forked from mandiant/citrix-ioc-scanner-cve-2023-3519
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild.sh
executable file
·113 lines (106 loc) · 4.36 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/bash
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This is meant to be run on a modern Linux system.
# e.g. we'll refer to `base64` rather than `b64decode`.
#
# strategy:
#
# 1. create temp directory
# 2. copy our resources into temp directory
# 3. tgz the directory
# 4. base64 directory
# 5. emit .sh script containing bootstrap and base64 blob
# 6. remove temp directory
# unset variables are errors
set -o nounset;
# any failed commands are errors
set -o errexit;
# current_directory is the path to the directory containing this script.
# ref: https://stackoverflow.com/a/4774063/87207
readonly current_directory="$( cd "$(dirname "$0")" ; pwd -P )"
# generate a version file with git metadata
version_file="$current_directory/version.sh";
if [ -f "$version_file" ]; then
rm "$version_file";
fi
echo "#!/usr/bin/bash" > "$version_file";
echo "git_tag=\"$(git describe --tags)\";" >> "$version_file";
echo "git_hash=\"$(git rev-parse HEAD)\";" >> "$version_file";
# not all FreeBSD/NetScaler devices have mktemp.
readonly staging_directory="/tmp/$(date +%s)";
mkdir "$staging_directory";
cp "$current_directory/ioc-scanner-CVE-2023-3519.sh" "$staging_directory/ioc-scanner-CVE-2023-3519.sh";
cp "$current_directory/version.sh" "$staging_directory/version.sh";
cp -r "$current_directory/scanners/" "$staging_directory/scanners/" >/dev/null;
cd "$staging_directory";
tar czvf "payload.tgz" "ioc-scanner-CVE-2023-3519.sh" "./scanners/" "version.sh" >/dev/null;
cd - >/dev/null;
readonly payload=$(cat "$staging_directory/payload.tgz" | base64 -);
# FreeBSD/NetScaler has bash at /usr/bin/bash
# while linux uses /bin/bash.
# our target audience is NetScaler devices, so prefer that.
# all users should really invoke bash explicitly, like: `bash ioc-scanner.sh`
echo "#!/usr/bin/bash";
echo "# Indicator of Compromise Scanner for CVE-2023-3519 (Citrix ADC)";
echo "# Copyright 2023 Google LLC";
echo "#";
echo "# Licensed under the Apache License, Version 2.0 (the "License");";
echo "# you may not use this file except in compliance with the License.";
echo "# You may obtain a copy of the License at";
echo "#";
echo "# https://www.apache.org/licenses/LICENSE-2.0";
echo "#";
echo "# Unless required by applicable law or agreed to in writing, software";
echo "# distributed under the License is distributed on an "AS IS" BASIS,";
echo "# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.";
echo "# See the License for the specific language governing permissions and";
echo "# limitations under the License.";
echo "#";
echo "# Build date: $(date)"
echo "# Git hash: $(git rev-parse HEAD)"
echo "#";
echo "# Usage:";
echo "#";
echo "# bash ioc-scanner-CVE-2023-3519.sh [-v|--verbose] [root path, optional, default: /]";
echo "#";
echo "# Must be run as root when running against a live device.";
echo "# Writes status to STDERR.";
echo "# Writes results to STDOUT.";
echo "# Non-zero status upon failure.";
echo 'readonly staging_directory="/tmp/$(date +%s)";';
echo 'mkdir "$staging_directory";';
echo 'readonly payload=$(cat <<HERE';
echo "$payload";
echo "HERE";
echo ");";
echo 'if [ -f "/usr/bin/b64decode" ]; then';
echo ' # this is what FreeBSD/NetScaler will use';
echo ' echo -n "$payload" | b64decode -r > "$staging_directory/payload.tgz";';
echo 'elif [ $(uname -s) == "Darwin" ]; then';
echo ' # this is what macOS will use';
echo ' echo -n "$payload" | base64 -D - > "$staging_directory/payload.tgz";';
echo 'else';
echo ' # this is what Linux will use';
echo ' echo -n "$payload" | base64 -d - > "$staging_directory/payload.tgz";';
echo 'fi';
echo 'cd "$staging_directory" >/dev/null;';
echo ' tar xzvf "payload.tgz" >/dev/null 2>/dev/null;';
echo 'cd - >/dev/null;';
echo 'bash "$staging_directory/ioc-scanner-CVE-2023-3519.sh" "$@";';
echo 'readonly result="$?";';
echo 'rm -rf "$staging_directory";';
echo 'exit "$result";'
rm -rf "$staging_directory";