search

t94j0 / satellite

easy-to-use payload hosting
MIT License
264 stars 33 forks source link

Paths not properly constructed from .info Files #39

Open er4z0r opened 11 months ago

er4z0r commented 11 months ago

Steps to reproduce

  1. Download 0.0.4 release
  2. Install
  3. Use the commands from README.md 
    root@satellite-ja3-testing:~# echo '<h1>It worked!</h1>' > /var/www/html/index.html
root@satellite-ja3-testing:~# echo -e "authorized_useragents:\n- ayyylmao" > /var/www/html/index.html.info
root@satellite-ja3-testing:~# cp  satellite/examples/options/useragent* /var/www/html/
root@satellite-ja3-testing:~# tree /var/www/html/
/var/www/html/
├── index.html
├── index.html.info
├── useragent
└── useragent.info

    Manually start satellite:

    root@satellite-ja3-testing:~# satellite
DEBU[0000] Using config file /etc/satellite/config.yml  
DEBU[0000] Using server path /var/www/html              
DEBU[0000] Loaded 0 path(s)                             
WARN[0000] Use not_found handlers for opsec             
INFO[0000] Listening HTTPS on port :443

    Not the line that says Loaded 0 path(s)

As a result index.html will always be served irrespective of the User-Agent:

user@pentest:~/projects/internal$ curl -k -A ayyylmao https://XX.XX.XX.XX/
<h1>It worked!</h1>
user@pentest:~/projects/internal$ curl -k https://XX.XX.XX.XX/
<h1>It worked!</h1>
user@pentest:~/projects/internal$ curl -k -A 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' https://XX.XX.XX.XX/useragent
Correct User-Agent!
user@pentest:~/projects/internal$ curl -k https://XX.XX.XX.XX/useragent
Correct User-Agent!
er4z0r commented 11 months ago

We talked this through on Slack and it seems there is a problem with .info file parsing. As @t94j0 pointed out, you can still get this to work using a pathList.yml

root@satellite-ja3-testing:~# cat /var/www/html/pathList.yml 
- path: /index.html
  hosted_file: index.html
- path: /useragent
  hosted_file: useragent
  authorized_useragents:
    - "Mozilla.*"

Start satellite again:

root@satellite-ja3-testing:~# satellite
DEBU[0000] Using config file /etc/satellite/config.yml  
DEBU[0000] Using server path /var/www/html              
DEBU[0000] Loaded 2 path(s)                             
WARN[0000] Use not_found handlers for opsec             
INFO[0000] Listening HTTPS on port :443

Now the useragent example works correctly:

user@pentest:~/projects/internal$ curl -k https://XX.XX.XX.XX/useragent
404
user@pentest:~/projects/internal$ curl -k -A 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' https://XX.XX.XX.XX/useragent
Correct User-Agent!