403Webshell
Server IP : 172.67.191.97  /  Your IP : 104.23.197.208
Web Server : Apache/2.4.63 (Ubuntu)
System : Linux adminpruebas-Virtual-Machine 6.14.0-37-generic #37-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 14 22:10:32 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.4.5
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/opt/eset/efs/wap/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/opt/eset/efs/wap/scripts/cert_ctl.sh
#!/bin/sh

print_usage() {
	echo "Usage:"
	echo "      import cert: -a USER_HOME_DIR ESET_CERT_NAME PATH_TO_ESET_CERT"
	echo "      remove cert: -d USER_HOME_DIR ESET_CERT_NAME"
}

if [ $# -lt 3 ]; then
	echo "Missing parameter" 1>&2
	print_usage 1>&2
	exit 2
fi

CERTUTIL="$(PATH="$PATH" which certutil)"
if [ ! -x "$CERTUTIL" ]; then
    echo "certutil is missing" 1>&2
    exit 1
fi

SCRIPT_MODE="$1"
USER_HOME="$2"
ESET_CERT_NAME="$3"
ESET_CERT_PATH="$4"

AFFECTED_BINARIES=""

FIREFOX_DIR="${USER_HOME}/.mozilla/firefox/"
FIREFOX_BINS="/usr/lib/firefox/firefox /usr/lib64/firefox/firefox /usr/lib/firefox/firefox-bin /usr/lib/firefox-esr/firefox-esr"

FIREFOX_SNAP_DIR="${USER_HOME}/snap/firefox/common/.mozilla/firefox/"
FIREFOX_SNAP_BIN="/snap/firefox/current/usr/lib/firefox/firefox"

# Chrome, Chromium, Edge use the same directory for certs
NSSDB_DIR="${USER_HOME}/.pki/nssdb/"
NSSDB_BINS="/opt/google/chrome/chrome /usr/lib/chromium/chromium /usr/bin/chromium-browser /usr/lib/chromium-browser/chromium-browser /usr/lib64/chromium-browser/chromium-browser /opt/microsoft/msedge/msedge"

CHROMIUM_SNAP_DIR="${USER_HOME}/snap/chromium/current/.pki/nssdb/"
CHROMIUM_SNAP_BIN="/snap/chromium/current/usr/lib/chromium-browser/chrome"

check_paths() {
	[ ! -d "$FIREFOX_DIR" ] && FIREFOX_DIR=""
	[ ! -d "$FIREFOX_SNAP_DIR" ] && FIREFOX_SNAP_DIR=""
	[ ! -d "$NSSDB_DIR" ] && NSSDB_DIR=""
	[ ! -d "$CHROMIUM_SNAP_DIR" ] && CHROMIUM_SNAP_DIR=""
}

append_affected_binary_if_exists() {
	local AFFECTED_BINARY="$1"
	if [ ! -x "$AFFECTED_BINARY" ]; then
		return
	fi

	if [ -z "$AFFECTED_BINARIES" ]; then
		AFFECTED_BINARIES="$AFFECTED_BINARY"
	else
		AFFECTED_BINARIES="$(printf "%s\n%s" "${AFFECTED_BINARIES}" "${AFFECTED_BINARY}")"
	fi
}

import_cert() {
	local DB_DIR="$1"
	local IMPORTED=0

	if certutil -A -d "dbm:${DB_DIR}" -i "$ESET_CERT_PATH" -n "$ESET_CERT_NAME" -t "TCu,TCu,Tu" >/dev/null ; then
		IMPORTED=1
	fi

	if certutil -A -d "sql:${DB_DIR}" -i "$ESET_CERT_PATH" -n "$ESET_CERT_NAME" -t "TCu,TCu,Tu" >/dev/null ; then
		IMPORTED=1
	fi

	return "$IMPORTED"
}

import_into_all_firefox_profiles() {
	local FIREFOX_DIR="$1"
	local FIREFOX_ALL_PROFILES
	local FIREFOX_BINS="$2"
	local BINARY
	local IMPORTED
	FIREFOX_ALL_PROFILES="$(grep 'Path=' "$FIREFOX_DIR"profiles.ini | cut -f2 -d '=' )"

	IMPORTED="$(echo "$FIREFOX_ALL_PROFILES" | while read -r a; do
					import_cert "${FIREFOX_DIR}/${a}";
					local RETVAL=$?
					if [ "$RETVAL" -eq 1 ]; then
						echo x;
					fi
				done )"
	
	if [ -n "$IMPORTED" ]; then
		for BINARY in $FIREFOX_BINS ; do
			append_affected_binary_if_exists "$BINARY"
		done
	fi
}

remove_from_all_firefox_profiles() {
	local FIREFOX_DIR="$1"
	local FIREFOX_ALL_PROFILES
	FIREFOX_ALL_PROFILES="$(grep 'Path=' "$FIREFOX_DIR"profiles.ini | cut -f2 -d '=' )"
	echo "$FIREFOX_ALL_PROFILES" | while read -r a; do
		remove_cert "${FIREFOX_DIR}/${a}"
	done
}

import_all() {
	local BINARY
	local RETVAL
	if [ -n "$FIREFOX_DIR" ]; then
		import_into_all_firefox_profiles "$FIREFOX_DIR" "$FIREFOX_BINS"
	fi

	if [ -n "$FIREFOX_SNAP_DIR" ]; then
		import_into_all_firefox_profiles "$FIREFOX_SNAP_DIR" "$FIREFOX_SNAP_BIN"
	fi

	if [ -n "$NSSDB_DIR" ]; then
		# Chrome, Chromium, Chromium epel, Edge use the same directory for certs
		import_cert "${NSSDB_DIR}"
		RETVAL=$?
		if [ "$RETVAL" -eq 1 ]; then
			for BINARY in $NSSDB_BINS ; do
				append_affected_binary_if_exists "$BINARY"
			done
		fi

	fi

	if [ -n "$CHROMIUM_SNAP_DIR" ]; then
		import_cert "$CHROMIUM_SNAP_DIR"
		RETVAL=$?
		if [ "$RETVAL" -eq 1 ]; then
			append_affected_binary_if_exists "$CHROMIUM_SNAP_BIN"
		fi
	fi

	AFFECTED_BINARIES="$(printf "%s\n" "${AFFECTED_BINARIES}" | sort -u | sed 's,/current/,/*/,g')"
}

remove_cert() {
	local DB_DIR="$1"

	certutil -D -d "dbm:${DB_DIR}" -n "$ESET_CERT_NAME" >/dev/null 2>&1
	certutil -D -d "sql:${DB_DIR}" -n "$ESET_CERT_NAME" >/dev/null 2>&1
}

remove_all() {
	if [ -n "$FIREFOX_DIR" ]; then
		remove_from_all_firefox_profiles "$FIREFOX_DIR"
	fi

	if [ -n "$FIREFOX_SNAP_DIR" ]; then
		remove_from_all_firefox_profiles "$FIREFOX_SNAP_DIR"
	fi

	if [ -n "$NSSDB_DIR" ]; then
		remove_cert "$NSSDB_DIR"
	fi

	if [ -n "$CHROMIUM_SNAP_DIR" ]; then
		remove_cert "$CHROMIUM_SNAP_DIR"
	fi
}


# main
check_paths

if [ "$SCRIPT_MODE" = "-a" ] && [ $# -eq 4 ]; then
	remove_all
	import_all
	echo "$AFFECTED_BINARIES"
elif [ "$SCRIPT_MODE" = "-d" ] && [ $# -eq 3 ]; then
	remove_all
else
	echo "Wrong argument" 1>&2
	print_usage 1>&2
	exit 2
fi

Youez - 2016 - github.com/yon3zu
LinuXploit