add 18634.yaml

data/SystemPocs/CVE-2019-18634/CVE-2019-18634.py

@@ -29,7 +29,7 @@ def main():
     mfd, sfd = os.openpty()
     fd = os.open(os.ttyname(sfd), os.O_RDONLY)
 
-    proc = process(['/usr/local/bin/sudo', '-k', '-S', 'id'], env = {'SUDO_ASKPASS': reverse_shell_filename}, stdin = fd)
+    proc = process(['/usr/bin/sudo', '-k', '-S', 'id'], env = {'SUDO_ASKPASS': reverse_shell_filename}, stdin = fd)
     log.info('You may attatch this process to gdb now.')
     input()
 

data/SystemPocs/CVE-2019-18634/CVE-2019-18634.yaml

@@ -0,0 +1,50 @@
+FormatVer: 20230327
+Id: CVE-2019-18634
+Belong: system
+PocHazardLevel: low
+Source: https://github.com/edsonjt81/sudo-cve-2019-18634
+SiteInfo:
+    Name: Sudo是一款使用于类Unix系统的，允许用户通过安全的方式使用特殊的权限执行命令的程序
+    Severity: high
+    Description:
+        在 1.8.26 之前的 Sudo 中，如果在 /etc/sudoers 中启用 pwfeedback，用户可以在特权 sudo 进程中触发基于堆栈的缓冲区溢出。（pwfeedback 是 Linux Mint 和 elementary OS 的默认设置；然而，它不是上游和许多其他包的默认设置，并且只有在管理员启用时才会存在。）攻击者需要向标准输入传递一个长字符串tgetpass.c 中的 getln()。权套接字API并获得管理员特权。
+    ScopeOfInfluence:
+        sudo < 1.8.26
+    References:
+        - https://www.sudo.ws/alerts/pwfeedback.html
+        - https://nvd.nist.gov/vuln/detail/CVE-2019-18634
+    SiteClassification:
+        CvssMetrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+        CvssScore: 7.8
+        CveId: CVE-2019-18634
+        CweId: CWE-787
+        CnvdId: None
+        KveId: None
+    Tags:
+        - 堆缓冲区溢出漏洞
+        - 权限提升
+SiteRequests:
+    Implement: 
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : CVE-2019-18634.py
+              Args : 
+        ExpireTime: 20
+
+        # < input
+        # > output 
+        # . wait
+        # ? condition
+        # : content
+        #
+        #组合起来
+        # >. 等待直到输出 
+        # << 输入字符
+        # >?判断条件
+        Inter:
+            - ">.:interactive mode"  
+            - "<<:whoami\n"
+            - ">.:\n"
+            - ">?:root" #ture
+        Condition: None

data/SystemPocs/SystemPocs.yaml

@@ -1,30 +1,31 @@
 ConfigFilePrefix: ../data/SystemPocs/
 Type: system
 ExplorerItems:
-    - ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
-    - ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
-    - ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
-    - ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
-    - ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
-    - ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
-    - ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
-    - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
-    - ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
-    - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
-    - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
-    # - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml    //开发完新字段后才能使用   
-    # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml   //开发完新字段后才能使用 
-    - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
-    - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
-    - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml  
-    - ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
-    - ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
-    - ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
-    # - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行，后续尝试解决该问题
-    - ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
-    - ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
-    - ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
-    - ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
-    - ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
-    # - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml   //需要CPU-AVX512IFMA才能认证
-    - ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
+    # - ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
+    # - ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
+    # - ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
+    # - ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
+    # - ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
+    # - ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
+    # - ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
+    # - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
+    # - ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
+    # - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
+    # - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
+    # # - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml    //开发完新字段后才能使用   
+    # # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml   //开发完新字段后才能使用 
+    # - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
+    # - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
+    # - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml  
+    # - ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
+    # - ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
+    # - ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
+    # # - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行，后续尝试解决该问题
+    # - ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
+    # - ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
+    # - ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
+    # - ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
+    # - ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
+    # # - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml   //需要CPU-AVX512IFMA才能认证
+    # - ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
+    - ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml

src/genmai/RemoteCheck/RemoteScan.go

@@ -219,7 +219,7 @@ func RemoteScan(host string,port int,user string,passwd string,RemoteArg []strin
 	result:=cliConf.RunShell(commandShell)
 	fmt.Println(result)
 	// //从服务器中下载文件
-	fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32,"======================文件获取============================\n" , 0x1B)
+	fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 33,"======================文件获取============================\n" , 0x1B)
 	for i:=0;i<len(RemoteArg);i++{
 		remotePath:="/home/"+user+"/genmai/data/Report/"+RemoteArg[i]+"_"+hostname+".json"
 		loaclPath:="../data/Report/"+RemoteArg[i]+"_"+hostname+".json"