ÿØÿà JFIF ÿá Exif MM * ÿÛ C
Server IP : 199.250.214.225 / Your IP : 18.189.143.136 Web Server : Apache System : Linux vps64074.inmotionhosting.com 3.10.0-1160.105.1.vz7.214.3 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : nicngo5 ( 1001) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /opt/tier1adv/bin/ |
Upload File : |
#!/opt/imh-python/bin/python3 """Switch to another user's shell""" import argparse import subprocess import sys import select import os import pymysql from argparse import ArgumentTypeError as BadArg sys.path.insert(0, '/opt/support/lib') from arg_types import cpuser_safe_arg def is_cwp(): """Returns true the server is CWP""" return os.path.exists("/usr/local/cwp") def cwp_user_safe(user: str) -> str: """Returns the username if the CWP user is safe by verifying it exists in CWP, raises an exception otherwise""" try: mysql_conn = pymysql.connect(read_default_file="~/.my.cnf",db="root_cwp") cursor = mysql_conn.cursor() result = cursor.execute(f"SELECT * FROM `user` WHERE `username` = '{user}'") # result is number of lines found cursor.close() mysql_conn.close() except Exception as e: print(e) raise BadArg('Failed to query MySQL') if result == 0: raise BadArg('user does not exist or is restricted') return user def switch(username: str): """Switches to ``username``""" # We use subprocess because we actually want to pass our raw file # descriptors to the child in this instance. with subprocess.Popen( ['/bin/su', '-s', '/bin/bash', '-', username] ) as shell: shell.communicate() def parse_args() -> str: """Parses command line arguments and returns a username""" parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('user', type=valid_user, help="user to switch to") return parser.parse_args().user def valid_user(user: str) -> str: if user == 'wordpress': return user if is_cwp(): return cwp_user_safe(user) return cpuser_safe_arg(user) def main(): """Handle command line access""" if select.select([sys.stdin], [], [], 0.0)[0]: sys.exit("Cannot have stdin") user = parse_args() switch(user) if __name__ == "__main__": main()