From cc769fdf64b91d9369847c1a61923f1c2534315a Mon Sep 17 00:00:00 2001 From: Ravinder Nehra Date: Sun, 4 Jun 2017 21:47:24 +0530 Subject: [PATCH] Update docs for Command Execution Emulator (#145) * Update docs for Command Execution Emulator * update link --- README.md | 4 ++++ docs/source/config.rst | 7 ++++++- docs/source/emulators.rst | 14 ++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index df7296df..a3527376 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,12 @@ Getting Started 1. For PHP Sandbox setup, see sandbox [manual] (https://github.com/mushorg/phpox) 2. In PHP Sandbox directory, run sandbox: ``sudo python3 sandbox.py`` +### Setup Docker +1. Install [docker](https://docs.docker.com/engine/installation/linux/ubuntu/) +2. Pull the required image to use [default : ``busybox:latest``] + ### Setup and run TANNER diff --git a/docs/source/config.rst b/docs/source/config.rst index c72ed1b2..ed4e6f75 100644 --- a/docs/source/config.rst +++ b/docs/source/config.rst @@ -23,12 +23,16 @@ There are 8 different sections : :root_dir: The root directory for emulators that need data storing such as SQLI and LFI. Data will be stored in this directory * **SQLI** - + + :db_name: THe name of database used in SQLI emulator :type: Supports two types MySQL/SQLITE :db_name: The name of database used in SQLI emulator :host: This will be used for MySQL to get the host address :user: This is the MySQL user which perform DB queries :password: The password corresponding to the above user + * **CMD_EXEC** + + :host_image: The image which emulates commands in Command Execution Emulator * **LOGGER** :log_file: Location of tanner log file @@ -52,6 +56,7 @@ If no file is specified, following json will be used as default: 'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1}, 'EMULATORS': {'root_dir': '/opt/tanner'}, 'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'}, + 'CMD_EXEC': {'host_image': 'busybox:latest'}, 'LOGGER': {'log_file': '/opt/tanner/tanner.log'}, 'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'}, 'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'} diff --git a/docs/source/emulators.rst b/docs/source/emulators.rst index b11c5d4d..7ef38c9f 100644 --- a/docs/source/emulators.rst +++ b/docs/source/emulators.rst @@ -87,10 +87,24 @@ It supports two types of DBs. * **MySQL** To enable it, set SQLI type to MySQL in config and set other necessary fields - Host, User and Password +Command Execution Emulator +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +It emulates `Command Execution`_ vulnerability. This attack is detected with pattern. + +:: + +.*(alias|cat|cd|cp|echo|exec|find|for|grep|ifconfig|ls|man|mkdir|netstat|ping|ps|pwd|uname|wget|touch|while).* + +* Each param value is checked against the pattern and ``command`` is extracted. +* The ``command`` is executed in a docker container safely. +* Results from container is injected into the index page. + .. _RFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Remote_File_Inclusion .. _PHPox: https://github.com/mushorg/phpox .. _LFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Local_File_Inclusion .. _XSS: https://en.wikipedia.org/wiki/Cross-site_scripting .. _SQL injection: https://en.wikipedia.org/wiki/SQL_injection +.. _Command Execution: https://www.owasp.org/index.php/Command_Injection .. _manual: https://github.com/client9/libinjection/wiki/doc-sqli-python \ No newline at end of file