons/server-scan.php on line 113, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151172 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt1 in /usr/share/sniper/pro/addons/server-scan.php on line 135, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151210 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt2 in /usr/share/sniper/pro/addons/server-scan.php on line 135, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151224 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt3 in /usr/share/sniper/pro/addons/server-scan.php on line 135, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 14:17:38.151235 2020] [php7:notice] [pid 3557397] [client 192.168.137.23:54267] PHP Notice: Undefined variable: opt4 in /usr/share/sniper/pro/addons/server-scan.php on line 135, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla

1N3 commented 4 years ago

hmm.. unfortunately, these are just PHP notices and no errors are reported.

I do see "PHP Notice: Undefined variable: target in /usr/share/sniper/pro/addons/server-scan.php on line 113, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla" but I guess that means you are using a multi-host scan mode and not a single target scan mode. Is that correct?

If you're using a multi-host scan mode and a target list, I think there's a chance there's something invalid in the list you're using. If possible, can you please email the exact list to support@xerosecurity.com? I can at least test/confirm the same list/command on my test instance to see if I can troubleshoot further and isolate the issue.

GraylockInc commented 4 years ago

Single host has the exact same result.

[Thu Sep 10 15:34:29.418181 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined index: filename in /usr/share/sniper/pro/addons/server-scan.php on line 11, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418239 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt1 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418258 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt2 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418271 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt3 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418283 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt4 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418296 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt1 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418308 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt2 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418320 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt3 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:29.418333 2020] [php7:notice] [pid 3557399] [client 192.168.137.23:54846] PHP Notice: Undefined variable: opt4 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663669 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined index: filename in /usr/share/sniper/pro/addons/server-scan.php on line 11, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663749 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt1 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663795 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt2 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663811 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt3 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663823 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt4 in /usr/share/sniper/pro/addons/server-scan.php on line 47, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663837 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt1 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663849 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt2 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663861 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt3 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla [Thu Sep 10 15:34:54.663872 2020] [php7:notice] [pid 3557400] [client 192.168.137.23:54848] PHP Notice: Undefined variable: opt4 in /usr/share/sniper/pro/addons/server-scan.php on line 58, referer: https://192.168.137.210:1337/pro/workspace-report.php?workspace=tesla

GraylockInc commented 4 years ago

It doesn't matter what the target is, it's always the same result in the web console, manually copying and running the command in terminal there are no issues. Rather strange.

1N3 commented 4 years ago

Not sure what the issue is exactly, but was this working before fine?

My only other thought is just verifying the permissions of the www-data user as that can cause commands not to run.

Can you send the output of the below command?

grep www /etc/sudoers
GraylockInc commented 4 years ago

output was blank

1N3 commented 4 years ago

Ah okay... that's definitely the issue then.

You can run the following to fix that:

cp -v /etc/sudoers /etc/sudoers.bak
echo 'www-data ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers

This is included in the installer, but it may have failed or not ran for some reason. shrugs

GraylockInc commented 4 years ago

Perfect! That solved it! Thank you!

1N3 commented 4 years ago

No prob man... not sure why that happened, but glad it's fixed now 👍