LFI to RCE via access_log injection

#Howto manage ip addresses and #subnets with #phpIPAM



A typical network/system admin is responsible for managing one or more subnets within the network under control. For example, when a LAN segment is assigned a /24 subnet, a total of 254 IP addresses can be used for different purposes. To keep track of what IP addresses are assigned to which hosts, some sort of documentation is needed. The easiest way to do it would be maintaining a single spreadsheet which documents IP address allocation information. This works like a charm for a small network with only one admin. However, relying on a spreadsheet is not convenient and can be error-prone with multiple large networks. Worse, if there are multiple admins involved, updating the spreadsheet could be tricky as each admin could often end up with different versions of the document.
One way to manage IP address allocations more systematically is using a web based IP address management tool. Not only can the web based tool be accessed from anywhere, but a backend database also ensures that all updates to the database are properly synchronized and applied in real time. While there are many web applications available, we will be focusing on setting up phpIPAM (IP Address Manager) in this tutorial. phpIPAM is an open source, efficient IP address management application with the following features.
  • Support for both IPv4 and IPv6 (unlike many other tools, IPv6 support is very good)
  • Built in IPv4 and IPv6 calculator
  • Supports CIDR notations
  • MySQL support
  • Nested subnets
  • User/group based permissions
  • Visual reporting tool
  • Import/export using .xls files
  • Device, VRF, and VLAN support
  • Powerful search engine
  • Email notifications
  • Supports AD/LDAP based authentication
The demo site for phpIPAM is available at http://demo.phpipam.net.
In this tutorial, we will be setting up phpIPAM along with Apache web server in the Ubuntu environment.

Installing phpIPAM on Ubuntu

First of all, install required packages using apt-get.
# apt-get install apache2 mysql-server php5 php5-gmp php-pear php5-mysql php5-ldap wget
If MySQL has been installed for the first time, please set the root password using the following command.
# mysqladmin -u root password NEWPASSWORD
phpIPAM can be set up with any web server directory. We will set it up in the /phpipam/ sub directory under the root directory of Apache web server.
Download phpIPAM package.
# wget http://kent.dl.sourceforge.net/project/phpipam/phpipam-1.0.tar
Extract the package into the web server directory.
# cp phpipam-1.0.tar /var/www/
# cd /var/www/
# tar xvf phpipam-1.0.tar
# rm phpipam-1.0.tar
Now, specify the MySQL username and password, as well as its base directory.
# vim /var/www/phpipam/config.php
1
2
3
4
5
6
7
8
9
10
11
12
13
$db['host'] = "localhost";
## MySQL user for ipam ##
$db['user'] = "phpipam";
## password for the MySQL user ##
$db['pass'] = "phpipamadmin";
## database for MySQL ##
$db['name'] = "phpipam";
## base directory ##
define('BASE', "/phpipam/");
The base directory needs to be defined in the provided .htaccess file.
# vim /var/www/phpipam/.htaccess
RewriteBase /phpipam/

Preparing Apache Web Server

phpIPAM needs the rewrite module for operation. The module can be enabled in an Ubuntu or Debian machine using a2enmod command as follows.
# a2enmod rewrite
Next, Apache's default configuration needs to be changed as well. Please add/modify your configuration to look like the one below.
# vim /etc/apache2/sites-enabled/000-default
1
2
3
4
5
6
/var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        Order allow,deny
        allow from all
</Directory>
Finally, restart Apache web service.
# service apache2 restart

Finalizing Installation

We can finalize the installation of phpIPAM by using the web browser. Pointing the browser to the URL: http:///phpIPAM will show the following phpIPAM installation page. We can proceed to automatic database installation.
Now phpIPAM should be up and running. We can login using the following default credentials.
  • URL: http:///phpipam
  • User: Admin
  • Pass: ipamadmin

Manage IP Addresses with phpIPAM

In the rest of the tutorial, we will walk you through how to manage subnets and IP addresses with phpIPAM.

Creating a section

Let us start by adding a section for our network. Click on Administration > Sections.
Click on "Add Section". Now we can name our section as we want it to be displayed. Fill in the details of the section.

Creating a subnet

Next, we add a new subnet 172.16.1.0/24 under the section 'Our Network'. Click on Our Network > Add Subnet
Now we can easily add IP addresses in the subnet. One method of adding IP addresses is to add them one by one. phpIPAM provides an alternative method to scan all the hosts and add them automatically without much hassle. It can scan the local subnet located in the same broadcast domain, as well as remote subnets reachable through routing. After selecting a subnet, click on 'scan subnet for new hosts' to scan IP addresses as shown below.
After the scan is performed, the discovered IP addresses can be added into the database by clicking the 'Add discovered hosts' button at the bottom.

Creating an IPv6 subnet

IPv6 subnets can also be created in a similar process. We specify the IPv6 network as showed in the screenshot.
All the tools available for IPv4 can be used for IPv6 as well.

Creating a nested subnet

phpIPAM also provides the option of creating nested subnets for both IPv4 and IPv6. For example, we will be dividing our IP block 172.16.1.0/24 into 4 smaller subnets (/26), each for a specific department within the organization. After selecting the /24 subnet, we can create a nested subnet using the 'Add a new nested subnet' button. The screenshot below shows the icon for adding a nested subnet.
After all the subnets have been created, we should have similar output. Following is a nested subnet preview window.

Adding users and groups

First, we will create a group with READ/WRITE permission to the section 'Our network'. This can be done by selecting Administration > Groups > Create Group.
Now that the group has been created, we modify section permission by selecting Administration > Sections, and then editing the section.
We will create a user named 'user1'. We will add the user to the group 'Demonstration group' so that it inherits all necessary permissions from the group. We start by clicking on Administration > Users > Create user.
Now we can log in as this user and add/modify IP addresses under the section 'Our network'.
To sum up, phpIPAM is a versatile IP address management tool that can be used for both IPv4 and IPv6. This tutorial focused on the basics that can help you get started. Be sure to test with all the available features like using IP address calculator, adding devices, VLANs and VRFs, and import/export using xls.



source

Comments