View Issue Details

IDProjectCategoryView StatusLast Update
0007485Kali Linux[All Projects] Kali Package Bugpublic2022-01-06 14:14
Reporteradrian.vollmer Assigned Tosbrun  
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2021.3 
Target VersionFixed in Version2022.1 
Summary0007485: changeme can't handle relative paths
DescriptionIf you try to pass a file to changeme using a relative path, it interprets the path as a hostname because it thinks the path doesn't exist.

In Kali, changeme is called using this wrapper script:

```
#!/bin/sh

set -e

cd /usr/share/changeme
exec ./changeme.py "$@"
```

As you can see, the directory is changed, which is why relative paths won't work anymore.

It's better to call it like this:

```
#!/bin/sh

set -e

export PYTHONPATH=/usr/share/changeme
exec /usr/share/changeme/changeme.py "$@"
```
Steps To ReproduceCall changeme with a file in another directory using a relative paths:

```
$ changeme ../nmap/synscan.xml

 #####################################################
# _ #
# ___| |__ __ _ _ __ __ _ ___ _ __ ___ ___ #
# / __| '_ \ / _` | '_ \ / _` |/ _ \ '_ ` _ \ / _ \ #
# | (__| | | | (_| | | | | (_| | __/ | | | | | __/ #
# \___|_| |_|\__,_|_| |_|\__, |\___|_| |_| |_|\___| #
# |___/ #
# v1.2.3 #
# Default Credential Scanner by @ztgrace #
 #####################################################

Loaded 123 default credential profiles
Loaded 397 default credentials

No default credentials found
```

After my proposed patch, it looks like this:

```
$ changeme ../nmap/synscan.xml

 #####################################################
# _ #
# ___| |__ __ _ _ __ __ _ ___ _ __ ___ ___ #
# / __| '_ \ / _` | '_ \ / _` |/ _ \ '_ ` _ \ / _ \ #
# | (__| | | | (_| | | | | (_| | __/ | | | | | __/ #
# \___|_| |_|\__,_|_| |_|\__, |\___|_| |_| |_|\___| #
# |___/ #
# v1.2.3 #
# Default Credential Scanner by @ztgrace #
 #####################################################

Loaded 123 default credential profiles
Loaded 397 default credentials

[13:54:44] [+] Found Apache Tomcat default cred XXXX:XXXX at http://XXXXXXXXX:8080/manager/html
````

```

Activities

adrian.vollmer

2021-12-13 13:22

reporter   ~0015505

A better step to reproduce, in case you don't have a vulnerable server:

nmap -X ../test <someserver>
changeme -v ../test.xml

If working correctly, you should be seeing a line like this:

[14:17:46] Loaded 730 hosts from ../nmap/synscan.xml

With the current behavior, you will not see such a line.

sbrun

2022-01-06 14:14

manager   ~0015598

thanks for the report.

it's fixed in version 1.2.3-3.

Issue History

Date Modified Username Field Change
2021-12-13 12:55 adrian.vollmer New Issue
2021-12-13 13:22 adrian.vollmer Note Added: 0015505
2021-12-29 13:25 sbrun Assigned To => sbrun
2021-12-29 13:25 sbrun Status new => assigned
2022-01-06 14:14 sbrun Status assigned => resolved
2022-01-06 14:14 sbrun Resolution open => fixed
2022-01-06 14:14 sbrun Fixed in Version => 2022.1
2022-01-06 14:14 sbrun Note Added: 0015598