sad/segfault
1
0
Fork 0
mirror of https://github.com/hackerschoice/segfault.git synced 2024-06-16 03:48:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

various

Browse Source
This commit is contained in:
SkyperTHC 2024-01-16 13:47:48 +00:00
parent 74f782184c
commit 91af93ddf4
No known key found for this signature in database
GPG Key ID: A9BD386DF9113CD6
8 changed files with 95 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -56,6 +56,7 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/transfer"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/asn"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sshj"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/shred"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/rshell"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/pkg-install.sh"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"

1
config/etc/sf/sf.conf
View File

@ -56,6 +56,7 @@
#SF_USER_DEV_KVM= # =1 to allow access to /dev/kvm (Warning: User can DoS PHY)
#SF_ALLOW_SRC_TOR= # =1 to allow connections from TOR
#SF_USER_IMMUNE= # =1 to not ban user by lgban
#SF_USER_ALLOW_IP= # =any to ingore IP ban (use in limits.conf)
# Limit to 8 concurrently running servers per IP
#SF_LIMIT_SERVER_BY_IP=8

7
encfsd/encfsd.sh
View File

@ -130,6 +130,7 @@ load_limits()
unset SF_USER_FS_INODE
unset SF_USER_ROOT_FS_SIZE
unset SF_USER_ROOT_FS_INODE
unset SF_HOSTNAME
source "/sf/run/users/lg-${lid}/limits.txt"
}
@ -208,9 +209,9 @@ cmd_user_mount()
# HERE: Not yet mounted.
# Set XFS limits
load_limits "${lid}"
[[ -n $SF_USER_FS_INODE ]] || [[ -n $SF_USER_FS_SIZE ]] && {
[[ -z $SF_HOSTNAME ]] && { SF_HOSTNAME=$(<"/config/db/user/lg-${lid}/hostname") || return 255; }
[[ -n $SF_USER_FS_SIZE ]] && {
SF_NUM=$(<"/config/db/user/lg-${lid}/num") || return 255
SF_HOSTNAME=$(<"/config/db/user/lg-${lid}/hostname") || return 255
prjid=$((SF_NUM + 10000000))
DEBUGF "SF_NUM=${SF_NUM}, prjid=${prjid}, SF_HOSTNAME=${SF_HOSTNAME}, INODE=${SF_USER_FS_INODE}, SIZE=${SF_USER_FS_SIZE}"
err=$(xfs_quota -x -c "limit -p ihard=${SF_USER_FS_INODE:-16384} bhard=${SF_USER_FS_SIZE:-128m} ${prjid}" 2>&1) || { ERR "XFS-QUOTA: \n'$err'"; return 255; }
@ -228,8 +229,8 @@ cmd_user_mount()
# Extend same project quota to /onion and /everyone/SF_HOSTNAME
[[ -n $prjid ]] && {
xfs_quota_sub "${prjid}" "${BASE_RAWDIR_EVR}" "/encfs/sec/everyone-root/everyone/${SF_HOSTNAME:?}"
xfs_quota_sub "${prjid}" "${BASE_RAWDIR_WWW}" "/encfs/sec/www-root/www/${SF_HOSTNAME,,}"
xfs_quota_sub "${prjid}" "${BASE_RAWDIR_EVR}" "/encfs/sec/everyone-root/everyone/${SF_HOSTNAME}"
}
# Mark as mounted (for destructor to track)

4
guest/Dockerfile
View File

@ -748,6 +748,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
gcc-multilib \
lib32ncurses-dev lib32z1-dev || { [ $(uname -m) != x86_64 ] && true; }
RUN /pkg-install.sh HACK ghbin wader/fq '_linux_%arch1%' fq \
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/nitefood/asn/master/asn asn2 \
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardcidr/master/hardCIDR.sh hardcidr \
&& /pkg-install.sh HACK ghbin hahwul/dalfox '_linux_%arch1%' dalfox
RUN /pkg-install.sh NET ghbin hackerschoice/gsocket '_%arch%.deb' \
@ -764,6 +765,7 @@ RUN /pkg-install.sh NET ghbin hackerschoice/gsocket '_%arch%.deb' \
&& /pkg-install.sh NET ghbin ViRb3/wgcf 'linux_%arch1%$' wgcf \
&& /pkg-install.sh NET ghbin poscat0x04/wgcf-teams '-linux' wgcf-teams \
&& /pkg-install.sh NET apt-get install -y --no-install-recommends \
grepcidr \
hping3 \
ipcalc ipcalc-ng \
microsocks \
@ -795,7 +797,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
RUN /pkg-install.sh HACK ghbin ekzhang/bore '%arch:aarch64=arm%-unknown-linux' \
&& pipx install git+https://github.com/bluet/proxybroker2.git \
&& /pkg-install.sh HACK pipx install pwncat-cs \
&& /pkg-install.sh HACK ghbin praetorian-inc/noseyparker 'linux-' noseyparkerπpkt \
&& /pkg-install.sh HACK ghbin praetorian-inc/noseyparker 'linux-' noseyparker \
&& /pkg-install.sh HACK bin 'https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.deb' `# x86_64 only` \
&& /pkg-install.sh HACK bin 'https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb' `# x86_64 only` \
&& /pkg-install.sh HACK ghbin hueristiq/xurlfind3r 'linux_%arch:x86_64=amd64:aarch64=arm64%' xurlfind3r

41
guest/fs-root/etc/shellrc
View File

@ -36,18 +36,18 @@ alias brave="brave-browser"
[[ -t 0 ]] && [[ ! -e "${HOME}/.nokiddie" ]] && {
_nokiddie_warning()
{
local cmd
cmd="$1"
shift 1
local cmd="$1"
local sargs="$2"
shift 2
local is_show
is_show=1
[[ -s "/config/self/wgname" ]] && unset is_show
[[ -s "/config/self/wgname" ]] && { unset is_show; unset _XARGS; }
[[ -e "${HOME}/.nokiddie" ]] && unset is_show
[[ -n $is_show ]] && {
echo -e >&2 "\
${CDC}Massdns${CN}, ${CDC}Masscan${CN} et.al. do not work well via VPN providers. The uplink VPN providers
and Google's 8.8.8.8 / 8.8.4.4 will ${CRY}block the requests${CN} when done to rapidly.
${CDC}${cmd}${CN} does not work well via VPN providers. The uplink VPN providers
will ${CRY}block the requests${CN} when done to rapidly.
Read how the pros do it: ${CB}${CUL}https://thc.org/segfault/faq/nokiddie${CN}"
if [[ -t 0 ]]; then
@ -55,17 +55,28 @@ Read how the pros do it: ${CB}${CUL}https://thc.org/segfault/faq/nokiddie${CN}"
read -r -t10
fi
}
command "$cmd" "$@" # Might not exist and fail nicely here
if [[ -z $sargs ]]; then
command "$cmd" "$@" # Might not exist and fail nicely here
else
[[ -z $is_show ]] && {
echo -e "Adding ${CDC}${sargs}${CN} to your command. To override type:"
echo -e " ${CC}command ${CDC}${cmd} $*${CN}\n"
sleep 2
}
command "$cmd" "$@" $(echo "$sargs") # allow word splitting
fi
}
command -v massdns >/dev/null && massdns(){ _nokiddie_warning "massdns" "$@"; }
command -v puredns >/dev/null && puredns(){ _nokiddie_warning "puredns" "$@"; }
command -v masscan >/dev/null && masscan(){ _nokiddie_warning "masscan" "$@"; }
command -v shuffledns >/dev/null && shuffledns(){ _nokiddie_warning "shuffledns" "$@"; }
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "$@"; }
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "$@"; }
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "$@"; }
command -v zmap >/dev/null && zmap(){ _nokiddie_warning "zmap" "$@"; }
command -v massdns >/dev/null && massdns(){ _nokiddie_warning "massdns" "" "$@"; }
command -v puredns >/dev/null && puredns(){ _nokiddie_warning "puredns" "" "$@"; }
command -v masscan >/dev/null && masscan(){ _nokiddie_warning "masscan" "" "$@"; }
command -v shuffledns >/dev/null && shuffledns(){ _nokiddie_warning "shuffledns" "" "$@"; }
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "-rl 15 -c 4 -bs 4 -hbs 2 -headc 2" "$@"; }
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "" "$@"; }
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "" "$@"; }
command -v zmap >/dev/null && zmap(){ _nokiddie_warning "zmap" "" "$@"; }
}
### for 'curl -x socks5h://$(PROXY) ipinfo.io'

12
guest/fs-root/sf/bin/gsexecio
View File

@ -22,19 +22,17 @@ gsexecio() {
# Old: { echo -e 'dd bs=1 count='"${#s}" 2>/dev/null' | bash; kill -9 $$'; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null
# - Expand diretly into bash -c will make our script show in remote's process list
# Old: { echo -e 'exec bash -c "$(dd bs=1 count='"${#s} 2>/dev/null)"'"'; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
# - The 'sleep 1' is there to give the remote site time to execute 'bash' without the calling shell to read the payload.
# Right deep into the bash tool kit:
# - we dont want that the entire script shows in 'ps' output. Thus read into variable 's' and then
# double eval
# bash -c 'IFS="" s="$(<x.sh)" eval eval "\$s"'
# - Escaping quotes the correct way makes it unreadable. Sorry.
unset s
s+=$(cat)
s+=$'\n'"####ENDMARKER"
{ echo 'exec bash -c '"'"'IFS="" s=$(dd bs=1 count='"${#s}"' 2>/dev/null) eval eval "\$s"'"'"; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
# Understanding the quote-escape, turn ' into '"'"'
# { echo 'exec bash -c '"'"'IFS="" s=$(dd bs=1 count='"${#s}"' 2>/dev/null) eval eval "\$s"'"'"; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
# { echo 'exec bash -c ' IFS="" s=$(dd bs=1 count="${#s}" 2>/dev/null) eval eval "\$s"'; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
unset pl
pl="echo '#####STARTMARKER'"$'\n'
pl+=$(cat)
{ echo 'exec bash -c '"'"'IFS="" s=$(dd bs=1 count='"${#pl}"' 2>/dev/null) eval eval "\$s"'"'"; sleep 1; echo "$pl";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/^#####STARTMARKER/,$p' | tail +2
}

114
host/fs-root/bin/segfaultsh
View File

@ -17,14 +17,6 @@
# Load/restore environment variables from file
# SF_DEBUG can be set by ssh-client with -o SetEnv SF_DEBUG=1 or by
# docker compose '.env' file.
SSH_SF_DEBUG="${SF_DEBUG}" # Set by SSH client
[[ -f /dev/shm/env.txt ]] && eval "$(</dev/shm/env.txt)"
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
unset SSH_SF_DEBUG
eval "$(</sf/bin/funcs_redis.sh)" || exit
# Debug Trace. see sf_trace-DISABLED
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
[[ -t 1 ]] && {
CY="\e[1;33m" # yellow
CDY="\e[0;33m" # yellow
@ -43,6 +35,14 @@ CUL="\e[4m"
CRY="\e[0;33;41m" # YELLOW on RED (warning)
}
SSH_SF_DEBUG="${SF_DEBUG}" # Set by SSH client
eval "$(cat /dev/shm/env.txt || echo false)" || exit
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
unset SSH_SF_DEBUG
eval "$(cat /sf/bin/funcs_redis.sh || echo false)" || exit
# Debug Trace. see sf_trace-DISABLED
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
# [PREFIX] [MSG]
_log()
{
@ -573,18 +573,6 @@ mk_hostname()
unset english
}
setup_fs_limit()
{
# Return if 0 or not set
[[ ! "${SF_USER_ROOT_FS_SIZE_NUM}" -gt 0 ]] && return 0 # true
# Backing FS must be of type XFS
[[ "${SF_BACKING_FS}" != "xfs" ]] && ERREXIT 1 "Backing FS is not XFS but SF_USER_ROOT_FS_SIZE is set"
DOCKER_ARGS+=("--storage-opt")
DOCKER_ARGS+=("size=${SF_USER_ROOT_FS_SIZE:?}")
}
# 1. Set INODE limit per container. Docker does not support this via any
# --storage-opt. Instead we start the container and add ourself to the
# xfs quota group that docker set up. Yeahaaa..
@ -626,8 +614,8 @@ load_limits()
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
# then root is mounted read-only
# SF_USER_ROOT_FS_SIZE=8g
# SF_USER_ROOT_FS_INODE=65536
# SF_USER_FS_SIZE=16g
# SF_USER_ROOT_FS_INODE=65536
# SF_USER_FS_INODE=65536
SF_USER_MEMORY_LIMIT=256m
SF_USER_PIDS_LIMIT=128
@ -731,7 +719,7 @@ load_limits()
DOCKER_ARGS+=("--oom-score-adj=${SF_USER_OOM_SCORE}")
DOCKER_ARGS+=("--blkio-weight=${SF_USER_BLKIO_WEIGHT}")
[[ -n $SF_USER_DEV_KVM ]] && [[ -z $SF_HAS_DEV_KVM ]] && DOCKER_ARGS+=("--device=/dev/kvm")
[[ -n $SF_USER_DEV_KVM ]] && [[ -n $SF_HAS_DEV_KVM ]] && DOCKER_ARGS+=("--device=/dev/kvm")
# Mount external filesystem into LG (for android builders who dont need encryption but high IO)
[[ -n $SF_USER_FS_EXT ]] && {
@ -752,20 +740,20 @@ load_limits()
# HERE: Root-Fs is LIMITED in size
# These files must be mounted read-only as these are special files
# for docker and ingored by --opt storage-size= limitations.
# Backing FS must be of type XFS
[[ "${SF_BACKING_FS}" != "xfs" ]] && ERREXIT 1 "Backing FS is not XFS but SF_USER_ROOT_FS_SIZE is set"
DOCKER_ARGS+=("--storage-opt")
DOCKER_ARGS+=("size=${SF_USER_ROOT_FS_SIZE:?}")
DOCKER_ARGS+=("-v${SF_BASEDIR}/config/etc/hosts:/etc/hosts:ro")
DOCKER_ARGS+=("-v${SF_BASEDIR}/config/db/user/lg-${LID}/hostname:/etc/hostname:ro")
DOCKER_ARGS+=("-v${SF_BASEDIR}/config/etc/resolv.conf:/etc/resolv.conf:ro")
}
fi
write_lg_limits
# NOTE: This is no longer used because /dev/shm is now mounted as tmpfs to make UML work
# [[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
[[ -n $SF_SYSBOX ]] && SYSBOX_ARGS+=("--runtime=sysbox-runc")
setup_fs_limit || ERREXIT 202 "Can't configure XFS limit"
}
# Publish user limits to self/limits, human readable.
@ -824,6 +812,7 @@ check_banned()
{
local blfn
[[ ${SF_USER_ALLOW_IP,,} == "any" ]] && return
[[ -e "${SF_BLACKLIST_DIR}/ip-${YOUR_IP}" ]] && blfn="${SF_BLACKLIST_DIR}/ip-${YOUR_IP}"
[[ -z $blfn ]] && [[ -e "${SF_BLACKLIST_DIR}/net-${YOUR_IP%\.*}" ]] && blfn="${SF_BLACKLIST_DIR}/net-${YOUR_IP%\.*}"
[[ -z $blfn ]] && return
@ -1000,46 +989,49 @@ check_limit_server_by_ip()
fn="/dev/shm/ip-${YOUR_IP_HASH}.conf"
[[ -f "$fn" ]] && {
eval "$(grep ^ARR "$fn")"
[[ ! -f "$fn" ]] && {
tofile "ARR=($LID)" "$fn"
return
}
local n
local lid
n=0
for lid in "${ARR[@]}"; do
[[ -z $lid ]] && break
### Check if any of the shells are still alive
str="$(exec_errnull docker container inspect "lg-${lid}" -f '{{.State.Status}}')" || continue
eval "$(grep ^ARR "$fn")"
# Container can be in "Created" state (reason is unknown)
[[ "$str" != "running" ]] && {
# FIXME: A rare race condition (which in worst case terminates the shell)
# when a container was recently created and a user creates another server
# before the old container entered RUNNING state. Disregard this scenario.
exec_devnull docker stop "lg-${lid}"
continue
}
((n++))
arr_new+=("$lid")
done
local n
local lid
n=0
for lid in "${ARR[@]}"; do
[[ -z $lid ]] && break
### Check if any of the shells are still alive
str="$(exec_errnull docker container inspect "lg-${lid}" -f '{{.State.Status}}')" || continue
## Eyy, good idea to check if they are idle?
[[ "$n" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && {
print_to_many_servers
LOG_W "TO MANY SERVERS FOR ${YOUR_IP}"
ERREXIT 254
# Container can be in "Created" state (reason is unknown)
[[ "$str" != "running" ]] && {
# FIXME: A rare race condition (which in worst case terminates the shell)
# when a container was recently created and a user creates another server
# before the old container entered RUNNING state. Disregard this scenario.
exec_devnull docker stop "lg-${lid}"
continue
}
((n++))
arr_new+=("$lid")
done
[[ "$((n+1))" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && [[ -z $HUSHLOGIN ]] && [[ -n $IS_LOGIN ]] && IS_SHOW_LAST_SERVER="$((n+1))"
## Eyy, good idea to check if they are idle?
[[ "$n" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && {
print_to_many_servers
LOG_W "TO MANY SERVERS FOR ${YOUR_IP}"
ERREXIT 254
}
[[ "$n" -ge 1 ]] && {
# The 3rd and more servers from same IP get less CPU share
SF_USER_CPU_SHARE=2
SF_USER_OOM_SCORE=1000
SF_USER_NICE_SCORE=19
SF_USER_BLKIO_WEIGHT=10
# DEBUGF "${n}. server from ${YOUR_IP}. CPU_SHARE=${SF_USER_CPU_SHARE}, OOM=${SF_USER_OOM_SCORE}."
}
[[ "$((n+1))" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && [[ -z $HUSHLOGIN ]] && [[ -n $IS_LOGIN ]] && IS_SHOW_LAST_SERVER="$((n+1))"
[[ "$n" -ge 1 ]] && {
# The 2nd and further servers from the same IP get less CPU share
SF_USER_CPU_SHARE=2
SF_USER_OOM_SCORE=1000
SF_USER_NICE_SCORE=19
SF_USER_BLKIO_WEIGHT=10
# DEBUGF "${n}. server from ${YOUR_IP}. CPU_SHARE=${SF_USER_CPU_SHARE}, OOM=${SF_USER_OOM_SCORE}."
}
tofile "ARR=(${arr_new[*]} $LID)" "$fn"
@ -1191,6 +1183,8 @@ check_banned
mk_hostname
write_lg_limits
# Show system messages
sysmsg "/config/host/etc/loginmsg-all.sh"

2
sfbin/banhammer.sh
View File

@ -37,4 +37,4 @@ run_ban rx_exhaust.txt banmsg_exhaust.txt &
# CTRL-c here will also send a SIGINTR to all child processes (and kill them)
echo "Banhammer started. Press CTRL-c to stop."
read
read -r -d '' _ </dev/tty