Commit 74cb9967 authored by Russ Fish's avatar Russ Fish

Checkpoint.

parent 07d50f4b
This diff is collapsed.
......@@ -87,7 +87,9 @@ sec-check/README-howto.txt - Documentation outline.
You make: input_values.list
At first, Copy input_names.list to input_values.list,
then edit default values onto the lines for auto-form-fill-in.
Values with a leading "!" over-ride an action= arg in the form page URL.
After the first time, you can merge new ones into input_values.list .
Lines with no value are ignored and may be flushed if you want.
- 1631 <input lines in admin-base, 511 unique, with 156 unique field names.
gmake input_msg
......
......@@ -9,15 +9,19 @@
# form-input.gawk's output format is the input format for this script.
#
# A site_values.list file path is provided by a -v VALUES= awk arg.
# Contents are 'name="..." value'. Optional value (to end of line)
# is used for auto-form-fill-in.
# Contents are 'name="..." value'. An optional value (to end of line) is
# the default used for auto-form-fill-in. The Value may be prefixed with a
# ! to cause it to over-ride an action= arg in the form page URL.
#
# Output is a set of page URL's including appended ?args.
# The Get arg method is default. Post is indicated by a post: prefix.
#
# A -v MAX_TIMES= awk arg specifies how many times to target a form.
#
# A -v PROBE=1 awk arg turns on SQL injection probing. A separate URL is
# generated for each ?argument, substituting a labeled mock SQL injection
# attack probe string for the proper value.
#
BEGIN {
if ( ! MAX_TIMES ) MAX_TIMES = 1; # Default.
......@@ -41,11 +45,14 @@ BEGIN {
action = gensub(".* action=\"([^\"]*)\".*", "\\1", 1);
method = gensub(".* method=\"([^\"]*)\".*", "\\1", 1);
# Action= URL can have args specified. Use the values over anything else.
# Action= URL can have args specified. Use the values over anything else,
# unless the default value is prefixed with a ! .
url = action;
action_file = gensub(".*/", "", 1, gensub("?.*", "", 1, url));
delete args;
if ( q = index(action, "?") ) {
url = substr(action, 1, q-1);
# The "&" arg separator is escaped in HTML.
n = split(substr(action, q+1), url_args, "&amp;");
for (i = 1; i <= n; i++) {
......@@ -66,7 +73,7 @@ BEGIN {
# Add host path to relative url's.
if (! index(url, ":") ) url = "https://" host_path "/" url;
##printf "url %s, method %s, args", url, method;
##printf "url %s, file %s, method %s, action args", url, action_file, method;
##for (i in args) printf " %s", args[i]; printf "\n";
target[url]++;
......@@ -122,12 +129,26 @@ form && /^<input/ { # <input type="..." name="..." value=... ...>
form && /^$/ { # Blank line terminates each form section.
arg_str = "";
for (arg in args) {
###if ( args[arg] != "" )
if ( arg_str == "" ) arg_str = arg "=" args[arg];
else arg_str = arg_str "&" arg "=" args[arg];
if ( arg_str == "" ) arg_str = arg "=" args[arg];
else arg_str = arg_str "&" arg "=" args[arg];
}
post = (method=="post" ? "post:" : "");
if (arg_vals) # Ignore if no argument values to supply.
print post url "?" arg_str;
}
if (arg_vals) { # Ignore if no argument values to supply.
if ( ! PROBE ) print post url "?" arg_str; # Not probing.
else {
# Substitute a labeled mock SQL injection attack probe string for
# EACH ?argument value. Generates N urls.
for (arg in args) {
lbl = "**{" action_file ":" arg "}**";
# Quote square-brackets in argument names.
a = gensub("\\[", "\\\\[", 1, gensub("\\]", "\\\\]", 1, arg));
# Notice the single-quote at the head of the inserted probe string.
probe_str = gensub("(\\<" a ")=([^?&]*)", "\\1='" lbl, 1, arg_str);
print post url "?" probe_str;
}
}
}
}
name="MAX_FILE_SIZE" 1024
name="OS"
name="action"
name="add_testuser"
name="addnumber"
name="beginexp"
name="change_testuser"
name="clear_bootstrap"
name="clear_last"
name="def_boot_cmd_line"
name="def_boot_osid"
name="description"
name="dochange"
name="OS" FreeBSD
name="description" Test description.
name="eid" !testexp1
name="email"
name="eventrestart"
name="exp_pideid"
name="exptidx" 7
name="formfields[autoswap]" 0
name="formfields[autoswap_timeout]"
name="formfields[batchmode]"
name="formfields[body]" Test body.
name="formfields[canfail]"
name="formfields[copyid]"
name="formfields[count]"
name="formfields[cpu_usage]" 3
name="formfields[description]" Descriptive text.
name="formfields[eid]" !testexp1
name="formfields[exp_autoswap]" 0
name="formfields[exp_autoswap_timeout]"
name="formfields[exp_batched]"
name="formfields[exp_branch]"
name="formfields[exp_description]" Test experiment.
name="formfields[exp_gid]"
name="formfields[exp_id]" testexp1
name="formfields[exp_idleswap]" 0
name="formfields[exp_idleswap_timeout]"
name="formfields[exp_linktest]"
name="formfields[exp_localnsfile]" /users/fish/shaped-2-nodes.ns
name="formfields[exp_noidleswap_reason]" Testing.
name="formfields[exp_noswap_reason]"
name="formfields[exp_pid]" testbed
name="formfields[exp_preload]"
name="formfields[exp_savedisk]"
name="formfields[exp_swappable]"
name="formfields[faq_entry]" 0
name="formfields[fullname]"
name="formfields[gid]"
name="formfields[fullname]" !testproj-testlist@vulnelab.testbed.emulab.net
name="formfields[global]" !
name="formfields[idleswap]" 0
name="formfields[idleswap_timeout]"
name="formfields[imagename]" testimg
name="formfields[joining_uid]" testuser
name="formfields[linktest_level]"
name="formfields[listname]"
name="formfields[loadpart]"
name="formfields[localnsfile]"
name="formfields[max_concurrent]"
name="formfields[mem_usage]"
name="formfields[listname]" testlist
name="formfields[loadlength]" 1
name="formfields[loadpart]" 1
name="formfields[localnsfile]" /users/fish/shaped-2-nodes.ns
name="formfields[mtype_pc600]" Yep
name="formfields[mtype_pc850]" Yep
name="formfields[mtype_pc3000]" Yep
name="formfields[name]"
name="formfields[new_section]" test_section
name="formfields[node]" pc32
name="formfields[noidleswap_reason]" Testing.
name="formfields[notes]"
name="formfields[op_mode]"
name="formfields[os_feature_ipod]"
name="formfields[os_feature_isup]"
name="formfields[os_feature_linktest]"
name="formfields[os_feature_ping]"
name="formfields[os_feature_ssh]"
name="formfields[os_name]"
name="formfields[os_version]"
name="formfields[op_mode]" NORMALv2
name="formfields[os_name]" FreeBSD
name="formfields[os_version]" 666
name="formfields[part1_osid]"
name="formfields[password1]" EinE_tmp
name="formfields[password2]" EinE_tmp
name="formfields[passphrase1]" EinE_tmp
......@@ -87,18 +49,12 @@ name="formfields[proj_name]" Testproj description.
name="formfields[proj_pcs]" 3
name="formfields[proj_plabpcs]" checked
name="formfields[proj_public]" checked
name="formfields[proj_ronpcs]"
name="formfields[proj_why]" Scanning inputs.
name="formfields[proj_whynotpublic]"
name="formfields[resusage]"
name="formfields[section]"
name="formfields[shared]"
name="formfields[reboot_waittime]" 150
name="formfields[shared]" !
name="formfields[target_uid]" testuser
name="formfields[tid]"
name="formfields[tid]" testtid
name="formfields[title]" Test title.
name="formfields[type]"
name="formfields[units]"
name="formfields[user_interface]"
name="formfields[usr_URL]" http://www.emulab.net
name="formfields[usr_addr2]" Address
name="formfields[usr_addr]" Silly
......@@ -106,88 +62,34 @@ name="formfields[usr_affil]" Emulab Scripts
name="formfields[usr_city]" Salt Lake Silly
name="formfields[usr_country]" USA
name="formfields[usr_email]" fish@flux.utah.edu
name="formfields[usr_key]"
name="formfields[usr_name]" Test User
name="formfields[usr_phone]" 801-123-4567
name="formfields[usr_shell]"
name="formfields[usr_state]" UT
name="formfields[usr_title]" Tester
name="formfields[usr_zip]" 12345
name="formfields[value]"
name="formfields[w_password1]"
name="formfields[w_password2]"
name="formfields[when]"
name="formfields[wholedisk]"
name="formfields[wikiname]" TestUser
name="formfields[xref_tag]" test_tag
name="group_description"
name="gid" !testgroup
name="group_description" Testproj subgroup.
name="group_id" testgroup
name="group_leader" fish
name="group_pid" testproj1
name="inout" !out
name="imageid" testbed-testimg
name="level"
name="log_entry" Test log entry.
name="login"
name="missing"
name="modbase"
name="metadata_guid"
name="metadata_vers"
name="mode"
name="newprefix"
name="newtype"
name="node" pc32
name="node_id" pc32
name="node_type"
name="nodeid" pc32
name="nodes[]" pc32
name="nodetype"
name="nsdata"
name="op_mode"
name="os_feature_ipod"
name="os_feature_isup"
name="os_feature_linktest"
name="os_feature_ping"
name="os_feature_ssh"
name="os_magic"
name="os_path"
name="os_version"
name="nextosid" !
name="node" pc158
name="node_id" pc158
name="node_type" pctest
name="nodeid" pc158
name="nodes[]" pc158
name="os_reboot_waittime" 150
name="os_version" 666
name="osid" emulab-ops-RHL90-STD
name="osname"
name="phone"
name="osname" testosid
name="password" EinE_tmp
name="pid" !testbed
name="poweron"
name="query" what
name="query_type"
name="query_which"
name="range"
name="reboot"
name="referrer"
name="remap[0]"
name="remap[1]"
name="remap[2]"
name="remap[3]"
name="remap[4]"
name="remap[5]"
name="remap[6]"
name="rpms"
name="searchfor"
name="showby"
name="showtype"
name="sortby"
name="startupcmd"
name="tarballs"
name="target_pid" testbed
name="target_uid" testuser
name="template"
name="template_guid"
name="template_vers"
name="templatevalues[Count]"
name="templatevalues[HWType]"
name="templatevalues[ImageName]"
name="templatevalues[NodeName]"
name="templatevalues[PLCHWType]"
name="testuser$$trust"
name="uid" testuser
name="vname"
approveproject_form.php3
archive_view.php3
beginexp_html.php3
boot.php3
delaycontrol.php3
deletegroup.php3
deleteimageid.php3
deleteosid.php3
deleteproject.php3
deletepubkey.php3
deleteuser.php3
editexp.php3
editgroup_form.php3
editimageid.php3
editnodetype.php3
editsitevars.php3
endexp.php3
feedback.php3
freenode.php3
......@@ -17,21 +22,27 @@ gensslcert.php3
joinproject.php3
kb-manage.php3
kb-search.php3
linktest.php3
loadimage.php3
modifyexp.php3
modnodeattributes_form.php3
moduserinfo.php3
newgroup_form.php3
newimageid.php3
newimageid_ez.php3
newmmlist.php3
newnodelog_form.php3
newnodes_list.php3
newosid_form.php3
newproject.php3
news.php3
nodecontrol_form.php3
nscheck_form.php3
nsgen.php3
plab_ez.php3
powertime.php3
prereserve_node.php3
replayexp.php3
showpubkeys.php3
showsfskeys.php3
showsumstats.php3
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
< approveproject_form.php3
< approveuser_form.php3
< approvewauser_form.php3
< archive_missing.php3
......@@ -7,27 +6,17 @@
< cdromqueue.php3
< cdromrequest.php3
< chpasswd.php3
< delaycontrol.php3
< deletenodelog.php3
< deleteproject.php3
< deletesfskey.php3
< delmmlist.php3
< editnodetype.php3
< editsitevars.php3
< expaccess_form.php3
< floormap.php3
< linktest.php3
< menu.php3
< modnodeattributes_form.php3
< newimageid.php3
< newnode_edit.php3
< news.php3
< nodemon.php3
< nodemon_all.php3
< panicbutton.php3
< prereserve_node.php3
< remapexp.php3
< replayexp.php3
< request_idleinfo.php3
< request_swapexp.php3
< robotmap.php3
......
name="MAX_FILE_SIZE"
name="OS"
name="_newattrs[0]"
name="_newvals[0]"
name="abhijeet$$trust"
name="action"
name="add_abhijeet"
name="add_ayers"
name="add_bwhite"
name="add_danderse"
name="add_duerig"
name="add_eb"
name="add_ee"
name="add_fish"
name="add_fjluser"
name="add_flikx"
name="add_gebhardt"
name="add_johnsond"
name="add_kevina"
name="add_kwebb"
name="add_lepreau"
name="add_mike"
name="add_ricci"
name="add_rricci"
name="add_shash"
name="add_stack"
name="add_stoller"
name="add_testuser"
name="addnumber"
name="approval"
name="attributes[adminmfs_osid]"
name="attributes[bios_waittime]"
name="attributes[bootdisk_unit]"
name="attributes[control_interface]"
name="attributes[control_network]"
name="attributes[default_imageid]"
name="attributes[default_osid]"
name="attributes[delay_capacity]"
name="attributes[delay_osid]"
name="attributes[diskloadmfs_osid]"
name="attributes[disksize]"
name="attributes[disktype]"
name="attributes[frequency]"
name="attributes[imageable]"
name="attributes[jail_osid]"
name="attributes[max_interfaces]"
name="attributes[memory]"
name="attributes[power_delay]"
name="attributes[processor]"
name="attributes[rebootable]"
name="attributes[simnode_capacity]"
name="attributes[trivlink_maxspeed]"
name="attributes[virtnode_capacity]"
name="autoswap"
name="ayers$$trust"
name="beginexp"
name="bwhite$$trust"
name="calfeld$$trust"
name="change_abhijeet"
name="change_ayers"
name="change_bwhite"
name="change_calfeld"
name="change_danderse"
name="change_duerig"
name="change_eb"
name="change_ee"
name="change_elabckup"
name="change_fish"
name="change_fjluser"
name="change_flikx"
name="change_gebhardt"
name="change_johnsond"
name="change_kevina"
name="change_kwebb"
name="change_lepreau"
name="change_mike"
name="change_newbold"
name="change_operator"
name="change_ricci"
name="change_rricci"
name="change_shash"
name="change_stack"
name="change_stoller"
name="change_testuser"
name="clear_bootstrap"
name="clear_last"
name="danderse$$trust"
name="def_boot_cmd_line"
name="def_boot_osid"
name="deletes[adminmfs_osid]"
name="deletes[bios_waittime]"
name="deletes[bootdisk_unit]"
name="deletes[control_interface]"
name="deletes[control_network]"
name="deletes[default_imageid]"
name="deletes[default_osid]"
name="deletes[delay_capacity]"
name="deletes[delay_osid]"
name="deletes[diskloadmfs_osid]"
name="deletes[disksize]"
name="deletes[disktype]"
name="deletes[frequency]"
name="deletes[imageable]"
name="deletes[jail_osid]"
name="deletes[max_interfaces]"
name="deletes[memory]"
name="deletes[power_delay]"
name="deletes[processor]"
name="deletes[rebootable]"
name="deletes[simnode_capacity]"
name="deletes[trivlink_maxspeed]"
name="deletes[virtnode_capacity]"
name="description"
name="dochange"
name="duerig$$trust"
name="eb$$trust"
name="ee$$trust"
name="eid"
name="elabckup$$trust"
name="email"
name="exp_pideid"
name="eventrestart"
name="exptidx"
name="fish$$trust"
name="fjluser$$trust"
name="flikx$$trust"
name="force"
name="formfields[autoswap]"
name="formfields[autoswap_timeout]"
name="formfields[batchmode]"
name="formfields[body]"
name="formfields[canfail]"
name="formfields[class]"
name="formfields[copyid]"
name="formfields[count]"
name="formfields[cpu_usage]"
name="formfields[default_osid]"
name="formfields[description]"
name="formfields[exp_autoswap]"
name="formfields[exp_autoswap_timeout]"
......@@ -41,31 +153,52 @@ name="formfields[exp_preload]"
name="formfields[exp_savedisk]"
name="formfields[exp_swappable]"
name="formfields[faq_entry]"
name="formfields[frisbee_pid]"
name="formfields[fullname]"
name="formfields[gid]"
name="formfields[global]"
name="formfields[idle_ignore]"
name="formfields[idleswap]"
name="formfields[idleswap_timeout]"
name="formfields[imagename]"
name="formfields[isdynamic]"
name="formfields[isjailed]"
name="formfields[isplabdslice]"
name="formfields[isremotenode]"
name="formfields[issimnode]"
name="formfields[issubnode]"
name="formfields[isvirtnode]"
name="formfields[joining_uid]"
name="formfields[linktest_level]"
name="formfields[listname]"
name="formfields[load_address]"
name="formfields[loadlength]"
name="formfields[loadpart]"
name="formfields[localnsfile]"
name="formfields[makedefault]"
name="formfields[max_concurrent]"
name="formfields[mem_usage]"
name="formfields[mtype_pc850]"
name="formfields[mtype_pc600]"
name="formfields[new_section]"
name="formfields[node]"
name="formfields[noidleswap_reason]"
name="formfields[noswap_reason]"
name="formfields[notes]"
name="formfields[op_mode]"
name="formfields[os_feature_ipod]"
name="formfields[os_feature_isup]"
name="formfields[os_feature_linkdelays]"
name="formfields[os_feature_linktest]"
name="formfields[os_feature_mlinks]"
name="formfields[os_feature_ping]"
name="formfields[os_feature_ssh]"
name="formfields[os_feature_veths]"
name="formfields[os_name]"
name="formfields[os_version]"
name="formfields[part1_osid]"
name="formfields[part2_osid]"
name="formfields[part3_osid]"
name="formfields[part4_osid]"
name="formfields[path]"
name="formfields[pid]"
name="formfields[proj_URL]"
......@@ -80,9 +213,11 @@ name="formfields[proj_public]"
name="formfields[proj_ronpcs]"
name="formfields[proj_why]"
name="formfields[proj_whynotpublic]"
name="formfields[reboot_waittime]"
name="formfields[resusage]"
name="formfields[section]"
name="formfields[shared]"
name="formfields[swappable]"
name="formfields[target_uid]"
name="formfields[tid]"
name="formfields[title]"
......@@ -109,16 +244,35 @@ name="formfields[when]"
name="formfields[wholedisk]"
name="formfields[wikiname]"
name="formfields[xref_tag]"
name="gebhardt$$trust"
name="group_description"
name="group_id"
name="group_leader"
name="group_pid"
name="head_uid"
name="idleswap"
name="idx"
name="imageid"
name="johnsond$$trust"
name="kevina$$trust"
name="kwebb$$trust"
name="lepreau$$trust"
name="level"
name="log_entry"
name="log_type"
name="message"
name="mike$$trust"
name="modbase"
name="mode"
name="name"
name="newattribute_name"
name="newattribute_value"
name="newbold$$trust"
name="newprefix"
name="newtype"
name="next_boot_cmd_line"
name="next_boot_osid"
name="nextosid"
name="node"
name="node_id"
name="node_type"
......@@ -127,16 +281,24 @@ name="nodes[]"
name="nodetype"
name="nsdata"
name="op_mode"
name="operator$$trust"
name="os_clean"
name="os_feature_ipod"
name="os_feature_isup"
name="os_feature_linkdelays"
name="os_feature_linktest"
name="os_feature_mlinks"
name="os_feature_ping"
name="os_feature_ssh"
name="os_feature_veths"
name="os_magic"
name="os_path"
name="os_reboot_waittime"
name="os_shared"
name="os_version"
name="osid"
name="osname"
name="pcplab_okay"
name="phone"
name="pid"
name="poweron"
......@@ -144,6 +306,7 @@ name="query"
name="query_type"
name="query_which"
name="range"
name="reboot"
name="referrer"
name="remap[0]"
name="remap[1]"
......@@ -152,15 +315,24 @@ name="remap[3]"
name="remap[4]"
name="remap[5]"
name="remap[6]"
name="reserved_pid"
name="ricci$$trust"
name="ron_okay"
name="rpms"
name="rricci$$trust"
name="searchfor"
name="shash$$trust"
name="showby"
name="showtype"
name="silent"
name="sortby"
name="stack$$trust"
name="startupcmd"
name="stoller$$trust"
name="tarballs"
name="target_pid"
name="target_uid"
name="temp_boot_osid"
name="template"
name="templatevalues[Count]"
name="templatevalues[HWType]"
......@@ -169,4 +341,6 @@ name="templatevalues[NodeName]"
name="templatevalues[PLCHWType]"
name="testuser$$trust"
name="uid"
name="user_interface"
name="value"
name="vname"
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
Probe label: '**{boot.php3:node_id}**
Probe label: \'**{delaycontrol.php3:eid}**
Probe label: \'**{delaycontrol.php3:pid}**
Probe label: '**{deleteproject.php3:pid}**
Probe label: '**{editnodetype.php3:node_type}**
Probe label: \'**{editnodetype.php3:formfields[class]}**
Probe label: \'**{kb-manage.php3:formfields[title]}**
Probe label: \'**{kb-manage.php3:formfields[xref_tag]}**
Probe label: \'**{kb-search.php3:query}**
Probe label: '**{modnodeattributes.php3:node_id}**
Probe label: '**{newimageid.php3:formfields[node]}**
Probe label: '**{newimageid.php3:formfields[part1_osid]}**
Probe label: '**{newimageid.php3:formfields[default_osid]}**
Probe label: '**{newimageid.php3:formfields[pid]}**
Probe label: '**{newnodelog.php3:node_id}**
Probe label: '**{nodecontrol.php3:node_id}**
Probe label: '**{replayexp.php3:eid}**
Probe label: '**{replayexp.php3:pid}**
Probe label: '**{showuser_list.php3:searchfor}**
Probe label: '**{updateaccounts.php3:eid}**
Probe label: \'**{updateaccounts.php3:nodeid}**
Probe label: '**{updateaccounts.php3:pid}**
This source diff could not be displayed because it is too large. You can view the blob instead.
gmake admin
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/newproject.php3.html --post-data "formfields[proj_plabpcs]=checked&formfields[proj_funders]=none&formfields[usr_country]=USA&formfields[proj_linked]=checked&MAX_FILE_SIZE=1024&formfields[proj_name]=Testproj%20description.&formfields[usr_city]=Salt%20Lake%20Silly&formfields[usr_affil]=Emulab%20Scripts&formfields[wikiname]=TestUser&formfields[proj_why]=Scanning%20inputs.&formfields[proj_public]=checked&formfields[proj_URL]=http://myboss.vulnelab.testbed.emulab.net&formfields[pid]=testproj3&formfields[usr_state]=UT&formfields[usr_URL]=http://www.emulab.net&formfields[usr_name]=Test%20User&formfields[proj_head_uid]=fish&submit=Submit&formfields[proj_members]=1&formfields[usr_addr]=Silly&formfields[proj_ronpcs]=checked&formfields[proj_pcs]=3&formfields[password1]=EinE_tmp&formfields[usr_email]=fish@flux.utah.edu&formfields[proj_whynotpublic]=&formfields[password2]=EinE_tmp&formfields[usr_key]=&formfields[usr_phone]=801-123-4567&formfields[usr_zip]=12345&formfields[usr_addr2]=Address&formfields[usr_title]='**{newproject.php3:formfields[usr_title]}**" "https://myboss.vulnelab.testbed.emulab.net/newproject.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/approveproject.php3.html --post-data "user_interface=emulab&silent=Yep&head_uid=fish&approval=approve&OK=Submit&pid=testproj3&message='**{approveproject.php3:message}**" "https://myboss.vulnelab.testbed.emulab.net/approveproject.php3"
gmake logout
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/joinproject.php3.html --post-data "formfields[usr_country]=USA&MAX_FILE_SIZE=1024&formfields[usr_city]=Salt%20Lake%20Silly&formfields[usr_affil]=Emulab%20Scripts&formfields[wikiname]=TestUser&formfields[gid]=&formfields[pid]=testproj3&formfields[usr_state]=UT&formfields[usr_URL]=http://www.emulab.net&formfields[usr_name]=Test%20User&submit=Submit&formfields[usr_addr]=Silly&formfields[password1]=EinE_tmp&formfields[usr_email]=testusr3@flux.utah.edu&formfields[password2]=EinE_tmp&formfields[usr_key]=&formfields[usr_phone]=801-123-4567&formfields[usr_zip]=12345&formfields[joining_uid]=testusr3&formfields[usr_addr2]=Address&formfields[usr_title]='**{joinproject.php3:formfields[usr_title]}**" "https://myboss.vulnelab.testbed.emulab.net/joinproject.php3"
gmake admin
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/beginexp_html.php3.html --post-data "formfields[exp_autoswap_timeout]=16&formfields[exp_noswap_reason]=&formfields[exp_id]=testexp3&beginexp=Submit&formfields[exp_noidleswap_reason]=Testing.&formfields[exp_idleswap_timeout]=4&MAX_FILE_SIZE=1024&formfields[exp_batched]=Yep&formfields[exp_swappable]=1&formfields[exp_preload]=Yep&formfields[exp_savedisk]=Yep&formfields[exp_description]=Test%20experiment.&formfields[exp_linktest]=0&formfields[exp_gid]=&formfields[exp_pid]=testproj3&formfields[exp_localnsfile]=/users/fish/shaped-2-nodes.ns&formfields[exp_autoswap]=0&formfields[exp_idleswap]='**{beginexp_html.php3:formfields[exp_idleswap]}**" "https://myboss.vulnelab.testbed.emulab.net/beginexp_html.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/modifyexp.php3.html --post-data "nsdata=&MAX_FILE_SIZE=1024&go=1&formfields[exp_localnsfile]=/users/fish/shaped-2-nodes.ns&eid=testexp3&eventrestart=1&pid=testproj3&reboot='**{modifyexp.php3:reboot}**" "https://myboss.vulnelab.testbed.emulab.net/modifyexp.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/editexp.php3.html --post-data "formfields[mem_usage]=0&formfields[noswap_reason]=&formfields[batchmode]=1&formfields[idleswap_timeout]=4&submit=Submit&formfields[autoswap]=0&formfields[idle_ignore]=1&formfields[autoswap_timeout]=10&formfields[noidleswap_reason]=Testing.&eid=testexp3&formfields[cpu_usage]=3&formfields[idleswap]=0&formfields[linktest_level]=0&formfields[description]=Descriptive%20text.&pid=testproj3&formfields[swappable]='**{editexp.php3:formfields[swappable]}**" "https://myboss.vulnelab.testbed.emulab.net/editexp.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/newgroup.php3.html --post-data "group_id=testgroup3&group_description=Testproj%20subgroup.&group_leader=fish&group_pid='**{newgroup.php3:group_pid}**" "https://myboss.vulnelab.testbed.emulab.net/newgroup.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/editgroup.php3.html --post-data "change_stack=permit&shash$$trust=user&change_mike=permit&fish$$trust=user&change_operator=permit&danderse$$trust=user&ayers$$trust=user&change_kwebb=permit&newbold$$trust=user&change_danderse=permit&change_calfeld=permit&gid=testgroup3&change_fish=permit&ricci$$trust=user&kevina$$trust=user&change_ayers=permit&change_shash=permit&johnsond$$trust=user&stack$$trust=user&kwebb$$trust=user&mike$$trust=user&lepreau$$trust=user&change_kevina=permit&calfeld$$trust=user&stoller$$trust=user&change_stoller=permit&change_newbold=permit&operator$$trust=user&elabckup$$trust=user&change_johnsond=permit&change_ricci=permit&change_lepreau=permit&change_elabckup=permit&pid='**{editgroup.php3:pid}**" "https://myboss.vulnelab.testbed.emulab.net/editgroup.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/newosid.php3.html --post-data "os_feature_isup=checked&os_magic=&os_path=&os_version=666&nextosid=&os_feature_veths=checked&os_feature_ping=checked&os_feature_ipod=checked&OS=FreeBSD&os_feature_linktest=checked&os_feature_mlinks=checked&os_clean=Yep&op_mode=NORMALv2&description=Test%20description.&os_reboot_waittime=150&os_shared=Yep&os_feature_linkdelays=checked&os_feature_ssh=checked&osname=testosid&pid='**{newosid.php3:pid}**" "https://myboss.vulnelab.testbed.emulab.net/newosid.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/newimageid_ez.php3.html --post-data "formfields[os_feature_mlinks]=checked&formfields[mtype_pc600]=Yep&formfields[os_feature_veths]=checked&formfields[os_feature_linktest]=checked&formfields[os_feature_ping]=checked&formfields[path]=/proj/testbed/images/testimg.ndz&formfields[os_version]=666&formfields[gid]=&formfields[pid]=testproj3&formfields[global]=&formfields[os_feature_ssh]=checked&submit=Submit&formfields[os_name]=FreeBSD&formfields[loadpart]=1&formfields[node]=&formfields[reboot_waittime]=150&formfields[os_feature_linkdelays]=checked&formfields[description]=Descriptive%20text.&formfields[imagename]=testimg&formfields[shared]=&formfields[wholedisk]=Yep&formfields[os_feature_isup]=checked&formfields[os_feature_ipod]=checked&formfields[max_concurrent]=&formfields[op_mode]='**{newimageid_ez.php3:formfields[op_mode]}**" "https://myboss.vulnelab.testbed.emulab.net/newimageid_ez.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/newimageid.php3.html --post-data "formfields[loadlength]=1&formfields[mtype_pc600]=Yep&formfields[default_osid]=X&formfields[part2_osid]=X&formfields[path]=/proj/testbed/images/testimg.ndz&formfields[part3_osid]=X&formfields[gid]=&formfields[pid]=testproj3&formfields[makedefault]=Yep&formfields[global]=&formfields[part4_osid]=X&submit=Submit&formfields[loadpart]=1&formfields[node]=&formfields[description]=Descriptive%20text.&formfields[imagename]=testimg&formfields[shared]=&formfields[part1_osid]='**{newimageid.php3:formfields[part1_osid]}**" "https://myboss.vulnelab.testbed.emulab.net/newimageid.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/loadimage.php3.html --post-data "node=pc158&submit=Go%21&imageid='**{loadimage.php3:imageid}**" "https://myboss.vulnelab.testbed.emulab.net/loadimage.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/newmmlist.php3.html --post-data "formfields[listname]=testlist&formfields[pid]=testproj3&submit=Submit&formfields[password1]=EinE_tmp&formfields[password2]=EinE_tmp&formfields[fullname]='**{newmmlist.php3:formfields[fullname]}**" "https://myboss.vulnelab.testbed.emulab.net/newmmlist.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/template_create.php.html --post-data "MAX_FILE_SIZE=1024&formfields[tid]=testtid&formfields[localnsfile]=/users/fish/shaped-2-nodes.ns&formfields[gid]=&formfields[pid]=testproj3&create=Create%20Template&formfields[description]='**{template_create.php:formfields[description]}**" "https://myboss.vulnelab.testbed.emulab.net/template_create.php"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/swapexp.php3.html --post-data "confirmed=Confirm&eid=testexp3&inout=out&pid='**{swapexp.php3:pid}**" "https://myboss.vulnelab.testbed.emulab.net/swapexp.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/deleteuser.php3.html --post-data "confirmed=Confirm&target_uid=testusr3&target_pid='**{deleteuser.php3:target_pid}**" "https://myboss.vulnelab.testbed.emulab.net/deleteuser.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/deletegroup.php3.html --post-data "confirmed=Confirm&gid=testgroup3&pid='**{deletegroup.php3:pid}**" "https://myboss.vulnelab.testbed.emulab.net/deletegroup.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/deleteimageid.php3.html --post-data "confirmed=Confirm&imageid='**{deleteimageid.php3:imageid}**" "https://myboss.vulnelab.testbed.emulab.net/deleteimageid.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/deleteosid.php3.html --post-data "confirmed=Confirm&osid='**{deleteosid.php3:osid}**" "https://myboss.vulnelab.testbed.emulab.net/deleteosid.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/endexp.php3.html --post-data "confirmed=Confirm&eid=testexp3&pid='**{endexp.php3:pid}**" "https://myboss.vulnelab.testbed.emulab.net/endexp.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/deletepubkey.php3.html --post-data "confirmed=Confirm&key=1&target_uid='**{deletepubkey.php3:target_uid}**" "https://myboss.vulnelab.testbed.emulab.net/deletepubkey.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/freenode.php3.html --post-data "confirmed=Confirm&node_id='**{freenode.php3:node_id}**" "https://myboss.vulnelab.testbed.emulab.net/freenode.php3"
wget -S -k --keep-session-cookies --no-check-certificate --load-cookies cookies.txt -O probes.wget/freezeuser.php3.html --post-data "confirmed=Confirm&target_uid=testusr3&action='**{freezeuser.php3:action}**" "https://myboss.vulnelab.testbed.emulab.net/freezeuser.php3"
......@@ -17,8 +17,8 @@
<input type="hidden" name="MAX_FILE_SIZE" value="1024" >
<input type="file" name="usr_keyfile" value="" size=50>
<input type="text" name="formfields[usr_key]" value="" size=50 maxlength=1024>
<input type="password" name="formfields[password1]" size=8>
<input type="password" name="formfields[password2]" size=8>
<input type="password" name="formfields[password1]" value="" size=8>
<input type="password" name="formfields[password2]" value="" size=8>
<input type="text" name="formfields[pid]" value="" size=12 maxlength=12>
<input type="text" name="formfields[gid]" value="" size=12 maxlength=12>
<input type="submit" name="submit" value="Submit" >
......@@