You are not logged in.

Pages: 1

#1 2019-12-11 22:33:40

psquare
Member
Registered: 2016-09-22
Posts: 5

Trying to execute shell_exec with sudo to nmap

I'm running

  • nginx 1.17.4

  • php 7.4

  • arch linux 5.4.2

Trying to execute the following command to get my user MAC address from IP (this script will run on my lan server) and $_SERVER['REMOTE_ADDR'] does return a valid ip

shell_exec("sudo /usr/bin/nmap -n -sn ".$_SERVER['REMOTE_ADDR'])

But it returns null so I tried the following to get a more info

shell_exec("sudo /usr/bin/nmap -n -sn ".$_SERVER['REMOTE_ADDR'] ." 2>&1")

And got the following: sudo: effective uid is not 0, is sudo installed setuid root?

I don't understand why I get this error because I have added the following in my sudder file

http ALL=NOPASSWD: /usr/bin/nmap

I've modified my passwd to allow login from HTTP to try it in shell and it works but not when I run it in the browser.

Help please!

Thanks

Offline

#2 2019-12-12 00:51:29

loqs
Member
Registered: 2014-03-06
Posts: 17,304

Re: Trying to execute shell_exec with sudo to nmap

Is php provided by php-fpm using the supplied service file?

Offline

#3 2019-12-12 19:55:52

psquare
Member
Registered: 2016-09-22
Posts: 5

Re: Trying to execute shell_exec with sudo to nmap

yes it's php-fpm

Offline

#4 2019-12-12 20:41:58

loqs
Member
Registered: 2014-03-06
Posts: 17,304

Re: Trying to execute shell_exec with sudo to nmap

https://github.com/php/php-src/commit/4 … 45a203e37f

NoNewPrivileges=true

See also
https://www.freedesktop.org/software/sy … .exec.html
https://www.kernel.org/doc/html/latest/ … privs.html

Offline

#5 2019-12-12 22:44:01

psquare
Member
Registered: 2016-09-22
Posts: 5

Re: Trying to execute shell_exec with sudo to nmap

okay so I put the flag to false

NoNewPrivileges=false

but now, I can run the command without any errors but it doesn't seem to find the device I get

Nmap done: 0 IP addresses (0 hosts up) scanned in 0.02 seconds

and when I run it from shell I do get my desired results?

Any ideas?

Thanks

Offline

#6 2019-12-12 23:36:00

loqs
Member
Registered: 2014-03-06
Posts: 17,304

Re: Trying to execute shell_exec with sudo to nmap

https://secwiki.org/w/Running_nmap_as_a … leged_user ?

Offline

#7 2019-12-14 00:43:08

psquare
Member
Registered: 2016-09-22
Posts: 5

Re: Trying to execute shell_exec with sudo to nmap

thank for the info I did what was in the post but now I get

sudo: setrlimit(RLIMIT_CORE): Operation not permitted
Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-13 19:37 EST
route_dst_netlink: cannot create AF_NETLINK socket: Address family not supported by protocol

I don't get it what's going on this used to work

Offline

#8 2019-12-14 00:52:04

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,514
Website

Re: Trying to execute shell_exec with sudo to nmap

You should read the whole php-fpm service file.  Several other variables are relevant.  This error is directly due to "RestrictAddressFamilies".

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#9 2019-12-14 15:51:48

psquare
Member
Registered: 2016-09-22
Posts: 5

Re: Trying to execute shell_exec with sudo to nmap

I commented it out the following line and it seems to work

CapabilityBoundingSet

So thank you for your help, patience and guidance

Offline

Pages: 1

Board footer

Powered by FluxBB