jwilk/traversal-archives

Stars
125
Rank 286,335 (Top 6 %)
Language Makefile
License
MIT License
Created about 8 years ago
Updated 7 months ago

jwilk/traversal-archives

jwilk

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

archive file samples for testing against directory traversal

Overview

This repository provides samples of archive files in various formats that attempt to exploit (hypothetical) directory travesal bugs:

Leading slash:
```
-rw-r--r--  /tmp/moo
```
7zip ar arc arj cab cpio rar tar zip zoo
Multiple leading slashes:
```
-rw-r--r--  //tmp/moo
```
ar arc arj cab cpio rar tar zip zoo
Leading dot-dot:
```
-rw-r--r--  ../moo
```
7zip ar arc arj cab cpio rar tar zip zoo
Non-leading dot-dot:
```
-rw-r--r--  tmp/../../moo
```
7zip ar arj cab cpio rar tar zip zoo

File symlink:

lrwxrwxrwx  moo -> /tmp/moo
-rw-r--r--  moo

7zip arj cpio rar tar zip

Directory symlink:

lrwxrwxrwx  tmp -> /tmp
-rw-r--r--  tmp/moo

7zip arj cpio rar tar zip

Two directory symlinks (variant A):

lrwxrwxrwx  cur -> .
lrwxrwxrwx  par -> cur/..
-rw-r--r--  par/moo

7zip arj cpio rar tar zip

Two directory symlinks (variant B):

lrwxrwxrwx  cur -> .
lrwxrwxrwx  cur/par -> ..
-rw-r--r--  par/moo

7zip arj cpio rar tar zip

Found bugs

The samples helped find the following bugs:

ARJ:
- https://bugs.debian.org/774434 [CVE-2015-0556]
- https://bugs.debian.org/774435 [CVE-2015-0557]
- https://bugs.debian.org/867520
Zoo:
- https://bugs.debian.org/774453
ARC:
- https://bugs.debian.org/774527 [CVE-2015-9275]
gcab:
- https://bugs.debian.org/774580 [CVE-2015-0552]
UnRAR:
- https://www.openwall.com/lists/oss-security/2017/08/14/3 [CVE-2017-12938]
Perl (Archive::Tar):
- https://bugs.debian.org/900834 [CVE-2018-12015]
GNOME Nautilus:
- https://bugs.debian.org/878012
Ark:
- https://bugs.debian.org/878269
archiver:
- mholt/archiver#69

python-syntax-errors

no-op statements syntactically valid only since Python X.Y

python-afl

American Fuzzy Lop fork server and instrumentation for pure-Python code

url.sh

this URL is also malicious(?!) shell script

fbcat

framebuffer grabber

chemiscripts

translate ASCII chemical formulas into Unicode

abmagick

abuse ImageMagick (or GraphicsMagick) to create arbitrary files

mbank-cli

command line interface to mBank online banking system

mwic

Misspelled Words In Context

ttyjack

proof-of-concept tty hijacking via TIOCSTI or TIOCLINUX

anorack

“a” vs “an” checker

shellcat

templating system with shell syntax

pydiatra

yet another static checker for Python code

recidivm

estimate peak virtual memory use

irssi-spellcheck

spell-checker for Irssi

python-aalib

Python interface to AAlib

zygolophodon

CLI for reading Mastodon posts (no account needed)

sinntp

tiny non-interactive NNTP client

didjvu

DjVu encoder with foreground/background separation

abdicate

Aero2 BDI captcha terminal-based client

security-research

Jakub's security research

reStructuredText

lddot

print ELF shared library dependencies in Graphviz format

getenvy

LD_PRELOAD library to snoop on getenv() calls

fuzzing

Jakub's fuzzing goodies

longutf8

generate overlong UTF-8 sequences

tardiff

diff tarball contents

hungrycat

cat & rm in a single tool

vcsnoop

Linux virtual console snooping via TIOCLINUX

sunup

print times of solar midnight, sunrise, solar noon, sunset

diffcmd

print diff if command output changes

holeogram

show where file holes are

dothost

DNS lookup with Graphviz output

pacz

shipment tracking CLI for many carriers (chiefly Polish)

fontcoprinfo

print font copyright information

userscripts

Jakub's custom CSS and JavaScript (for dotPageMod Firefox extension)

scanhelper

command-line tool for batch scanning

dcs-cli

command-line interface to Debian Code Search

github-editmeta

edit GitHub repo metadata in text editor

vcsapeek

Linux virtual console dumper

i18nspector

checking tool for gettext POT, PO and MO files

git-wshow

show git commit diff in the browser

tjmer

detsan

determinism sanitizer

deb-toolbox

random Debian tools

gitlab-toolbox

random GitLab tools

tzzzz

print current time in multiple time zones

unfaithful-less

less (without -U) is not a faithful pager

opensubtitles-dl

download and unpack subtitles from https://www.opensubtitles.org/

pwnsjp

frontend to some Polish dictionaries published by PWN

gitardiff

compare tarballs with “git diff”

aerozol

web scraper to print Aero2 paid plan status

seqrename

rename files to give them sequential numbers

github-toolbox

random GitHub tools

ult

look up Unicode character properties

u8strings

strings(1) with UTF-8 support

huawei-modem-status

print Huawei modem status

unihist2

generate Unicode characters histogram

pypi-toolbox

random PyPI tools

cowproxy

bovine script for mitmproxy

python-syspath-tracker

track who changes Python's sys.path

coding-guidelines

Jakub's coding guidelines (and release checklist)

reStructuredText

sshpg2

keep your SSH keys GPG-encrypted (based on ssh-agent)

japama

Jakub's password manager

pp11

(Poczta Polska) PP-11 human-editable SVG template

waybackpack4git

waybackpack with git storage

sourceforge-authors

create git-svn authors file for SourceForge usernames

inflacja

Polish inflation rate calculator

pagerboy

run program in a pty and pipe output to pager

hardball

hardlink identical copies of the same file

github-vanity

watch who follows you and your repositories on GitHub

c2-dl

download articles from wiki.c2.com

wormhole-send

"wormhole send" with (more) secure defaults

pystrings

strings(1) for Python code

informan

info viewer with man(1)-like UI

urlycue

command-line URL checker

zglab

CLI for reading GitLab issues

zhn

CLI to search for Hacker News stories

ptysolate

tty isolation tool

git-landmine

create local malicious git repo