ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /proc/self/root/opt/fastcomet/nightwatch/debian/
Upload Files
File: //proc/self/root/opt/fastcomet/nightwatch/debian/fastcomet-nightwatch.config
#!/bin/sh
set -e

nightwatch_config_dir='/etc/fastcomet/nightwatch.d/'

echoerr() { echo "$@" 1>&2; }

_fake_curl() {
	_input_url=$1
	PERL_LWP_SSL_VERIFY_HOSTNAME=0 perl -MLWP::UserAgent -e '$ua=LWP::UserAgent->new(); print $ua->get("$ARGV[0]")->decoded_content;' "$1"
	return 0
}

_check_apache_url() {
	_apache_url=$1
	_fake_curl "$_apache_url" | grep -q 'Scoreboard:'
	return $?
}

_check_nginx_url() {
	_nginx_url=$1
	_fake_curl "$_nginx_url" | grep -q 'server accepts handled requests'
	return $?
}

_mysql_check_install() {
	_mysql_username=$1
	_mysql_password=$2
	perl -MDBI -e "eval { local \$SIG{ALRM} = sub { die; }; alarm(5); \$dbh = DBI->connect('DBI:mysql:host=localhost', '$_mysql_username', '$_mysql_password'); exit \$DBI::err; alarm(0); }; exit 1 if \$@"
	return $?
}

apache_status_path() {
	echoerr "Checking Apache configuration..."

	apache_config_filename=${nightwatch_config_dir}Apache.conf
	apache_default_url='http://127.0.0.1/server-status?auto'
	apache_default_https='https://127.0.0.1/server-status?auto'
	apache_url=$(grep '^location' $apache_config_filename | tail -n1 | awk '{print $2}')

	# use the url if it exists
	if [ ! -z $apache_url ]; then
		if _check_apache_url $apache_url ; then
			echoerr "Found Apache status page at $apache_url specified in $apache_config_filename"
			db_set Nightwatch/apache-location ""
			return 0
		elif [ "$apache_url" = "$apache_default_url" ]; then
			echoerr "Attempt to access $apache_url specified in $apache_config_filename failed..."
		else
			echoerr "Attempt to access $apache_url specified in $apache_config_filename failed...trying default"
			if _check_apache_url $apache_default_url; then
				echoerr "Found Apache status page at $apache_default_url (default URL)"
				db_set Nightwatch/apache-location "$apache_default_url"
				return 0;
			elif _check_apache_url $apache_default_https; then
				echoerr "Found Apache status page at $apache_default_https"
				db_set Nightwatch/apache-location "$apache_default_https"
				return 0;
			fi
		fi
	else
		if _check_apache_url $apache_default_url; then
			echoerr "Found Apache status page at $apache_default_url (default URL)"
			db_set Nightwatch/apache-location "$apache_default_url"
			return 0;
		elif _check_apache_url $apache_default_https; then
			echoerr "Found Apache status page at $apache_default_https"
			db_set Nightwatch/apache-location "$apache_default_https"
			return 0;
		fi
	fi

	# really ghetto url extraction
	guess_url=$(grep '^ *<Location' /etc/apache2/mods-enabled/status.conf 2>/dev/null | head -n1 | sed 's/>$//' | awk '{print $2}')
	if [ ! -z $guess_url ]; then
		if _check_apache_url http://127.0.0.1$guess_url?auto; then
			echoerr "Found Apache status page at http://127.0.0.1$guess_url?auto"
			db_set Nightwatch/apache-location "http://127.0.0.1$guess_url?auto"
			return 0
		fi
	fi

	db_set Nightwatch/apache-location "$apache_default_url"
	db_fset Nightwatch/apache-try-configure seen "false"
	db_input high Nightwatch/apache-try-configure
}

nginx_status_path(){
	echoerr "Checking Nginx configuration..."

	nginx_config_filename=${nightwatch_config_dir}Nginx.conf
	nginx_default_url='http://127.0.0.1/nginx_status'
	nginx_default_https='https://127.0.0.1/nginx_status'
	nginx_url=$(grep '^location' $nginx_config_filename 2>/dev/null | tail -n1 | awk '{print $2}')

	# use the url if it exists
	if [ ! -z $nginx_url ]; then
		if _check_nginx_url $nginx_url; then
			echoerr "Found nginx status page at $nginx_url specified in $nginx_config_filename"
			db_set Nightwatch/nginx-location ""
			return 0
		elif [ "$nginx_url" = "$nginx_default_url" ]; then
			echoerr "Attempt to access $nginx_url specified in $nginx_config_filename failed..."
		else
			echoerr "Attempt to access $nginx_url specified in $nginx_config_filename failed...trying default"
			if _check_nginx_url $nginx_default_url; then
				echoerr "Found nginx status page at $nginx_default_url (default URL)"
				db_set Nightwatch/nginx-location ""
				return 0;
			elif _check_nginx_url $nginx_default_https; then
				echoerr "Found nginx status page at $nginx_default_https"
				db_set Nightwatch/nginx-location "$nginx_default_https"
				return 0;
			fi
		fi
	fi

	if _check_nginx_url $nginx_default_url; then
		echoerr "Found nginx status page at $nginx_default_url (default URL)"
		db_set Nightwatch/nginx-location ""
		return 0;
	elif _check_nginx_url $nginx_default_https; then
		echoerr "Found nginx status page at $nginx_default_https"
		db_set Nightwatch/nginx-location "$nginx_default_https"
		return 0;
	fi

	# don't be smart unless we know where to work
	if [ ! -d /etc/nginx/sites-enabled ]; then
		echoerr "Unable to automatically configure nginx for Nightwatch. Please see https://library.linode.com/nightwatch/nightwatch-for-nginx#sph_manual-configuration-all-distributions"
		db_set Nightwatch/nginx-location ""
		return 0
	fi

	# this is kind of weird
	# check to make sure that the haxor mode is gonna work
	if grep -ri '^[[:space:]]*server_name.*127\.0\.0\.2' /etc/nginx/sites-enabled; then
		echoerr "Unable to automatically configure nginx for Nightwatch. Please see https://library.linode.com/nightwatch/nightwatch-for-nginx#sph_manual-configuration-all-distributions"
		db_set Nightwatch/nginx-location ""
		return 0
	fi

	if [ -e /etc/nginx/sites-available/nightwatch ]; then
		if _check_nginx_url http://127.0.0.2/nginx_status; then
			echoerr "Found location configured by Nightwatch previously."
			db_set Nightwatch/nginx-location "http://127.0.0.2/nginx_status"
			return 0
		fi
		echoerr "Unable to automatically configure nginx for Nightwatch. Please see https://library.linode.com/nightwatch/nightwatch-for-nginx#sph_manual-configuration-all-distributions"
		db_set Nightwatch/nginx-location ""
		return 0
	fi
	db_input high Nightwatch/nginx-try-configure || true
}

mysql_cred_check() {
	echoerr "Checking MySQL configuration..."

	mysql_config_filename=${nightwatch_config_dir}MySQL.conf
	mysql_username=$(grep '^username' $mysql_config_filename 2>/dev/null | tail -n1 | awk '{print $2}')
	mysql_password=$(grep '^password' $mysql_config_filename 2>/dev/null | tail -n1 | awk '{print $2}')

	if [ ! -z $mysql_username ] && [ ! -z $mysql_password ]; then
		if _mysql_check_install $mysql_username $mysql_password; then
			echoerr "Successfully connected to MySQL with the credentials located in $mysql_config_filename"
			db_set Nightwatch/mysql-password ""
			return 0
		else
			echoerr "Unable to connect using the credentials specified in $mysql_config_filename...trying Debian maintenance user"
		fi
	fi

	if [ -e /etc/mysql/debian.cnf ]; then
		mysql_password=$(egrep '^\s*password\s*=\s*' /etc/mysql/debian.cnf | head -n1 | sed 's/^\s*password\s*=\s*//')
		if _mysql_check_install debian-sys-maint $mysql_password; then
			echoerr "Successfully connected to MySQL"
			db_set Nightwatch/mysql-password ""
			if [ ! -z $mysql_username ] && [ ! -z $mysql_password ]; then
				db_subst Nightwatch/mysql-overwrite-creds found_user "$mysql_username"
				db_input high Nightwatch/mysql-overwrite-creds || true
			fi
			return 0
		fi
	fi

	mysql_username='fastcomet-nightwatch'
	mysql_password=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)

	create_statement="CREATE USER 'fastcomet-nightwatch'@'localhost' IDENTIFIED BY '$mysql_password';"

	db_set Nightwatch/mysql-password "$mysql_password"
	db_subst Nightwatch/mysql-create-creds create_statement "$create_statement"
	db_input high Nightwatch/mysql-create-creds || true
}

. /usr/share/debconf/confmodule
db_input medium Nightwatch/APIKey || true

if pgrep -f 'httpd|apache2' >/dev/null; then
	apache_status_path
fi

if pgrep -f 'nginx' >/dev/null; then
	nginx_status_path
fi

if pgrep -f 'mysqld' >/dev/null; then
	mysql_cred_check
fi

db_go || true
@ Telegram