Calling a wrapper (privilege escalation) from PHP since cPanel 11.38

tizoo

Well-Known Member
Jan 6, 2004
75
3
158
cPanel Access Level
DataCenter Provider
Hi all,

I tried to make the example *PrivEscExample.tar.gz* to work but I cannot find how to call the Namespace/module/function from PHP.

For short, how to translate this call in PHP :

Code:
my $result = Cpanel::Wrap::send_cpwrapd_request(
        'namespace' => 'MyNamespace',
        'module'    => 'MyExample',
        'function'  => 'ECHO',
        'data'      => 'Hello World !'
    );
Before cPanel 11.38, something like the following code would have worked :

Code:
$this->cpanel = new CPANEL();
$param['data'] = 'Hello World!';
$res = $this->cpanel->api2('MyExample', 'ECHO', $param);
But now it didn't work anymore as it try to load a module which is not present anymore.

I tried the following which seems to me a good candidate :

Code:
$param['namespace'] = 'MyNamespace';
$param['module'] = 'MyExample';
$param['function'] = 'ECHO';
$param['data'] = 'Hello World!';
$res = $this->cpanel->api2('Wrap', 'send_cpwrapd_request', $param);
But it seems that the "Wrap" module lacks the function "send_cpwrapd_request".

As I didn't find any documentation explaining how to access the wrapper function from PHP, could someone from cPanel staff give me some hints or point me to the explanations that I missed.

Thanks in advance.

Cheers,
Philipppe
 

tizoo

Well-Known Member
Jan 6, 2004
75
3
158
cPanel Access Level
DataCenter Provider
Hi all,

In fact it seems that it is not possible to make the same call with PHP as the documentation tell how to make it with Perl.

We finally stay with the old way that generate the following error for each call :

Code:
error_log:cpwrapd: falling back to using legacy adminbin: /usr/local/cpanel/bin/tzbmadmin
Cheers,
Philippe
 

Mrg

Member
Feb 8, 2012
16
0
51
cPanel Access Level
Root Administrator
We read https://documentation.cpanel.net/di...+Privilege+Escalation+-+Call+Your+Application

With myexample.live.pl we can do priv escalation:

my $result = Cpanel::Wrap::send_cpwrapd_request(
'namespace' => 'MyNamespace',
'module' => 'MyExample',
'function' => $thing_to_do,
'data' => $string_to_mess_with
);


But how can we call our /usr/local/cpanel/bin/admin/MyNamespace/MyExample with PHP Plugin f.e. in myexample.live.php ?

<?php
require_once "/usr/local/cpanel/php/cpanel.php";
$cpanel = &new CPANEL();
$get = $cpanel->uapi(
//how can we call Cpanel::Wrap::send_cpwrapd_request ?
);
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello,

I've merged your posts into this thread, as there's no need to post the same question to multiple threads.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello,

Here's the response to the associated support ticket for this issue from David N:

Hello,

Thanks for contacting us. The way cpwrap is written, the only language that can interface with it is Perl. However, it's possible (and not very difficult) to write a thin custom UAPI module with a call (or calls) that wraps your cpwrap call. Your LiveAPI page will then use $cpanel->uapi to invoke the custom UAPI call you've written. I recommend reading over the custom UAPI modules documentation if you haven't already:

http://documentation.cpanel.net/display/SDK/UAPI+-+Custom+UAPI+Modules

If you have any more questions about this, please don't hesitate to ask.
Thank you.
 

tizoo

Well-Known Member
Jan 6, 2004
75
3
158
cPanel Access Level
DataCenter Provider
Hi Mrg,

We do exactely as cPanelMichael tell you :

1) Created a custom module (TZBM.pm)
2) Installed the custom module in /usr/local/cpanel/Cpanel/
3) Call it from PHP with something like :

$cpanel->api2('TZBM', 'genmailboxlistfile', $param);

Hope this help.

Cheers,
Philippe