View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007485 | Kali Linux | [All Projects] Kali Package Bug | public | 2021-12-13 12:55 | 2022-01-06 14:14 |
| Reporter | adrian.vollmer | Assigned To | sbrun | ||
| Priority | low | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2021.3 | ||||
| Target Version | Fixed in Version | 2022.1 | |||
| Summary | 0007485: changeme can't handle relative paths | ||||
| Description | If you try to pass a file to changeme using a relative path, it interprets the path as a hostname because it thinks the path doesn't exist. In Kali, changeme is called using this wrapper script: ``` #!/bin/sh set -e cd /usr/share/changeme exec ./changeme.py "$@" ``` As you can see, the directory is changed, which is why relative paths won't work anymore. It's better to call it like this: ``` #!/bin/sh set -e export PYTHONPATH=/usr/share/changeme exec /usr/share/changeme/changeme.py "$@" ``` | ||||
| Steps To Reproduce | Call changeme with a file in another directory using a relative paths: ``` $ changeme ../nmap/synscan.xml ##################################################### # _ # # ___| |__ __ _ _ __ __ _ ___ _ __ ___ ___ # # / __| '_ \ / _` | '_ \ / _` |/ _ \ '_ ` _ \ / _ \ # # | (__| | | | (_| | | | | (_| | __/ | | | | | __/ # # \___|_| |_|\__,_|_| |_|\__, |\___|_| |_| |_|\___| # # |___/ # # v1.2.3 # # Default Credential Scanner by @ztgrace # ##################################################### Loaded 123 default credential profiles Loaded 397 default credentials No default credentials found ``` After my proposed patch, it looks like this: ``` $ changeme ../nmap/synscan.xml ##################################################### # _ # # ___| |__ __ _ _ __ __ _ ___ _ __ ___ ___ # # / __| '_ \ / _` | '_ \ / _` |/ _ \ '_ ` _ \ / _ \ # # | (__| | | | (_| | | | | (_| | __/ | | | | | __/ # # \___|_| |_|\__,_|_| |_|\__, |\___|_| |_| |_|\___| # # |___/ # # v1.2.3 # # Default Credential Scanner by @ztgrace # ##################################################### Loaded 123 default credential profiles Loaded 397 default credentials [13:54:44] [+] Found Apache Tomcat default cred XXXX:XXXX at http://XXXXXXXXX:8080/manager/html ```` ``` | ||||
|
|
A better step to reproduce, in case you don't have a vulnerable server: nmap -X ../test <someserver> changeme -v ../test.xml If working correctly, you should be seeing a line like this: [14:17:46] Loaded 730 hosts from ../nmap/synscan.xml With the current behavior, you will not see such a line. |
|
|
thanks for the report. it's fixed in version 1.2.3-3. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-12-13 12:55 | adrian.vollmer | New Issue | |
| 2021-12-13 13:22 | adrian.vollmer | Note Added: 0015505 | |
| 2021-12-29 13:25 | sbrun | Assigned To | => sbrun |
| 2021-12-29 13:25 | sbrun | Status | new => assigned |
| 2022-01-06 14:14 | sbrun | Status | assigned => resolved |
| 2022-01-06 14:14 | sbrun | Resolution | open => fixed |
| 2022-01-06 14:14 | sbrun | Fixed in Version | => 2022.1 |
| 2022-01-06 14:14 | sbrun | Note Added: 0015598 |