search

sean666888 / subterfuge

Automatically exported from code.google.com/p/subterfuge
GNU General Public License v3.0
0 stars 0 forks source link

inject_ext_server exploit issue #148

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. select inject-ext-server (http code injection module)
2. setting my ip on 10.0.0.15 (my computer ip)
3. click apply

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?
subterfuge 5.0.0

Please provide any additional information below.

MultiValueDictKeyError at /config/httpinjection/

"Key 'vector' not found in <QueryDict: {u'status': [u'no', u'yes'], 
u'inject-ip': [u'10.0.0.15'], u'custominject': [u''], u'inject-port': 
[u'8080'], u'iexploit': [u'inject-ext-server'], u'start-msf': [u'no'], 
u'payload': [u'frameinjection']}>"

Request Method:     POST
Request URL:    http://10.0.0.15:9000/config/httpinjection/
Django Version:     1.3.1
Exception Type:     MultiValueDictKeyError
Exception Value:    

"Key 'vector' not found in <QueryDict: {u'status': [u'no', u'yes'], 
u'inject-ip': [u'10.0.0.15'], u'custominject': [u''], u'inject-port': 
[u'8080'], u'iexploit': [u'inject-ext-server'], u'start-msf': [u'no'], 
u'payload': [u'frameinjection']}>"

Exception Location: 
    /usr/local/lib/python2.7/dist-packages/django/utils/datastructures.py in 
__getitem__, line 256
Python Executable:  /usr/bin/python
Python Version:     2.7.3
Python Path:    

['/usr/share/subterfuge',
 '/usr/lib/python2.7/dist-packages/pybloomfiltermmap-0.3.11-py2.7-linux-x86_64.egg',
 '/usr/lib/python2.7',
 '/usr/lib/python2.7/plat-linux2',
 '/usr/lib/python2.7/lib-tk',
 '/usr/lib/python2.7/lib-old',
 '/usr/lib/python2.7/lib-dynload',
 '/usr/local/lib/python2.7/dist-packages',
 '/usr/lib/python2.7/dist-packages',
 '/usr/lib/python2.7/dist-packages/PIL',
 '/usr/lib/python2.7/dist-packages/gtk-2.0',
 '/usr/lib/pymodules/python2.7',
 '/usr/lib/python2.7/dist-packages/wx-2.8-gtk2-unicode',
 '/usr/share/subterfuge/utilities']

Server time:    Sat, 22 Feb 2014 23:14:05 -0600
Traceback Switch to copy-and-paste view

    /usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py in get_response

                                response = callback(request, *callback_args, **callback_kwargs)

        ...
    ▶ Local vars
    /usr/share/subterfuge/main/views.py in conf

              httpcodeinjection(request, conf)

        ...
    ▶ Local vars
    /usr/share/subterfuge/../subterfuge/modules/views.py in httpcodeinjection

           if request.POST["vector"]:

        ...
    ▶ Local vars
    /usr/local/lib/python2.7/dist-packages/django/utils/datastructures.py in __getitem__

                    raise MultiValueDictKeyError("Key %r not found in %r" % (key, self))

        ...
    ▶ Local vars

Request information
GET

No GET data
POST
Variable    Value
status  

u'yes'

inject-ip   

u'10.0.0.15'

custominject    

u''

inject-port     

u'8080'

iexploit    

u'inject-ext-server'

start-msf   

u'no'

payload     

u'frameinjection'

FILES

No FILES data
COOKIES

No cookie data
META
Variable    Value
wsgi.multiprocess   

False

RUN_MAIN    

'true'

HTTP_REFERER    

'http://10.0.0.15:9000/plugins/'

GNOME_DESKTOP_SESSION_ID    

'this-is-deprecated'

SERVER_PROTOCOL     

'HTTP/1.1'

SERVER_SOFTWARE     

'WSGIServer/0.1 Python/2.7.3'

WINDOWPATH  

'7'

REQUEST_METHOD  

'POST'

LOGNAME     

'root'

USER    

'root'

GNOME_KEYRING_CONTROL   

'/root/.cache/keyring-Nt6jvu'

QUERY_STRING    

''

PATH    

'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

DISPLAY     

':0.0'

SSH_AGENT_PID   

'3497'

LANG    

'en_US.UTF-8'

TERM    

'xterm'

SHELL   

'/bin/bash'

TZ  

'America/Chicago'

XDG_SESSION_COOKIE  

'a510fd7db9edf4bd4a07f96a52edca95-1393131560.375857-463008461'

SERVER_NAME     

'10.0.0.15'

SESSION_MANAGER     

'local/KaliLinux:@/tmp/.ICE-unix/3376,unix/KaliLinux:/tmp/.ICE-unix/3376'

SHLVL   

'1'

wsgi.url_scheme     

'http'

WINDOWID    

'12582916'

SERVER_PORT     

'9000'

GPG_AGENT_INFO  

'/root/.cache/keyring-Nt6jvu/gpg:0:1'

HOME    

'/root'

USERNAME    

'root'

CONTENT_LENGTH  

'134'

CONTENT_TYPE    

'application/x-www-form-urlencoded'

SSH_AUTH_SOCK   

'/root/.cache/keyring-Nt6jvu/ssh'

GDMSESSION  

'default'

wsgi.input  

<socket._fileobject object at 0x2a61dd0>

HTTP_USER_AGENT     

'Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0'

HTTP_HOST   

'10.0.0.15:9000'

SCRIPT_NAME     

u''

wsgi.multithread    

True

HTTP_CONNECTION     

'keep-alive'

DBUS_SESSION_BUS_ADDRESS    

'unix:abstract=/tmp/dbus-GhsJ0cXrX9,guid=d50d9f163aa50c616ffaca025309802a'

_   

'/bin/subterfuge'

XAUTHORITY  

'/var/run/gdm3/auth-for-root-v8m0VC/database'

HTTP_ACCEPT     

'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'

DESKTOP_SESSION     

'default'

wsgi.file_wrapper   

''

wsgi.version    

(1, 0)

GNOME_KEYRING_PID   

'3355'

GATEWAY_INTERFACE   

'CGI/1.1'

wsgi.run_once   

False

wsgi.errors     

<open file '<stderr>', mode 'w' at 0x7f22ea72a270>

REMOTE_ADDR     

'10.0.0.15'

HTTP_ACCEPT_LANGUAGE    

'en-US,en;q=0.5'

GDM_LANG    

'en_US.UTF-8'

XDG_DATA_DIRS   

'/usr/share/gnome:/usr/local/share/:/usr/share/'

PWD     

'/root'

DJANGO_SETTINGS_MODULE  

'subterfuge.settings'

COLORTERM   

'gnome-terminal'

LS_COLORS   

'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01
:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.ta
r=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31
:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.
xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:
*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01
;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gi
f=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:
*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=
01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*
.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01
;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.av
i=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.
yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;3
5:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3
=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.
spx=00;36:*.xspf=00;36:'

REMOTE_HOST     

''

HTTP_ACCEPT_ENCODING    

'gzip, deflate'

PATH_INFO   

u'/config/httpinjection/'

Settings
Using settings module subterfuge.settings
Setting     Value
USE_L10N    

True

USE_THOUSAND_SEPARATOR  

False

LANGUAGE_CODE   

'en-us'

ROOT_URLCONF    

'subterfuge.urls'

MANAGERS    

()

DEFAULT_CHARSET     

'utf-8'

STATIC_ROOT     

''

TEST_DATABASE_CHARSET   

None

MESSAGE_STORAGE     

'django.contrib.messages.storage.user_messages.LegacyFallbackStorage'

DATABASE_HOST   

''

IGNORABLE_404_STARTS    

('/cgi-bin/', '/_vti_bin', '/_vti_inf')

SEND_BROKEN_LINK_EMAILS     

False

URL_VALIDATOR_USER_AGENT    

'Django/1.3.1 (http://www.djangoproject.com)'

STATICFILES_FINDERS     

('django.contrib.staticfiles.finders.FileSystemFinder',
 'django.contrib.staticfiles.finders.AppDirectoriesFinder')

SESSION_COOKIE_DOMAIN   

None

SESSION_COOKIE_NAME     

'sessionid'

COMMENTS_MODERATORS_GROUP   

None

TIME_INPUT_FORMATS  

('%H:%M:%S', '%H:%M')

DATABASES   

{'default': {'ENGINE': 'django.db.backends.sqlite3',
             'HOST': '',
             'NAME': '/usr/share/subterfuge/../subterfuge/db',
             'OPTIONS': {},
             'PASSWORD': '********************',
             'PORT': '',
             'TEST_CHARSET': None,
             'TEST_COLLATION': None,
             'TEST_MIRROR': None,
             'TEST_NAME': None,
             'TIME_ZONE': 'America/Chicago',
             'USER': ''}}

TEST_DATABASE_NAME  

None

FILE_UPLOAD_PERMISSIONS     

None

FILE_UPLOAD_HANDLERS    

('django.core.files.uploadhandler.MemoryFileUploadHandler',
 'django.core.files.uploadhandler.TemporaryFileUploadHandler')

DEFAULT_CONTENT_TYPE    

'text/html'

APPEND_SLASH    

True

FIRST_DAY_OF_WEEK   

0

DATABASE_ROUTERS    

[]

YEAR_MONTH_FORMAT   

'F Y'

STATICFILES_STORAGE     

'django.contrib.staticfiles.storage.StaticFilesStorage'

CACHES  

{'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
             'LOCATION': ''}}

SERVER_EMAIL    

'root@localhost'

SESSION_COOKIE_PATH     

'/'

USE_X_FORWARDED_HOST    

False

IGNORABLE_404_ENDS  

('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php')

MIDDLEWARE_CLASSES  

('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

USE_I18N    

True

THOUSAND_SEPARATOR  

','

SECRET_KEY  

'********************'

LANGUAGE_COOKIE_NAME    

'django_language'

FILE_UPLOAD_TEMP_DIR    

None

TRANSACTIONS_MANAGED    

False

LOGGING_CONFIG  

'django.utils.log.dictConfig'

TEMPLATE_LOADERS    

('django.template.loaders.filesystem.Loader',
 'django.template.loaders.app_directories.Loader')

TEMPLATE_DEBUG  

True

AUTHENTICATION_BACKENDS     

('django.contrib.auth.backends.ModelBackend',)

TEST_DATABASE_COLLATION     

None

FORCE_SCRIPT_NAME   

None

CACHE_BACKEND   

'locmem://'

SESSION_COOKIE_SECURE   

False

CSRF_COOKIE_DOMAIN  

None

FILE_CHARSET    

'utf-8'

DEBUG   

True

SESSION_FILE_PATH   

None

DEFAULT_FILE_STORAGE    

'django.core.files.storage.FileSystemStorage'

INSTALLED_APPS  

['django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'subterfuge.main',
 'subterfuge.cease',
 'subterfuge.modules']

LANGUAGES   

(('ar', 'Arabic'),
 ('az', 'Azerbaijani'),
 ('bg', 'Bulgarian'),
 ('bn', 'Bengali'),
 ('bs', 'Bosnian'),
 ('ca', 'Catalan'),
 ('cs', 'Czech'),
 ('cy', 'Welsh'),
 ('da', 'Danish'),
 ('de', 'German'),
 ('el', 'Greek'),
 ('en', 'English'),
 ('en-gb', 'British English'),
 ('es', 'Spanish'),
 ('es-ar', 'Argentinian Spanish'),
 ('es-mx', 'Mexican Spanish'),
 ('es-ni', 'Nicaraguan Spanish'),
 ('et', 'Estonian'),
 ('eu', 'Basque'),
 ('fa', 'Persian'),
 ('fi', 'Finnish'),
 ('fr', 'French'),
 ('fy-nl', 'Frisian'),
 ('ga', 'Irish'),
 ('gl', 'Galician'),
 ('he', 'Hebrew'),
 ('hi', 'Hindi'),
 ('hr', 'Croatian'),
 ('hu', 'Hungarian'),
 ('id', 'Indonesian'),
 ('is', 'Icelandic'),
 ('it', 'Italian'),
 ('ja', 'Japanese'),
 ('ka', 'Georgian'),
 ('km', 'Khmer'),
 ('kn', 'Kannada'),
 ('ko', 'Korean'),
 ('lt', 'Lithuanian'),
 ('lv', 'Latvian'),
 ('mk', 'Macedonian'),
 ('ml', 'Malayalam'),
 ('mn', 'Mongolian'),
 ('nl', 'Dutch'),
 ('no', 'Norwegian'),
 ('nb', 'Norwegian Bokmal'),
 ('nn', 'Norwegian Nynorsk'),
 ('pa', 'Punjabi'),
 ('pl', 'Polish'),
 ('pt', 'Portuguese'),
 ('pt-br', 'Brazilian Portuguese'),
 ('ro', 'Romanian'),
 ('ru', 'Russian'),
 ('sk', 'Slovak'),
 ('sl', 'Slovenian'),
 ('sq', 'Albanian'),
 ('sr', 'Serbian'),
 ('sr-latn', 'Serbian Latin'),
 ('sv', 'Swedish'),
 ('ta', 'Tamil'),
 ('te', 'Telugu'),
 ('th', 'Thai'),
 ('tr', 'Turkish'),
 ('uk', 'Ukrainian'),
 ('ur', 'Urdu'),
 ('vi', 'Vietnamese'),
 ('zh-cn', 'Simplified Chinese'),
 ('zh-tw', 'Traditional Chinese'))

DATABASE_ENGINE     

''

DATABASE_NAME   

''

COMMENTS_FIRST_FEW  

0

PREPEND_WWW     

False

SESSION_COOKIE_HTTPONLY     

False

DATABASE_PORT   

''

DEBUG_PROPAGATE_EXCEPTIONS  

False

MONTH_DAY_FORMAT    

'F j'

LOGIN_URL   

'/accounts/login/'

SESSION_EXPIRE_AT_BROWSER_CLOSE     

False

TIME_FORMAT     

'P'

DATE_INPUT_FORMATS  

('%Y-%m-%d',
 '%m/%d/%Y',
 '%m/%d/%y',
 '%b %d %Y',
 '%b %d, %Y',
 '%d %b %Y',
 '%d %b, %Y',
 '%B %d %Y',
 '%B %d, %Y',
 '%d %B %Y',
 '%d %B, %Y')

CSRF_COOKIE_NAME    

'csrftoken'

EMAIL_HOST_PASSWORD     

'********************'

PASSWORD_RESET_TIMEOUT_DAYS     

'********************'

CACHE_MIDDLEWARE_ALIAS  

'default'

SESSION_SAVE_EVERY_REQUEST  

False

ADMIN_MEDIA_PREFIX  

'/static/admin/'

NUMBER_GROUPING     

0

SESSION_ENGINE  

'django.contrib.sessions.backends.db'

CSRF_FAILURE_VIEW   

'django.views.csrf.csrf_failure'

COMMENTS_SKETCHY_USERS_GROUP    

None

LOGIN_REDIRECT_URL  

'/accounts/profile/'

LOGGING     

{'disable_existing_loggers': False,
 'handlers': {'mail_admins': {'class': 'django.utils.log.AdminEmailHandler',
                              'level': 'ERROR'}},
 'loggers': {'django.request': {'handlers': ['mail_admins'],
                                'level': 'ERROR',
                                'propagate': True}},
 'version': 1}

CACHE_MIDDLEWARE_KEY_PREFIX     

''

LOCALE_PATHS    

()

TEMPLATE_STRING_IF_INVALID  

''

COMMENTS_ALLOW_PROFANITIES  

False

LOGOUT_URL  

'/accounts/logout/'

EMAIL_USE_TLS   

False

TEMPLATE_DIRS   

('/usr/share/subterfuge/../subterfuge/templates',)

FIXTURE_DIRS    

()

EMAIL_HOST  

'localhost'

DATE_FORMAT     

'N j, Y'

MEDIA_ROOT  

'/usr/share/subterfuge/../subterfuge/main'

ADMINS  

()

FORMAT_MODULE_PATH  

None

DEFAULT_FROM_EMAIL  

'webmaster@localhost'

STATICFILES_DIRS    

('/usr/share/subterfuge/../subterfuge/templates',)

MEDIA_URL   

'/main/'

DATETIME_FORMAT     

'N j, Y, P'

EMAIL_SUBJECT_PREFIX    

'[Django] '

SITE_ID     

1

DISALLOWED_USER_AGENTS  

()

ALLOWED_INCLUDE_ROOTS   

()

DECIMAL_SEPARATOR   

'.'

SHORT_DATE_FORMAT   

'm/d/Y'

DATABASE_USER   

''

TEST_RUNNER     

'django.test.simple.DjangoTestSuiteRunner'

TIME_ZONE   

'America/Chicago'

FILE_UPLOAD_MAX_MEMORY_SIZE     

2621440

EMAIL_BACKEND   

'django.core.mail.backends.smtp.EmailBackend'

DEFAULT_TABLESPACE  

''

TEMPLATE_CONTEXT_PROCESSORS     

('django.contrib.auth.context_processors.auth',
 'django.core.context_processors.debug',
 'django.core.context_processors.i18n',
 'django.core.context_processors.media',
 'django.core.context_processors.static',
 'django.contrib.messages.context_processors.messages')

SESSION_COOKIE_AGE  

1209600

SETTINGS_MODULE     

'subterfuge.settings'

USE_ETAGS   

False

LANGUAGES_BIDI  

('he', 'ar', 'fa')

DEFAULT_INDEX_TABLESPACE    

''

INTERNAL_IPS    

()

STATIC_URL  

'/static/'

EMAIL_PORT  

25

SHORT_DATETIME_FORMAT   

'm/d/Y P'

ABSOLUTE_URL_OVERRIDES  

{}

DATABASE_OPTIONS    

{}

CACHE_MIDDLEWARE_SECONDS    

600

BANNED_IPS  

()

DATETIME_INPUT_FORMATS  

('%Y-%m-%d %H:%M:%S',
 '%Y-%m-%d %H:%M',
 '%Y-%m-%d',
 '%m/%d/%Y %H:%M:%S',
 '%m/%d/%Y %H:%M',
 '%m/%d/%Y',
 '%m/%d/%y %H:%M:%S',
 '%m/%d/%y %H:%M',
 '%m/%d/%y')

DATABASE_PASSWORD   

'********************'

ADMIN_FOR   

()

COMMENTS_BANNED_USERS_GROUP     

None

EMAIL_HOST_USER     

''

PROFANITIES_LIST    

'********************'

Original issue reported on code.google.com by tomasbon...@gmail.com on 23 Feb 2014 at 5:15

GoogleCodeExporter commented 9 years ago 
OS= Kali Linux up to date.

Original comment by tomasbon...@gmail.com on 23 Feb 2014 at 5:18

GoogleCodeExporter commented 9 years ago 
Hi all,
      I too had the same issue  "when enabling the ext-server".

     the solution for this issue is simple. it is saying that "startmsf" is not found in the dictionary. 

Edit file "/usr/share/subterfuge/templates/plugins.ext" 

search for 'start-msf' and replace with 'startmsf'. you will find 4 entries. 
replace all four and start "subterfuge"

Original comment by Aduri.a...@gmail.com on 25 Feb 2014 at 4:52

GoogleCodeExporter commented 9 years ago

Original comment by topher.s...@gmail.com on 1 Mar 2014 at 3:45