sad/segfault
1
0
Fork 0
mirror of https://github.com/hackerschoice/segfault.git synced 2024-06-16 11:58:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: sad:013ce483a8e90b5a7d13d67d5d26ca098fecf7d6
Branches Tags
sad:main
sad:v0.5.6rc1
sad:v0.5.4rc1
sad:v0.5.0rc1
sad:v0.5.0a
sad:v0.4.9p1
sad:v0.4.9rc1
sad:v0.4.8p1
sad:v0.4.8
sad:v0.4.6
sad:v0.4.5b3
sad:v0.4.5b2
sad:v4.4
sad:v0.4.3rc1
sad:v0.3.8p1
sad:v0.3.8
sad:v0.3.7a
sad:v0.3.6
sad:v0.3.3.4
sad:v0.3.3c-r1
sad:v0.3.3c
sad:v0.3.3
sad:v0.1-beta8f
sad:v0.1-beta8e
...
compare: sad:ec26d3ef20a9b946bb5163acc3db7f67a39e7d63
Branches Tags
sad:main
sad:v0.5.6rc1
sad:v0.5.4rc1
sad:v0.5.0rc1
sad:v0.5.0a
sad:v0.4.9p1
sad:v0.4.9rc1
sad:v0.4.8p1
sad:v0.4.8
sad:v0.4.6
sad:v0.4.5b3
sad:v0.4.5b2
sad:v4.4
sad:v0.4.3rc1
sad:v0.3.8p1
sad:v0.3.8
sad:v0.3.7a
sad:v0.3.6
sad:v0.3.3.4
sad:v0.3.3c-r1
sad:v0.3.3c
sad:v0.3.3
sad:v0.1-beta8f
sad:v0.1-beta8e

3 Commits
013ce483a8 ... ec26d3ef20

Author SHA1 Message Date
SkyperTHC
ec26d3ef20
release 2023-09-18 07:37:15 +01:00
SkyperTHC
54511d0cd4
new 2023-09-06 12:29:06 +01:00
SkyperTHC
1baf8f7744
ssh -R fix 2023-08-15 10:08:24 +01:00
27 changed files with 296 additions and 83 deletions
Show Stats Expand all files Collapse all files

4
ChangeLog
View File

@ -1,5 +1,7 @@
0.4.9p1 - 2023-09
0.4.9p1 - 2023-09-18
* ssh -R fix in serverloop.c
* a2enmod for php8.2 (thanks matthew)
* FavFreak
0.4.9a1 - 2023-08-13
* geoiphn, asn, reboot, shutdown, pwncat-cs, aws

8
Makefile
View File

@ -45,6 +45,13 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxweb"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startfb"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoip"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoiphn"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gssec"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gsexec"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/thcssh"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/transfer"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/asn"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sshj"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/shred"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/pkg-install.sh"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"
@ -65,6 +72,7 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/applications/burpsuite.d
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/applications/thc-tips-and-tricks.desktop"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/icons/metasploit.svg"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/icons/thc-logo.jpg"
FILES_GUEST += "segfault-$(VER)/guest/fs-root-amd64/usr/bin/xmap"
FILES_MASTER += "segfault-$(VER)/master/Dockerfile"
FILES_MASTER += "segfault-$(VER)/master/Makefile"

17
contrib/db-sync.sh Executable file
View File

@ -0,0 +1,17 @@
#! /usr/bin/env bash
## In the format of:
# HOSTS+=("adm")
# HOSTS+=("lgm")
source .env_hosts || exit
for h in "${HOSTS[@]}"; do
echo "Syncing ${h} DOWN"
rsync -ral "${h}":/sf/config/db/banned "${h}":/sf/config/db/token "${h}":/sf/config/db/limits .
done
for h in "${HOSTS[@]}"; do
echo "Syncing ${h} UP"
rsync -ral banned token limits "${h}":'/sf/config/db'
done

4
docker-compose.yml
View File

@ -628,6 +628,7 @@ services:
- SF_DIRECT
- SF_DEBUG
- SF_BACKING_FS
# - SF_DEBUG_SSHD=1 # FIXME-2022 sshd debug
volumes:
- "${SF_BASEDIR:-.}/config:/config/host"
- "${SF_BASEDIR:-.}/data/share:/sf/share:ro"
@ -639,7 +640,8 @@ services:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/var/lib/lxcfs:/var/lib/lxcfs:ro"
- "${SF_SHMDIR:-/dev/shm/sf}/run/redis/sock:/redis-sock"
# - /research/segfault/host/fs-root/bin/segfaultsh:/bin/segfaultsh:ro # FIXME-2022
# - /research/segfault/host/fs-root/bin/segfaultsh:/bin/segfaultsh:ro # FIXME-2022
# - /research/segfault/host:/host:ro # FIXME-2022 sshd debug
nginx:
image: nginx

70
guest/Dockerfile
View File

@ -144,8 +144,6 @@ RUN /pkg-install.sh HACK apt-get install -y --no-install-recommends \
pagekite \
pwncat \
python3-shodan \
shadowsocks-libev \
shadowsocks-v2ray-plugin \
snmpcheck \
socat \
thc-ipv6 \
@ -444,22 +442,22 @@ RUN /pkg-install.sh GUI bash -c '{ [[ $HOSTTYPE != x86_64 ]] && exit 0; cd /usr/
RUN /pkg-install.sh GUI bash -c '{ true; \
rm -f /etc/apt/sources.list.d/*.list /etc/apt/sources.list.d/*.sources; \
apt-get update ; }'
RUN /pkg-install.sh HUGE ghbin SagerNet/sing-box 'linux-%arch:x86_64=amd64:aarch64=arm64%.' sing-box \
&& /pkg-install.sh HACK bin 'https://api.localxpose.io/api/v2/downloads/loclx-linux-%arch:x86_64=amd64:aarch64=arm64%.zip' loclx \
&& /pkg-install.sh HACK bin 'https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-%arch:x86_64=amd64:aarch64=arm64%.tgz' ngrok \
RUN /pkg-install.sh HUGE ghbin SagerNet/sing-box 'linux-%arch:x86_64=amd64:aarch64=arm64%.' sing-box \
&& /pkg-install.sh HACK bin 'https://api.localxpose.io/api/v2/downloads/loclx-linux-%arch1%.zip' loclx \
&& /pkg-install.sh HACK bin 'https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-%arch1%.tgz' ngrok \
&& /pkg-install.sh HUGE ghbin tomnomnom/waybackurls 'linux-amd64-' waybackurls \
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest; }' \
&& /pkg-install.sh HACK ghbin projectdiscovery/httpx 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' httpx \
&& /pkg-install.sh HACK ghbin projectdiscovery/katana 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' katana \
&& /pkg-install.sh HACK ghbin projectdiscovery/naabu 'linux_amd64.zip$' naabu `### x86_64 only` \
&& /pkg-install.sh HACK ghbin projectdiscovery/nuclei 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' nuclei \
&& /pkg-install.sh HACK ghbin projectdiscovery/pdtm 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' pdtm \
&& /pkg-install.sh HACK ghbin projectdiscovery/proxify 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' proxify \
&& /pkg-install.sh HACK ghbin projectdiscovery/shuffledns '_linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' shuffledns \
&& /pkg-install.sh HACK ghbin projectdiscovery/subfinder 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' subfinder \
&& /pkg-install.sh HACK ghbin projectdiscovery/tlsx 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' tlsx \
&& /pkg-install.sh HACK ghbin projectdiscovery/uncover 'linux_%arch:x86_64=amd64:aarch64=arm64%.zip$' uncover \
&& /pkg-install.sh HACK ghbin s0md3v/smap 'linux_%arch:x86_64=amd64:aarch64=arm64%.tar.xz$' smap
&& /pkg-install.sh HACK ghbin projectdiscovery/httpx 'linux_%arch1%.zip$' httpx \
&& /pkg-install.sh HACK ghbin projectdiscovery/katana 'linux_%arch1%.zip$' katana \
&& /pkg-install.sh HACK ghbin projectdiscovery/naabu 'linux_amd64.zip$' naabu `### x86_64 only` \
&& /pkg-install.sh HACK ghbin projectdiscovery/nuclei 'linux_%arch1%.zip$' nuclei \
&& /pkg-install.sh HACK ghbin projectdiscovery/pdtm 'linux_%arch1%.zip$' pdtm \
&& /pkg-install.sh HACK ghbin projectdiscovery/proxify 'linux_%arch1%.zip$' proxify \
&& /pkg-install.sh HACK ghbin projectdiscovery/shuffledns '_linux_%arch1%.zip$' shuffledns \
&& /pkg-install.sh HACK ghbin projectdiscovery/subfinder 'linux_%arch1%.zip$' subfinder \
&& /pkg-install.sh HACK ghbin projectdiscovery/tlsx 'linux_%arch1%.zip$' tlsx \
&& /pkg-install.sh HACK ghbin projectdiscovery/uncover 'linux_%arch1%.zip$' uncover \
&& /pkg-install.sh HACK ghbin s0md3v/smap 'linux_%arch1%.tar.xz$' smap
RUN /pkg-install.sh LARGE ghbin Peltoche/lsd 'lsd_.*_%arch:x86_64=amd64:aarch64=arm64%.deb$' \
&& /pkg-install.sh LARGE ghbin cloudflare/cloudflared 'linux-%arch:x86_64=amd64:aarch64=arm64%.deb$' \
&& /pkg-install.sh LARGE ghbin filebrowser/filebrowser '^linux-%arch:x86_64=amd64:aarch64=arm64%-filebrowser.tar.gz$' filebrowser \
@ -517,7 +515,8 @@ RUN /pkg-install.sh HACK apt-get install -y --no-install-recommends \
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/fullhunt/log4j-scan/master/log4j-scan.py log4j-scan
RUN /pkg-install.sh HACK apt-get install -y --no-install-recommends \
python3-aiohttp \
python3-discord
python3-discord \
python3-irc
RUN /pkg-install.sh HACK pipx install aort \
&& /pkg-install.sh HACK pipx install arsenal-cli \
&& /pkg-install.sh HACK pipx install bbrf \
@ -542,6 +541,7 @@ RUN /pkg-install.sh WEB bash -c '{ apt-get remove -y pelican; true; }' \
RUN /pkg-install.sh DEVEL pip install --break-system-packages \
cryptocode \
ipaddress \
mmh3 `# FavFreak` \
pyTelegramBotAPI \
tgcrypto \
wsgidav
@ -663,6 +663,10 @@ RUN /pkg-install.sh WEB apt-get install -y --no-install-recommends \
libnginx-mod-stream-js \
njs
RUN /pkg-install.sh DEV apt-get install -y --no-install-recommends \
gengetopt \
libgmp3-dev \
libjson-c-dev \
libunistring-dev \
ninja-build \
repo
# Android build tools:
@ -708,19 +712,21 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
g++-multilib \
gcc-multilib \
lib32ncurses-dev lib32z1-dev || { [ $(uname -m) != x86_64 ] && true; }
RUN /pkg-install.sh HACK ghbin wader/fq '_linux_%arch:x86_64=amd64:aarch64=arm64%' fq \
RUN /pkg-install.sh HACK ghbin wader/fq '_linux_%arch1%' fq \
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardcidr/master/hardCIDR.sh hardcidr \
&& /pkg-install.sh HACK ghbin hahwul/dalfox '_linux_%arch:x86_64=amd64:aarch64=arm64%' dalfox
&& /pkg-install.sh HACK ghbin hahwul/dalfox '_linux_%arch1%' dalfox
RUN /pkg-install.sh NET bin https://github.com/hackerschoice/binary/raw/main/gsocket/latest/gsocket_latest_all.deb `# x86_64 only` \
&& /pkg-install.sh NET ghbin shadowsocks/shadowsocks-rust '%arch%.*linux.musl.tar.xz$' \
&& /pkg-install.sh NET ghbin ginuerzh/gost 'linux-%arch:x86_64=amd64:aarch64=armv8%.*gz$' gost \
&& /pkg-install.sh NET ghbin tulir/gomuks 'linux-%arch:x86_64=amd64:aarch64=arm64%' gomuks \
&& /pkg-install.sh NET ghbin Snawoot/hola-proxy 'linux-%arch:x86_64=amd64:aarch64=arm64%' hola-proxy \
&& /pkg-install.sh NET ghbin tulir/gomuks 'linux-%arch%' gomuks \
&& /pkg-install.sh NET ghbin Snawoot/hola-proxy 'linux-%arch1%' hola-proxy \
&& /pkg-install.sh NET ghbin maxmind/mmdbinspect 'linux_amd64.tar.gz$' mmdbinspect `# x86_64 only` \
&& /pkg-install.sh NET ghbin shadowsocks/shadowsocks-rust '%arch%-unknown-linux-musl.tar' \
&& /pkg-install.sh NET ghbin shadowsocks/v2ray-plugin 'linux-%arch1%' 'v2ray-plugin_*' "" v2ray-plugin \
&& /pkg-install.sh NET ghbin teddysun/xray-plugin 'linux-%arch1%' 'xray-plugin_*' "" xray-plugin \
&& /pkg-install.sh NET ghbin KaranGauswami/socks-to-http-proxy 'sthp-linux' sthp `# x86_64 only` \
&& /pkg-install.sh NET ghbin schollz/croc 'Linux-%arch:x86_64=64bit:aarch64=ARM64%.deb' \
&& /pkg-install.sh NET ghbin vi/websocat '%arch%.*linux-musl' websocat \
&& /pkg-install.sh NET ghbin ViRb3/wgcf 'linux_%arch:x86_64=amd64:aarch64=arm64%$' wgcf \
&& /pkg-install.sh NET ghbin ViRb3/wgcf 'linux_%arch1%$' wgcf \
&& /pkg-install.sh NET ghbin poscat0x04/wgcf-teams '-linux' wgcf-teams \
&& /pkg-install.sh NET apt-get install -y --no-install-recommends \
hping3 \
@ -749,7 +755,20 @@ RUN /pkg-install.sh GUI apt-get install -y --no-install-recommends \
RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
php8.2-fpm \
php8.2-xml
RUN /pkg-install.sh HACK pipx install pwncat-cs
RUN /pkg-install.sh HACK pipx install git+https://github.com/bluet/proxybroker2.git \
&& /pkg-install.sh HACK pipx install pwncat-cs \
&& /pkg-install.sh HACK ghbin praetorian-inc/noseyparker 'linux-' noseyparker \
&& /pkg-install.sh HACK bin 'https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.deb' `# x86_64 only` \
&& /pkg-install.sh HACK bin 'https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb' `# x86_64 only` \
&& /pkg-install.sh HACK ghbin hueristiq/xurlfind3r 'linux_%arch:x86_64=amd64:aarch64=arm64%' xurlfind3r
RUN /pkg-install.sh LARGE ghbin PaddiM8/kalker 'linux' kalker
RUN /pkg-install.sh HACK bash -c '{ wget -O "/usr/bin/favfreak.py" https://raw.githubusercontent.com/devanshbatham/FavFreak/master/favfreak.py \
&& chmod 755 /usr/bin/favfreak.py \
&& ln -s favfreak.py /usr/bin/FavFreak; }' \
&& /pkg-install.sh HACK bash -c '{ mkdir /usr/share/wordlists/meg \
&& wget -O /usr/share/wordlists/meg/openredirects "https://raw.githubusercontent.com/tomnomnom/meg/master/lists/openredirects" \
&& wget -O /usr/share/wordlists/meg/configfiles "https://raw.githubusercontent.com/tomnomnom/meg/master/lists/configfiles" \
&& wget -O /usr/share/wordlists/meg/crlfinjection "https://raw.githubusercontent.com/tomnomnom/meg/master/lists/crlfinjection"; }'
RUN sed 's/deb-src.*//' -i /etc/apt/sources.list \
&& apt-get autoremove -y \
&& apt-get update
@ -759,6 +778,9 @@ RUN sed 's/deb-src.*//' -i /etc/apt/sources.list \
# Do fs-root last (on vmbox it messes with permissions on directories and setup.sh fixes it)
COPY setup.sh /fs-root/ /
# Some tools are pre-compiled on existing segfaults and supplied as binary
# (Mostly tools which are a bitch to build during 'docker build')
COPY /fs-root-amd64/ /
RUN /setup.sh \
&& rm -f /setup.sh /pkg-install.sh

BIN
guest/fs-root-amd64/usr/bin/xmap Executable file
View File

Binary file not shown.

18
guest/fs-root/etc/shellrc
View File

@ -14,6 +14,7 @@ alias xterm='xterm-dark'
alias psg='ps alxwww | grep -i -E'
alias reboot='halt'
alias shutdown='halt'
alias calc='kalker'
function dmesg {
[[ ! -t 1 ]] && { command curl -s sf/dmesg/ -dnocolor=1; return; }
@ -47,7 +48,7 @@ alias brave="brave-browser"
echo -e >&2 "\
${CDC}Massdns${CN}, ${CDC}Masscan${CN} et.al. do not work well via VPN providers. The uplink VPN providers
and Google's 8.8.8.8 / 8.8.4.4 will ${CRY}block the requests${CN} when done to rapidly.
Read how the pros do it: ${CB}${CUL}https://www.thc.org/segfault/faq/nokiddie${CN}"
Read how the pros do it: ${CB}${CUL}https://thc.org/segfault/faq/nokiddie${CN}"
if [[ -t 0 ]]; then
echo -e >&2 "${CDY}Continuing in 10 seconds. Press ENTER to continue now or CTRL-c to stop.${CN}"
@ -58,14 +59,17 @@ Read how the pros do it: ${CB}${CUL}https://www.thc.org/segfault/faq/nokiddie${C
}
command -v massdns >/dev/null && massdns(){ _nokiddie_warning "massdns" "$@"; }
command -v puredns >/dev/null && puredns(){ _nokiddie_warning "puredns" "$@"; }
command -v masscan >/dev/null && masscan(){ _nokiddie_warning "masscan" "$@"; }
command -v shuffledns >/dev/null && shuffledns(){ _nokiddie_warning "shuffledns" "$@"; }
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "$@"; }
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "$@"; }
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "$@"; }
}
### for 'curl -x socks5h://$(PROXY) ipinfo.io'
TOR(){ echo "${SF_TOR_IP}:9050"; }
PROXY()
{
PROXY(){
local IFS
local arr
local n
@ -79,12 +83,6 @@ PROXY()
echo "${arr[$((RANDOM % n))]}"
}
# ASN lookup (Careful, using government's beloved team-cymru)
asn() {
[[ -n $1 ]] && { echo -e "begin\nverbose\n${1}\nend"|netcat whois.cymru.com 43| tail -n +2; return; }
(echo -e 'begin\nverbose';cat -;echo end)|netcat whois.cymru.com 43|tail -n +2
}
docker(){
echo -e >&2 "${CDB}[${CDY}SF${CDB}] ${CR}Docker aint working.${CN} Try ${CDC}udocker${CN} instead."
return 255
@ -93,7 +91,7 @@ docker-compose(){ docker;}
[[ -n $IS_SHOW_MOTD_XPRA ]] && [[ -f /sf/bin/funcs_motd-xpra ]] && source /sf/bin/funcs_motd-xpra
tty -s && [[ -n $TERM ]] && [[ "$TERM" != dumb ]] && {
[[ -t 0 ]] && [[ -n $TERM ]] && [[ "$TERM" != dumb ]] && {
_grccmd()
{
local cmd

11
guest/fs-root/sf/bin/asn Executable file
View File

@ -0,0 +1,11 @@
#! /usr/bin/env bash
source "${0%/*}/funcs.sh" || exit
# ASN lookup (Careful, using government's beloved team-cymru)
asn() {
[[ -n $1 ]] && { echo -e "begin\nverbose\n${1}\nend"|netcat whois.cymru.com 43| tail -n +2; return; }
(echo -e 'begin\nverbose';cat -;echo end)|netcat whois.cymru.com 43|tail -n +2
}
asn "$@"

2
guest/fs-root/sf/bin/destruct
View File

@ -1,7 +1,7 @@
#! /bin/bash
# shellcheck disable=SC1091
source "/sf/bin/funcs.sh"
source "${0%/*}/funcs.sh" || exit
cd /
[[ "$1" != now ]] && {

2
guest/fs-root/sf/bin/geoip
View File

@ -1,5 +1,7 @@
#! /bin/bash
source "${0%/*}/funcs.sh" || exit
ip=$1
[[ -z $ip ]] && { echo >&2 "$0 [IP-Address]"; exit 255; }

2
guest/fs-root/sf/bin/geoiphn
View File

@ -1,5 +1,7 @@
#! /bin/bash
source "${0%/*}/funcs.sh" || exit
# Convert IP to "IP CITY COUNTRY HOSTNAME"
[[ -z $1 ]] && return

14
guest/fs-root/sf/bin/gsexec Executable file
View File

@ -0,0 +1,14 @@
#! /usr/bin/env bash
{ [[ -n $SF_BINDIR ]] && source "${SF_BINDIR}/funcs.sh"; } || source "/sf/bin/funcs.sh"
# cut & paste this into your shell on your workstation or add to ~/.bashrc
gsexec() {
local sec
sec="$1"
shift 1
echo "$*; exit; __START"|gs-netcat -s "$sec" 2>/dev/null|sed -n '/__START/,$p'|tail +2
}
[[ $# -lt 2 ]] && { echo -e >&2 "${CY}ERROR${CN}: gsexec SECRET 'command'"; exit 255; }
gsexec "$@"

15
guest/fs-root/sf/bin/gssec Executable file
View File

@ -0,0 +1,15 @@
#! /usr/bin/env bash
source "${0%/*}/funcs.sh" || exit
gssec() {
[[ -z $GS_SEED ]] && { echo -e >&2 "${CY}ERROR${CN}: Please first set: ${CDC}GS_SEED=MySuperStrongMasterSeed${CN}"; return 255; }
str="$(echo "${GS_SEED:?}$1" | sha512sum | base64 | tr -d -c a-z0-9)"
str="${str:0:22}"
[[ ! -t 1 ]] && { echo "${str}"; return; }
echo -e "DEPLOY: ${CM}X=${str}"' bash -c "$(curl -fsSL https://gsocket.io/x)"'"${CN}"
echo -e "ACCESS: ${CM}S=${str}"' bash -c "$(curl -fsSL https://gsocket.io/x)"'"${CN}"
echo -e "ACCESS: ${CM}gs-netcat -s ${str} -i${CN}"
}
gssec "$@"

59
guest/fs-root/sf/bin/pkg-install.sh
View File

@ -17,6 +17,16 @@ export PIPX_BIN_DIR=/usr/bin
dearch()
{
local str
local ht
# 'lsd_.*_%arch1%.deb$' ==> lsd_.*_amd64.deb
[[ $1 =~ %arch1% ]] && {
[[ $HOSTTYPE == x86_64 ]] && ht="amd64"
[[ $HOSTTYPE == aarch64 ]] && ht="arm64"
echo "${1//%arch1%/$ht}"
return
}
# Convert any '%arch%' to 'x86_64'
str=${1//%arch%/$HOSTTYPE}
[[ $str =~ %arch.*% ]] && {
@ -31,17 +41,36 @@ dearch()
echo "$str"
}
xmv() {
local asset
local dass
local dstdir
asset="$1"
dass="$2"
dstdir="$3"
[[ "$asset" != "$dass" ]] && {
mv "${dstdir}"/${asset} "${dstdir}/${dass}" || return
}
chmod 755 "${dstdir}/${dass}" || return
}
# Download & Extract
# [URL] [asset] <dstdir>
# [URL] [asset] <dstdir> <destination asset>
dlx()
{
local url
local asset
local dstdir
local dass
url="$1"
asset="$2"
asset="$2" # May contain wildcards/Need globbing
dstdir="$3"
dass="$4"
[[ -z $dstdir ]] && dstdir="/usr/bin"
[[ -z $dass ]] && dass="$asset"
[[ -z "$url" ]] && { echo >&2 "[${asset}] URL: '$loc'"; return 255; }
case $url in
@ -53,8 +82,8 @@ dlx()
unzip /tmp/pkg.zip -d "${dstdir}" || return
else
# HERE: Single file
unzip -o -j /tmp/pkg.zip "$asset" -d "${dstdir}" || return
chmod 755 "${dstdir}/$(basename "${asset}")" || return
{ unzip -o -j /tmp/pkg.zip "$asset" -d "${dstdir}" \
&& xmv "$asset" "$dass" "$dstdir"; } || return
fi
rm -f /tmp/pkg.zip \
&& return 0
@ -68,32 +97,32 @@ dlx()
;;
*.tar.gz|*.tgz)
curl -SsfL "$url" | tar xfvz - --transform="flags=r;s|.*/||" --no-anchored -C "${dstdir}" --wildcards "$asset" \
&& chmod 755 "${dstdir}/${asset}" \
&& xmv "$asset" "$dass" "$dstdir" \
&& return 0
;;
*.gz)
curl -SsfL "$url" | gunzip >"${dstdir}/${asset}" \
&& chmod 755 "${dstdir}/${asset}" \
&& chmod 755 "${dstdir}/${dass}" \
&& return 0
;;
*.tar.bz2)
curl -SsfL "$url" | tar xfvj - --transform="flags=r;s|.*/||" --no-anchored -C "${dstdir}" --wildcards "$asset" \
&& chmod 755 "${dstdir}/${asset}" \
&& xmv "$asset" "$dass" "$dstdir" \
&& return 0
;;
*.bz2)
curl -SsfL "$url" | bunzip2 >"${dstdir}/${asset}" \
&& chmod 755 "${dstdir}/${asset}" \
&& xmv "$asset" "$dass" "$dstdir" \
&& return 0
;;
*.xz)
curl -SsfL "$url" | tar xfvJ - --transform="flags=r;s|.*/||" --no-anchored -C /usr/bin --wildcards "$asset" \
&& chmod 755 "${dstdir}/${asset}" \
&& xmv "$asset" "$dass" "$dstdir" \
&& return 0
;;
*)
curl -SsfL "$url" >"${dstdir}/${asset}" \
&& chmod 755 "${dstdir}/${asset}" \
&& chmod 755 "${dstdir}/${dass}" \
&& return 0
esac
}
@ -134,22 +163,26 @@ ghbin()
{
local url
local asset
local dst
local src
src=$(dearch "$2") || exit 0
asset="$3"
asset=$(dearch "$3") || exit 0
dst="$5"
url=$(ghlatest "$1" "$src")
dlx "$url" "$asset"
dlx "$url" "$asset" "" "$dst"
}
ghdir()
{
local url
local src
local dst
src=$(dearch "$2") || exit 0
dst="$3"
url=$(ghlatest "$1" "$src")
dlx "$url" "" "$3"
dlx "$url" "" "$dst"
}
bin()

1
guest/fs-root/sf/bin/sf-setup.sh
View File

@ -127,6 +127,7 @@ setup()
rmsymdir /home /sec/home
rmsymdir /root /sec/root
rmsymdir /root/.gf /usr/share/gf
rmsymdir /usr/share/wordlists /sec/root/wordlists
# Create useful directory
xmkdir /dev/shm/tmp && chmod 1777 /dev/shm/tmp

13
guest/fs-root/sf/bin/shred Executable file
View File

@ -0,0 +1,13 @@
#! /usr/bin/env bash
source "${0%/*}/funcs.sh" || exit
## SHRED without shred command
shred()
{
[[ -z $1 || ! -f "$1" ]] && { echo >&2 "shred [FILE]"; return 255; }
dd bs=1k count=$(du -sk ${1:?} | cut -f1) if=/dev/urandom >"$1"
rm -f "${1:?}"
}
shred "$@"

19
guest/fs-root/sf/bin/sshj Executable file
View File

@ -0,0 +1,19 @@
#! /usr/bin/env bash
source "${0%/*}/funcs.sh" || exit
# sshj # Generates a random tunnel ID [e.g. 5dmxf27tl4kx] and keeps the tunnel connected
# sshj foobarblahblub # Creates tunnel with specific tunnel ID
# sshj foobarblahblub 192.168.0.1 2222 # Tunnel to host 192.168.0.1:2222 on the LAN
sshj()
{
local pw
pw="${1,,}"
[[ -z $pw ]] && { pw=$(head -c64 </dev/urandom | base64 | tr -d -c a-z0-9); pw=${pw:0:12}; }
echo "Press Ctrl-C to stop this tunnel."
echo -e "To ssh to ${USER:-root}@${2:-127.0.0.1}:${3:-22} type: \e[0;36mssh -J ${pw}@ssh-j.com ${USER:-root}@${pw}\e[0m"
ssh -o StrictHostKeyChecking=accept-new -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes ${pw}@ssh-j.com -N -R ${pw}:22:${2:-0}:${3:-22}
}
sshj "$@"

21
guest/fs-root/sf/bin/thcssh Executable file
View File

@ -0,0 +1,21 @@
#! /usr/bin/env bash
source "${0%/*}/funcs.sh" || exit
### Cut & Paste the following to your shell, then execute
### thcssh user@server.org
thcssh()
{
local ttyp
echo -e "\e[0;35mTHC says: pimp up your prompt: Cut & Paste the following into your remote shell:\e[0;36m"
echo -e 'PS1="{THC} \[\\033[36m\]\\u\[\\033[m\]@\[\\033[32m\]\\h:\[\\033[33;1m\]\\w\[\\033[m\]\\$ "\e[0m'
ttyp=$(stty -g)
stty raw -echo opost
[[ $(ssh -V 2>&1) == OpenSSH_[67]* ]] && a="no"
ssh -o UpdateHostKeys=no -o StrictHostKeyChecking="${a:-accept-new}" -T \
"$@" \
"unset SSH_CLIENT SSH_CONNECTION; TERM=xterm-256color BASH_HISTORY=/dev/null exec -a [ntp] script -qc 'exec -a [uid] /bin/bash -i' /dev/null"
stty "${ttyp}"
}
thcssh "$@"

14
guest/fs-root/sf/bin/transfer Executable file
View File

@ -0,0 +1,14 @@
#! /usr/bin/env bash
source "${0%/*}/funcs.sh" || exit
transfer() {
local fn
[[ $# -eq 0 ]] && { echo -e >&2 "Usage:\n transfer [file/directory]\n transfer [name] <FILENAME"; return 255; }
[[ ! -t 0 ]] && { curl -SsfL --progress-bar --upload-file "-" "https://transfer.sh/${1}"; return; }
[[ ! -e "$1" ]] && { echo -e >&2 "Not found: $1"; return 255; }
[[ -d "$1" ]] && { (cd "${1}/.."; tar cfz - "${1##*/}")|curl -SsfL --progress-bar --upload-file "-" "https://transfer.sh/${1##*/}.tar.gz"; return; }
curl -SsfL --progress-bar --upload-file "$1" "https://transfer.sh/${1##*/}"
}
transfer "$@"

1
host/Makefile
View File

@ -7,6 +7,7 @@ albuild:
docker run --network host --name alpine-gcc alpine sh -c 'apk update && apk add gcc patch libc-dev musl-dev zlib-dev openssl-dev make linux-headers libcap-dev bash' \
&& docker commit alpine-gcc alpine-gcc; }"
# See mk_sshd.sh for manual debugging
fs-root/usr/sbin/sshd: sf-sshd.patch mk_sshd.sh
docker run --rm -v$$(pwd):/src --net=host -w /tmp alpine-gcc /src/mk_sshd.sh

1
host/fs-root/bin/docker_sshd.sh
View File

@ -250,6 +250,7 @@ vboxfix /bin/segfaultsh
# Allow segfaultsh access to /sf/bin if mounted from extern (during debugging)
vboxfix /sf/bin
[[ -n $SF_DEBUG_SSHD ]] && sleep infinity
# This will execute 'segfaultsh' on root-login (uid=1000)
exec 0<&- # Close STDIN
exec /usr/sbin/sshd -u0 -D

4
host/fs-root/bin/segfaultsh
View File

@ -1062,7 +1062,7 @@ fi
SF_TOKEN="${SF_TOKEN:0:32}"
}
# Unset user supplied env variables
unset SECRET HUSTLOGIN HIDEIP PRJ TOKEN
unset SECRET HUSHLOGIN HIDEIP PRJ TOKEN
### ----END SANITIZE----
# Only output progress if this is a login shell _and_ not HUSHLOGIN
@ -1241,6 +1241,8 @@ exec_devnull docker run \
--log-driver "${SF_DOCKER_LOG}" \
--tmpfs /tmp:exec `# GoLang needs /tmp to be executeable` \
--sysctl net.ipv6.conf.all.disable_ipv6=0 `# Allow IPv6 (used by WireGuard FOBs)` \
--sysctl net.ipv4.tcp_tw_reuse=1 `# Immediately reuse TIME_WAIT sockets` \
--sysctl net.ipv4.tcp_fin_timeout=10 \
-v "${SF_BASEDIR}/data/share/:/sf/share:ro" \
-v "${SF_CFG_GUEST_DIR:?}/:/config/guest:ro" \
-v "${SF_GUEST_SELFDIR:?}/lg-${LID}:/config/self:ro,slave" \

9
host/mk_sshd.sh
View File

@ -3,12 +3,19 @@
# Executed inside alpine-gcc context to build patched sshd
# diff -x '!*.[ch]' -u -r openssh-9.2p1-orig openssh-9.2p1-sf | grep -v ^Only
# Manual debugging:
# cd /research/segfault/host
# docker run --rm -v$(pwd):/host --net=host -it alpine-gcc bash -il
# export PS1='ssh-build:\w\$ '
DSTDIR="/src/fs-root/usr/sbin"
DSTBIN="${DSTDIR}/sshd"
set -e
SRCDIR="/tmp/openssh-9.2p1"
[[ ! -d "$SRCDIR" ]] && {
wget -O - https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.2p1.tar.gz | tar xfz -
# Cloudflare to often returns 503 - "BLOCKED"
# wget -O- https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.2p1.tar.gz | tar xfz -
wget -O- https://artfiles.org/openbsd/OpenSSH/portable/openssh-9.2p1.tar.gz | tar xfz -
cd "$SRCDIR"

46
host/sf-sshd.patch
View File

@ -1,6 +1,6 @@
diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/channels.c openssh-9.2p1-sf/channels.c
--- openssh-9.2p1-orig/channels.c 2023-02-02 12:21:54.000000000 +0000
+++ openssh-9.2p1-sf/channels.c 2023-08-07 11:02:57.954485279 +0000
diff --color=auto -x !*.[ch] -u -r openssh-9.2p1-orig/channels.c openssh-9.2p1-sf/channels.c
--- openssh-9.2p1-orig/channels.c 2023-02-02 12:21:54
+++ openssh-9.2p1-sf/channels.c 2023-08-15 06:13:05
@@ -3639,7 +3639,7 @@
ssh->chanctxt->IPv4or6 = af;
}
@ -18,9 +18,9 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/channels.c openssh-9.2p1-sf/channels.
strcmp(listen_addr, "0.0.0.0") != 0 &&
strcmp(listen_addr, "*") != 0) {
ssh_packet_send_debug(ssh,
diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/serverloop.c openssh-9.2p1-sf/serverloop.c
--- openssh-9.2p1-orig/serverloop.c 2023-02-02 12:21:54.000000000 +0000
+++ openssh-9.2p1-sf/serverloop.c 2023-08-07 17:38:57.711615443 +0000
diff --color=auto -x !*.[ch] -u -r openssh-9.2p1-orig/serverloop.c openssh-9.2p1-sf/serverloop.c
--- openssh-9.2p1-orig/serverloop.c 2023-02-02 12:21:54
+++ openssh-9.2p1-sf/serverloop.c 2023-08-15 06:18:17
@@ -102,6 +102,12 @@
/* requested tunnel forwarding interface(s), shared with session.c */
char *tun_fwd_ifnames = NULL;
@ -34,15 +34,18 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/serverloop.c openssh-9.2p1-sf/serverl
/* returns 1 if bind to specified port by specified user is permitted */
static int
bind_permitted(int port, uid_t uid)
@@ -391,6 +397,8 @@
@@ -391,8 +397,10 @@
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
-
channel_after_poll(ssh, pfd, npfd_active);
+ if (sf_sigusr1_received != 0)
+ sf_sshd2ns();
channel_after_poll(ssh, pfd, npfd_active);
+
if (conn_in_ready &&
process_input(ssh, connection_in) < 0)
break;
@@ -637,12 +645,14 @@
if (strcmp(ctype, "session") == 0) {
@ -87,10 +90,10 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/serverloop.c openssh-9.2p1-sf/serverl
}
if ((resp = sshbuf_new()) == NULL)
fatal_f("sshbuf_new");
diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
--- openssh-9.2p1-orig/sshd.c 2023-02-02 12:21:54.000000000 +0000
+++ openssh-9.2p1-sf/sshd.c 2023-08-07 17:38:29.479621863 +0000
@@ -536,6 +536,69 @@
diff --color=auto -x !*.[ch] -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
--- openssh-9.2p1-orig/sshd.c 2023-02-02 12:21:54
+++ openssh-9.2p1-sf/sshd.c 2023-08-15 06:13:05
@@ -536,8 +536,71 @@
return 0;
}
}
@ -100,7 +103,7 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
+#ifndef SECBIT_KEEP_CAPS
+#define SECBIT_KEEP_CAPS (1<<4)
+#endif
+
+int sf_done;
+int sf_by_signal;
+int sf_sigusr1_received;
@ -108,7 +111,7 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
+size_t sf_ports_n;
+static char sf_nsnet_name[128];
+static struct ssh *sf_ssh;
+static void
static void
+cb_sigusr1(int sig)
+{
+ debug("SIGUSR1 RECEIVED");
@ -157,10 +160,12 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
+
+ sf_done = 1;
+}
static void
+
+static void
privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
@@ -576,9 +639,35 @@
{
#ifdef DISABLE_FD_PASSING
@@ -576,8 +639,34 @@
reseed_prngs();
@ -169,7 +174,7 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
+
/* Drop privileges */
do_setusercontext(authctxt->pw);
+
+ // Set the effective CAPS to remove SECUREBITS
+ cap_t caps = cap_get_proc();
+ const cap_value_t cl[] = {CAP_SETPCAP};
@ -192,7 +197,6 @@ diff -x '!*.[ch]' -u -r openssh-9.2p1-orig/sshd.c openssh-9.2p1-sf/sshd.c
+ snprintf(sf_nsnet_name, sizeof sf_nsnet_name, "/dev/shm/ns-net-%d", getpid());
+ sf_ssh = ssh;
+ signal(SIGUSR1, cb_sigusr1);
+
skip:
/* It is safe now to apply the key state */
monitor_apply_keystate(ssh, pmonitor);

9
provision/funcs_ubuntu.sh
View File

@ -7,14 +7,13 @@ IS_APT=1
install_sw()
{
command -v docker >/dev/null && return
[[ -n $SF_NO_INTERNET ]] && return
# Docker
bash -c "$(curl -fsSL https://get.docker.com)" || ERREXIT 255
command -v docker >/dev/null || { bash -c "$(curl -fsSL https://get.docker.com)" || ERREXIT 255; }
# Software
if [[ -z $SF_NO_INTERNET ]]; then
"${PKG_INSTALL[@]}" docker-compose net-tools make || ERREXIT 138 "Docker not running"
fi
"${PKG_INSTALL[@]}" docker-compose net-tools make || ERREXIT 138 "Docker not running"
}

13
provision/init-linux.sh
View File

@ -13,7 +13,7 @@
SFI_SRCDIR="$(cd "$(dirname "${0}")/.." || exit; pwd)"
# shellcheck disable=SC1091
source "${SFI_SRCDIR}/provision/system/funcs" || exit 255
source "${0%/*}/system/funcs" || exit 255
NEED_ROOT
SUDO_SF()
@ -25,9 +25,9 @@ SUDO_SF()
init_vars()
{
if command -v apt-get >/dev/null; then
source "${SFI_SRCDIR}/provision/funcs_ubuntu.sh"
source "${0%/*}/funcs_ubuntu.sh"
elif command -v yum >/dev/null; then
source "${SFI_SRCDIR}/provision/funcs_al2.sh"
source "${0%/*}/funcs_al2.sh"
else
ERREXIT 255 "Unknown Linux flavor: No apt-get and no yum."
fi
@ -130,7 +130,12 @@ mergedir()
[[ ! -d "${SF_BASEDIR}/${dst}" ]] && mkdir -p "${SF_BASEDIR}/${dst}"
DEBUGF "Merge $src $dst"
[[ ! -d "${SF_BASEDIR}/${src}" ]] && { cp -r "${SFI_SRCDIR}/${src}" "${SF_BASEDIR}/${dst}" || ERREXIT; } || { CONFLICT+=("${src}"); return 1; }
if [[ -d "${SF_BASEDIR}/${src}" ]]; then
CONFLICT+=("${src}")
return 1
fi
cp -r "${SFI_SRCDIR}/${src}" "${SF_BASEDIR}/${dst}" || ERREXIT
return 0
}

2
sfbin/funcs_admin.sh
View File

@ -515,7 +515,7 @@ lgban()
}
lgstop "${lid}" "$@"
_sf_lgrm "${lid}"
#_sf_lgrm "${lid}" # Dont lgrm here and give user chance to explain to re-instate his server.
_sf_deinit
}