search

BlackArch / blackarch

An ArchLinux based distribution for penetration testers and security researchers.
https://www.blackarch.org
Other
2.82k stars 570 forks source link

[upstream] cmseek: write error to workdir #2245

Closed noraj closed 5 years ago

noraj commented 5 years ago 
$  which cmseek
/bin/cmseek
$ cat /bin/cmseek
#!/bin/sh
cd /usr/share/cmseek
exec python3 cmseek.py "$@"

similar too https://github.com/epinna/weevely3/issues/98

$  cmseek -u http://10.0.0.1/
Traceback (most recent call last):
  File "cmseek.py", line 72, in <module>
    target = cmseek.process_url(s)
  File "/usr/share/cmseek/cmseekdb/basic.py", line 177, in process_url
    init_result_dir(target)
  File "/usr/share/cmseek/cmseekdb/basic.py", line 221, in init_result_dir
    os.makedirs(result_dir)
  File "/usr/lib/python3.7/os.py", line 211, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/lib/python3.7/os.py", line 221, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/usr/share/cmseek/Result'

Bug description

Can't write to privileged directory

Steps to reproduce

launch a scan

Additional info

Upstream issue: https://github.com/Tuhinshubhra/CMSeeK/issues/55

noraj commented 5 years ago

the fix PR is a good practice but doesn't actually fix the problem,

modifying the source code is required:

grep -r 'Result' /usr/share/cmseek
/usr/share/cmseek/cmseekdb/basic.py:    result_dir = cmseek_dir + "/Result/" + url
/usr/share/cmseek/cmseekdb/basic.py:    # Clear Result directory
/usr/share/cmseek/cmseekdb/basic.py:    resdir = cmseek_dir + '/Result'
/usr/share/cmseek/cmseekdb/basic.py:        success('Result directory cleared successfully!')
/usr/share/cmseek/cmseekdb/basic.py:        warning('Results directory not found!')
/usr/share/cmseek/cmseekdb/basic.py:        brute_result = "### CMSeeK Bruteforce Result\n\n\nSite: " + url + "\n\nLogin URL: " + adminurl + "\n\nUsername: " + username + "\n\nPassword: " + password
/usr/share/cmseek/cmseekdb/core.py:            cmseek.banner("CMS Scan Results")
/usr/share/cmseek/cmseekdb/core.py:            cmseek.banner("CMS Scan Results")
/usr/share/cmseek/cmseekdb/result.py:    print(' ┃\n ┠── Result: ' + cmseek.bold + cmseek.fgreen + log_file + cmseek.cln)
/usr/share/cmseek/deepscans/joom/init.py:    cmseek.banner("Deep Scan Results")
/usr/share/cmseek/deepscans/wp/init.py:        ### Deep Scan Results comes here
/usr/share/cmseek/deepscans/wp/init.py:        cmseek.banner("Deep Scan Results")
Edu4rdSHL commented 5 years ago

That's expected because you're working unser /usr/share, please run the tool as root.

noraj commented 5 years ago

@Edu4rdSHL Yeah i know this is intended, but running this tool as root is not right, the tool doesn't need root and running all tools as root is a bad practice. Maybe I misspoke, I meant that we need to wait for https://github.com/Tuhinshubhra/CMSeeK/issues/55 to be fixed and then update the PKGBUILD. So can you re-open the issue to track that?

Edu4rdSHL commented 5 years ago

The problem is that it isn't a BlackArch issue, it's a upstream issue, to reopen it I'm going to modify the issue name and adding a label for upstream issues.

noraj commented 5 years ago

@noptrix #2245 was only fixing a part, for a true fix we need to wait from upstream https://github.com/Tuhinshubhra/CMSeeK/issues/55. Please re-open

Edu4rdSHL commented 5 years ago

It should be fixed when https://github.com/Tuhinshubhra/CMSeeK/pull/58/files is merged.

noraj commented 5 years ago

@Edu4rdSHL upstream merged.

noraj commented 5 years ago 
$ cmseek -u http://10.x.x.x/
[i] Updating CMSeeK result index...
[x] Result directory does not exist!
There was an error while creating result index! Some features might not work as intended. Press [ENTER] to continue