searchspolit.sh 스크립트 작성

searchspolit.sh 스크립트 작성

  

# cp /usr/share/exploitdb/files.csv /root/bin/files.csv

# cd /root/bin

# cat files.csv | head

id, file, description, date, author, platform, type, port 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (Redhat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0 7,platforms/linux/remote/7.pl,"Samba 2.2.x - Remote Root Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139 8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0 ..... (중략) .....

 

# searchsploit.sh

Usage: searchsploit term1 [term2] ... [termN] Example: searchsploit oracle windows local

-> 사용하는 방법

 

# searchsploit.sh oracle

cat files.csv | egrep -i oracle   # cat files.csv | egrep -i 'Oracle Identity Manager' 32670,platforms/php/webapps/32670.txt,"Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects",2014-04-03,"Giuseppe D'Amore",php,webapps,0 | | V # searchsploit oracle Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unval | /php/webapps/32670.txt 출력 표시, 순서, 제거할 항목 : 출력폼 변경

 

# searchsploit.sh oracle windows

cat files.csv | egrep -i oracle | egrep -i windows   # searchsploit oracle windows Oracle Demantra 12.2.1 - Database Credentials Disclosur | /windows/webapps/31995.txt

 

# searchsploit.sh oracle windows local

cat files.csv | egrep -i oracle | egrep -i windows | egrep -i local   # searchsploit oracle windows local Oracle 8/9i DBSNMP Oracle Home Environment Variable Buf | /windows/local/21044.c

 

# vi searchsploit.sh

--------------------------------------------------

프로그램 작성

* searchsploit 스크립트와 비슷한 기능

* files.csv 파일에서 지정한 단어를 검색

--------------------------------------------------

 

# ./searchsploit.sh oracle windows local

Oracle Database Server <= 10.1.0.2 - Buffer Overflow Ex | /windows/local/932.sql Oracle Database PL/SQL Statement Multiple SQL Injection | /windows/local/933.sql Oracle Database Server 9i/10g (XML) Buffer Overflow Exp | /windows/local/1455.txt Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevati | /windows/local/3451.c Oracle 10/11g exp.exe - param file Local Buffer Overflo | /windows/local/16169.py Oracle 8/9i DBSNMP Oracle Home Environment Variable Buf | /windows/local/21044.c

 

[참고] eval CMD

# name=chan

# chan=test

# echo $name -> chan

# echo $chan -> test

# echo $`echo $name` -> $chan

# eval echo $`echo $name` -> test

 

(예) # ls -a -l -t -r

# A=ls

# B=" -a -l "

# C=" -t -r "

# CMD=$A$B$C /* CMD=ls -a -l -t -r */

# $CMD

-> 잘 실행되는가? no

-> # eval $CMD 두 번 해석해야 명령어로 실행

 

 

[참고] grep/fgrep/egrep CMD

■ grep CMD

# grep '[abc]d' file.txt

■ fgrep CMD(Fixed grep)

# fgrep 'f*' file.txt 

■ egrep CMD(Extended grep)

# egrep '(root|user01)' /etc/passwd (대소문자 구별 없음)

 

 

[참고] 명령어 실행 패턴 분석

 

# ./searchsploit.sh($0) oracle($1) windows($2) local($3)

$# => 3

 

cat files.csv | grep -i "$1" \

| grep -i "$2" \

| grep -i "$3" \

| ......

 

SEARCH="cat files.csv"

SEARCH=$SEARCH | grep -i "$1"

SEARCH=$SEARCH | grep -i "$2"

SEARCH=$SEARCH | grep -i "$3"

SEARCH='cat files.csv | grep -i "$1" | grep -i "$2" | grep -i "$3"'

변수안에 변수 혹은 함수안에 함수를 집어넣어 동작

  

[참고] /usr/share/exploitdb/searchsploit 스크립트 내용 확인

프로그램 작성

#!/bin/bash if [ $# -le 0 ] ; then         echo "Usage: searchsploit term1 [term2] ... [termN]"         echo "Example: searchsploit oracle windows local"         exit 1 fi CMD= CMD1='cat /root/bin/files.csv' CMD2= NUM=$# INT=1 while [ $INT -le $NUM ] do         CMD2="$CMD2 | egrep -i \$$INT"         INT=`expr $INT + 1` done CMD="$CMD1 $CMD2" eval $CMD | while read Hi do         Hi1=`echo $Hi | awk -F, '{print $3}' | cut -c 1-56`         Hi2=`echo $Hi | awk -F, '{print $2}' | sed 's/platforms//'`         echo  "$Hi1 | $Hi2" done

다른방법

#!/bin/bash if [ $# -le 0 ] ; then echo "usage: searchsploit oracle windows local" exit 1 fi for PATTERN in $@ do if [ "$SEARCH" ] ; then SEARCH="$SEARCH |" fi SEARCH="$SEARCH fgrep -i --color \"$PATTERN\"" done cat files.csv | eval $SEARCH | while read LINE do LINE1=`echo $LINE | awk -F, '{print $3}' | cut -c 1-44` LINE2=`echo $LINE | awk -F, '{print $2}' | sed 's/platforms//'` echo "$LINE1 | $LINE2" done