dassecurity-hatlab / aoiawd Goto Github PK

已载入列表插件为空且点击重载后无反应，三个探针插件均已部署到靶机
请问是哪个环节出了问题

服务器执行./tapeworm.phar类指令时报错Can not connect to log center

Hello there!

My name is Ana. I noted that you use the mutation testing tool in the project.
I am a postdoctoral researcher at the University of Seville (Spain), and my colleagues and I are studying how mutation testing tools are used in practice. With this aim in mind, we have analysed over 3,500 public GitHub repositories using mutation testing tools, including yours! This work has recently been published in a journal paper available at https://link.springer.com/content/pdf/10.1007/s10664-022-10177-8.pdf.

To complete this study, we are asking for your help to understand better how mutation testing is used in practice, please! We would be extremely grateful if you could contribute to this study by answering a brief survey of 21 simple questions (no more than 6 minutes). This is the link to the questionnaire https://forms.gle/FvXNrimWAsJYC1zB9.

Drop me an e-mail if you have any questions or comments ([email protected]). Thank you very much in advance!!

我的PHP扩展已经安装了但是开的时候显示如下的报错 大佬求教

最主要是以下的这个报错：
PHP Fatal error: Uncaught Amp\Socket\SocketException: Could not create server tcp://0.0.0.0:1337: [Error: #0] Permission denied

#配依赖项时候踩了几个小坑，以下方案在刚装完系统的Ubuntu 20.04上使用腾讯源和阿里源测试可以完成安装和编译

sudo apt update

sudo apt install -y mongodb-server
sudo apt install -y php-pear #pecl所在包
sudo apt-get install -y php-dev #mongodb的php依赖项
sudo pecl -y install mongodb

sudo find / -name php.ini #找到ini的路径
sudo vi /etc/php/7.4/cli/php.ini #在800行左右的扩展设置里添加 extension=mongodb.so（按照上边安装完成的指示添加即可）

unzip AoiAWD-master.zip #本项目的源码
cd AoiAWD-master/
cd Frontend
sudo apt install npm
npm install
npm run build

cd ../AoiAWD
rm -rf src/public/*
cp -r ../Frontend/dist/* src/public/
#修改phar的 readonly=Off 去掉注释 在1000行左右，默认是被注释掉的
sudo vi /etc/php/7.4/cli/php.ini #注意这里ini的路径
php compile.php

cd ../TapeWorm
php compile.php

#安装 RoundWorm 的依赖项
#wget --no-check-certificate https://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz
#更新：inotify-tools-3.14.tar.gz的链接失效了 可以试试
wget --no-check-certificate https://github.com/inotify-tools/inotify-tools/archive/refs/tags/3.20.2.zip
tar zxvf inotify-tools-3.14.tar.gz
cd inotify-tools-3.14/
./configure
make
sudo make install
cd ..

cd ../RoundWorm
make

cd ../Guardian
php compile.php

#大功告成！开始欢乐的AWD吧！ 以下文件是拷贝到用户控制的机器上运行的
cd ..
cp ./Guardian/guardian.phar ./
cp ./TapeWorm/tapeworm.phar ./
cp ./RoundWorm/roundworm ./
#20 注 flag正则请修改AoiAWD-master/AoiAWD/plugins/FlagBuster.php第22行的正则。

师傅好，web抓到的流量存在url编码，不太方便直观阅读，有什么办法解决吗

请问输出流量篡改是目前仅支持web类型题目吗？PWN类型赛题不支持？

使用Docker部署完后，只有aoiawd.phar文件，而且是usr/src/目录下，没有其他phar文件，

docker compose up -d 后，没有accesstoken

PHP Fatal error: Uncaught Error: Document root requires a readable directory in xxx
windows和Linux环境经试验都不可以
linux目录权限为777，windows目录权限为可读可写

多一层urlencode会导致$_GET或$_POST等数组无法正确获取内容

这就导致当url或post内容中含有特殊字符时，不能正确返回，导致正常功能无法使用

在centos8 中安装了docker，使用docker_AoiAWD_Start.sh 安装，报错。。。

[root@centos8 AoiAWD]# ./docker_AoiAWD_Start.sh
./docker_AoiAWD_Start.sh: line 31: syntax error near unexpected token elif' '/docker_AoiAWD_Start.sh: line 31: elif [[ "$RUN_STATUS" =~ "up-to-date" ]];then

插件加载后 ，flagBuster依然检测不到任何flag字符串的出现。并且我直接在constructor里面加添加警告 还是没有警告出现

师傅求助=w=

请问，flagbuster没有效果该咋办

在 Frontend 中执行 npm install 时报错，debug 日志如下：

24606 verbose notsup SKIPPING OPTIONAL DEPENDENCY: Valid OS:    darwin
24606 verbose notsup SKIPPING OPTIONAL DEPENDENCY: Valid Arch:  any
24606 verbose notsup SKIPPING OPTIONAL DEPENDENCY: Actual OS:   linux
24606 verbose notsup SKIPPING OPTIONAL DEPENDENCY: Actual Arch: x64
24607 verbose stack Error: [email protected] postinstall: `node scripts/build.js`
24607 verbose stack Exit status 1
24607 verbose stack     at EventEmitter.<anonymous> (/usr/lib/node_modules/npm/node_modules/npm-lifecycle/index.js:332:16)
24607 verbose stack     at EventEmitter.emit (events.js:314:20)
24607 verbose stack     at ChildProcess.<anonymous> (/usr/lib/node_modules/npm/node_modules/npm-lifecycle/lib/spawn.js:55:14)
24607 verbose stack     at ChildProcess.emit (events.js:314:20)
24607 verbose stack     at maybeClose (internal/child_process.js:1047:16)
24607 verbose stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
24608 verbose pkgid [email protected]
24609 verbose cwd /home/gsfish/Tools/Defense/AoiAWD/Frontend
24610 verbose Linux 5.4.63-1-lts
24611 verbose argv "/usr/bin/node" "/usr/bin/npm" "install"
24612 verbose node v14.10.0
24613 verbose npm  v6.14.7
24614 error code ELIFECYCLE
24615 error errno 1
24616 error [email protected] postinstall: `node scripts/build.js`
24616 error Exit status 1
24617 error Failed at the [email protected] postinstall script.
24617 error This is probably not a problem with npm. There is likely additional logging output above.
24618 verbose exit [ 1, true ]

修改 package.json 中 node-sass 的版本可解决上述问题：

"node-sass": "^4.12.0"

构建过程

完全参照 BUILD.md，均构建成功。

额外操作

除了运行 sudo apt install mongodb-server 外，还运行了：

$ sudo apt install php-mongodb

错误复现

首先启动 mongodb 服务器：

$ sudo mongod
......
2020-09-26T23:54:02.295+0800 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
2020-09-26T23:54:02.297+0800 I NETWORK  [initandlisten] waiting for connections on port 27017

随后运行：

$ ./aoiawd.phar
...
[2020-09-26 23:55:00] MainServer.info: MongoDB Connect mongodb://127.0.0.1:27017 [] []
[2020-09-26 23:55:00] PluginManager.info: Loading plugin: FlagBuster.php [] []
[2020-09-26 23:55:00] PluginManager.info: Register Routine: web Operation: processlog [] []
[2020-09-26 23:55:00] PluginManager.info: Plugin Loaded. [] []
[2020-09-26 23:55:00] PluginManager.info: Loading plugin: KingWatcher.php [] []
[2020-09-26 23:55:00] PluginManager.info: Register Routine: filesystem Operation: processlog [] []
[2020-09-26 23:55:00] PluginManager.info: Plugin Loaded. [] []
[2020-09-26 23:55:00] PluginManager.info: Loading plugin: ZombieKiller.php [] []
[2020-09-26 23:55:00] PluginManager.info: Register Routine: filesystem Operation: processlog [] []
[2020-09-26 23:55:00] PluginManager.info: Plugin Loaded. [] []
[2020-09-26 23:55:00] Amp\Http\Server\Server.info: Listening on http://0.0.0.0:1337/ [] []
[2020-09-26 23:55:00] aoicommon\socket\AsyncTCPServer.info: Listening on 0.0.0.0:8023 [] []

接着将 access token 输入到 web 页面，出现报错信息：

[2020-09-26 23:56:12] Amp\Http\Server\Server.error: Error: Call to undefined method MongoDB\Driver\Server::executeReadCommand() in phar:///path/to/AoiAWD/AoiAWD/aoiawd.phar/vendor/mongodb/mongodb/src/Operation/Count.php:154

而在 mongodb 服务器运行的终端中，出现：

2020-09-26T23:56:12.488+0800 I NETWORK  [listener] connection accepted from 127.0.0.1:58150 #1 (1 connection now open)
2020-09-26T23:56:12.491+0800 I NETWORK  [conn1] received client metadata from 127.0.0.1:58150 conn: { driver: { name: "mongoc / ext-mongodb:PHP", version: "1.8.2 / 1.3.4" }, os: { type: "Linux", name: "Ubuntu", version: "18.04", architecture: "x86_64" }, platform: "cfg=0x2b8e9 posix=200809 stdc=201112 CC=GCC 7.3.0 CFLAGS="-g -O2 -fdebug-prefix-map=/build/php-mongodb-XOtnKb/php-mongodb-1.3.4=. -fstack-protector-st..." }

版本信息

OS: Ubuntu 18.04 (WSL)

$ php -v
PHP 7.2.24-0ubuntu0.18.04.6 (cli) (built: May 26 2020 13:09:11) ( NTS )

$ php -i | grep mongo
mongodb
libmongoc bundled version => 1.8.2
libmongoc SSL => enabled
libmongoc SSL library => OpenSSL
libmongoc crypto => enabled
libmongoc crypto library => libcrypto
libmongoc crypto system profile => disabled
libmongoc SASL => enabled
mongodb.debug => no value => no value

$ php --ri mongodb
MongoDB extension version => 1.3.4
libbson bundled version => 1.8.2
libmongoc bundled version => 1.8.2

$ mongod --version
db version v3.6.3
git version: 9586e557d54ef70f9ca4b43c26892cd55257e1a5
OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
allocator: tcmalloc
modules: none
build environment:
    distarch: x86_64
    target_arch: x86_64

src/io.c:3:34: fatal error: inotifytools/inotify.h: 没有那个文件或目录
compilation terminated.
Makefile:16: recipe for target 'src/io.o' failed
make: *** [src/io.o] Error 1