Fix reverse shell DOES NOT WORK

epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

GNU General Public License v3.0

3.75k stars 670 forks source link

Fix reverse shell DOES NOT WORK #72

Open shelld3v opened 3 years ago

shelld3v commented 3 years ago

Currently, the reverse shell option does not work in my test. It still can receive the connection but Tplmap only sends the first character of the command that I entered. So I fixed it

shelld3v commented 3 years ago

Preview: https://github.com/epinna/tplmap/blob/2cd05d06cf3830b50d3bd4151902efb50191a85d/core/tcpserver.py

shelld3v commented 3 years ago

Hi, I have tested this locally, any update? Or any problem?

epinna commented 3 years ago

Many thanks for your contributions.

Unfortunately I don't have time to thoroughly review and adjust PRs, but you can help by running the tests before submitting new PRs. It requires Docker and can be run launching ./tests/tests.sh or running the single test scripts with./tests/run_*_tests.sh. Feel free to adapt the test if you changed some minor functionality.

Thanks

shelld3v commented 3 years ago

Hi, I have already tested this in my machine. I didn't test with a vulnerable server, but tested by running the code in tcpserver.py (replace log.info with print)

epinna commented 3 years ago

Still it shouldn't break the test suite (I quickly run it and it does).

shelld3v commented 3 years ago

The code didn't work as intended? What was happening?

epinna commented 3 years ago

Sorry for the late response, I currently don't have time to work on this. I'm happy to merge your PRs, but please make sure the tests passes (please follow the instructions above). Feel free to adjust the test suite if needed.

shelld3v commented 3 years ago

Hi, I can't:

$ sudo ./tests.sh

## Running ./run_channel_test.sh
Exposed testing APIs:

http://localhost:15001/reflect/mako?inj=*
http://localhost:15001/reflect/jinja2?inj=*
http://localhost:15001/post/mako?inj=*
http://localhost:15001/post/jinja2?inj=*
http://localhost:15001/limit/mako?inj=*
http://localhost:15001/limit/jinja2?inj=*
http://localhost:15001/put/mako?inj=*
http://localhost:15001/put/jinja2?inj=*

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

epinna commented 3 years ago

You need to install Docker, it virtualizes any application with the vulnerable template engine and test tplmap against it. It's also pretty cool as development infrastructure to develop new SSTI techniques.

shelld3v commented 3 years ago

Idk, but I am unable to test this. I installed Docker with sudo apt install docker.io, but is failed =(

epinna commented 3 years ago

Take your time to run Docker in your machine. I'm more than happy to work with you and merge your changes as long as they don't break the test suite.

shelld3v commented 3 years ago

Hi, the fact that I can't install Docker into my Linux subsystem for Windows. Can you test this?

epinna commented 3 years ago

I'm sorry but I've no time for adjusting the test suite for the PRs. Consider using a Linux VM for development.

shelld3v commented 3 years ago

Hi @epinna, can you use Github Actions for this? So we can automatically test every PRs and no one has to do it!

shelld3v commented 3 years ago

I tested:

Ran 13 tests in 45.899s

OK
tplmap-java