audit_etcpasswd does not work!

Question

audit_etcpasswd does not work!

imjdl opened this issue 6 years ago · 6 comments

Hello Emilio, I read the description about audit_etcpasswd.I tested on my own Ubuntu but it didn't work.
My configuration is as follows：
Ubuntu18.0.4
PHP 5.6.37
php.ini:

operation result

I am very confused. Is there something wrong with me? Please help me, thank you (from Google Translate)

Answer 1 · 2018-08-25T21:14:40.000Z

Note that those php.ini setting shown here is just an example on which PHP restrictions the module should still work with. You don't need to set them to work with weevely.

Still seems something is going wrong, so please run :set debug True and try it again, and attach the screenshot here.

Answer 2 · 2018-08-26T05:10:35.000Z

猜测可以试着加个参数:audit_etcpasswd -vector=posix_getpwuid，
让weevely的audit_etcpasswd模块优先使用posix_getpwuid等php方法枚举uid的信息，构造出etc/passwd类似的内容。不知道是否因为choices参数没法初始化一个默认值，导致posix_getpwuid没有执行

Answer 3 · 2018-08-26T08:48:23.000Z

@ViCrack 是的，加一个-vector=posix_getpwuid参数是可以执行的，weevely我也是刚用，源码也不熟悉，现在我正准备看一下源码。谢谢你。

Answer 4 · 2018-08-26T08:55:13.000Z

@epinna I used @ViCrack method, and audit_etcpasswd can be used. But I don't know why, now I am trying to read the source code. thank you.

Answer 5 · 2018-08-26T10:53:32.000Z

Glad it worked, it also was an error on Weevely managing the vector argument. Now it should sort the vector out even if you don't specify it with -vector, please pull it again and try it if you can. Thanks.

Answer 6 · 2018-08-26T12:46:49.000Z

I have tried it and can use it now.