I have a problem... I'm using RH7.1 and for some reason I don't know, after upgrading some packages (including sshd) and restarting sshd, this one do not work anymore... The problem is that I'm not at my home and I don't have the access to the console...
So I investigated what could be done to have root access to my box (of course this is *really* my box, I have the root password) and I found that one of my Mason scripts has a hole in it because Mason do not run in tainted perl mode. So I have access to a ftp user on my box (anonymous is disabled) so I can upload a script in /tmp, I can run it with a tweaked URL on my web server and of course it runs under the apache user... I use it to launch a server on a high port number and I want to be able to launch commands like 'su' to enter my password, have root access and correct the problem.
Here (below) is the script I use but I cannot manage to have it work well. I surely have something wrong but I don't know what. I use a specified pty that I know is not in use to avoir pty search and you can also note that I have not the IO::Pty module installed. Installing it from user apache did not succeed (I used CPAN module to try). The problem is that I progress very slowly because each time I have to enter a tweaked URL, redirect it to a file in /tmp and download it by ftp to see the result.
The problem with the script is that I can enter commands, execute them, but I don't see the result. The result is sent to normal STDOUT so it is redirected in /tmp by the tweaked URL. Also, when I send 'su' (blindly) and enter the password, it says (again, in /tmp/x) that the password is wrong. In the file in /tmp I see 'Password:' (output of su), the good password I entered followed by a ^M, 2 blank lines and 'su: incorrect password' (again output of su)...
Can you help me please ?
Here is the script I use (I made it from several scripts discovered on the net, none of them is what I need) :
---------------------------------------------------------------------- #!/usr/bin/perl -w use IO::Socket; use Net::hostent; # for OO version of gethostbyaddr use POSIX;
$PORT = 9009;
$server = IO::Socket::INET->new( Proto => 'tcp',
LocalPort => $PORT,
Listen => SOMAXCONN,
Reuse => 1);die "can't setup server" unless $server; print "[Server $0 accepting clients]\n";
open(${master}, "/dev/ptycd") or die "can't open /dev/ptycd: $!";
fcntl(${master}, F_SETFL(), O_NONBLOCK());
open(SLAVE, "/dev/ttycd") or die "can't open /dev/ttycd: $!";while ($client = $server->accept()) {
$client->autoflush(1);
print $client "Welcome to $0; type help for command list.\n";
$hostinfo = gethostbyaddr($client->peeraddr);
printf "[Connect from %s]\n", $hostinfo->name || $client->peerhost;
print $client "Command? ";
while (<$client>) {
next unless /\S/; # blank line
if (/quit|exit/i) { last; }
elsif (/bye/i) { exit(0); }
else {
my $pid = fork;
die "can't fork: $!" unless defined $pid;
if ($pid == 0) {
open(STDIN, '<&'.fileno(SLAVE));
open(STDOUT, '>&'.fileno(SLAVE));
open(STERR, '>&'.fileno(SLAVE));
exec($_);
exit(0);
} else {
local ($|) = (1);
open(STDIN, '<&'.fileno(${master}));
open(STDOUT, '>&'.fileno(${master}));
open(STERR, '>&'.fileno(${master}));
while(1) {
print $client ":";
$_ = <$client>;
last if /exit/;
print $client "Sending [$_]";
print $_;
sleep(1);
my $buf;
while (my $rd = sysread(STDIN, $buf, 1024)) {
print ${client} $buf;
}
}
}
}
} continue {
print $client "Command? ";
}
close $client;
}
-------------------------------------------------------------I hope you can help me because I will go back home (in Paris) only when I will have a job interview. For the moment I am at my sister's in Almere, near Amsterdam. I am searching for an entire day without success and I hope you will be able to help me.
Bye and thank you in advance !
Alexandre Jousset.
