예제 #1
0
        // MC Server JAR Management

        public ActionResult SelectServerVersion(string jarFile)
        {
            var config = WebConfig.OpenWebConfiguration("~");

            config.AppSettings.Settings["McJarFile"].Value = jarFile;
            config.Save();

            return(RedirectToAction(""));
        }
예제 #2
0
        private void InvestigateDotNet(ServerManager localServer)
        {
            //todo find any commercial deployments???
            //todo detect windows services???
            //todo get app type: Webforms, MVC, WebAPI
            //todo detect sizes of files and directories: app DLLs, all DLLs, all HTML/JS/CSS, whole app, logs)

            foreach (var site in _server.Sites)
            {
                foreach (var dir in site.VirtualDirectories)
                {
                    //load up web.config
                    var virtualDirectoryMapping = new VirtualDirectoryMapping(Environment.ExpandEnvironmentVariables(dir.PhysicalPath), true, "web.config");
                    var fileMap = new WebConfigurationFileMap();
                    fileMap.VirtualDirectories.Add(dir.Path, virtualDirectoryMapping);
                    var webConfig = WebConfigurationManager.OpenMappedWebConfiguration(fileMap, dir.Path, site.Name);

                    //how to work with this webConfig: https://msdn.microsoft.com/en-us/library/system.web.configuration(v=vs.110).aspx

                    var connectionStrings = webConfig.ConnectionStrings.ConnectionStrings;
                    dir.Databases = connectionStrings.Cast <ConnectionStringSettings>().Select(connectionString => new Database
                    {
                        ConnectionName   = connectionString.Name,
                        ConnectionString = connectionString.ConnectionString,
                        Provider         = connectionString.ProviderName
                    }).ToList();

                    var authSection = (AuthenticationSection)webConfig.GetSection("system.web/authentication");
                    dir.AuthenticationMode = authSection.Mode.ToString();
                    //if more auth info is needed for forms auth, start grabbing things off of the authSection.Forms...
                    //dir.Auth = authSection.Forms.

                    //digging up security issues. refer to OWASP guidelines
                    //http://www.developerfusion.com/article/6678/top-10-application-security-vulnerabilities-in-webconfig-files-part-one/
                    //https://www.troyhunt.com/owasp-top-10-for-net-developers-part-2/ <-- look at the whole series

                    var compilationSection = (CompilationSection)webConfig.GetSection("system.web/compilation");
                    dir.TargetDotNetFramework = compilationSection.TargetFramework;
                    dir.DebugEnabled          = compilationSection.Debug;

                    var customErrorsSection = (CustomErrorsSection)webConfig.GetSection("system.web/customErrors");
                    dir.RevealsStockErrorPages = customErrorsSection.Mode == CustomErrorsMode.Off;
                    dir.RevealsErrorUrls       = customErrorsSection.RedirectMode == CustomErrorsRedirectMode.ResponseRedirect;

                    var traceSection = (TraceSection)webConfig.GetSection("system.web/trace");
                    dir.TracePubliclyEnabled = traceSection.Enabled && !traceSection.LocalOnly;

                    var httpRuntimeSection = (HttpRuntimeSection)webConfig.GetSection("system.web/httpRuntime");
                    dir.RevealsAspNetVersionHeader = httpRuntimeSection.EnableVersionHeader;

                    var pagesSection = (PagesSection)webConfig.GetSection("system.web/pages");
                    dir.RequestValidationDisabled = !pagesSection.ValidateRequest;

                    var cookiesSection = (HttpCookiesSection)webConfig.GetSection("system.web/httpCookies");
                    dir.JavaScriptCanAccessCookies = !cookiesSection.HttpOnlyCookies;
                    dir.InsecureCookiesAllowed     = !cookiesSection.RequireSSL;

                    var sessionStateSection = (SessionStateSection)webConfig.GetSection("system.web/sessionState");
                    dir.CookielessSessionsAllowed = sessionStateSection.Cookieless != HttpCookieMode.UseCookies;
                }
            }
        }
예제 #3
0
        public ActionResult UpdateServer(string ver)
        {
            // http://assets.minecraft.net/ <- This is an XML file
            // http://assets.minecraft.net/V_E_R/minecraft_server.jar
            // Old Stuff, from beta 1.8 pre till 1.5.2, and from 11w47 till 13w12 snapshots

            // https://s3.amazonaws.com/Minecraft.Download/versions/versions.json
            // https://s3.amazonaws.com/Minecraft.Download/versions/V.E.R/minecraft_server.V.E.R.jar
            // Minimum Available Server Version: 1.2.5

            var client = new System.Net.WebClient();

            client.CachePolicy = new RequestCachePolicy(RequestCacheLevel.CacheIfAvailable);

            HttpContext.Application["UpdateProgress"] = "Starting...";

            // Get Latest Version
            if (ver.StartsWith("Latest"))
            {
                var jObj = JObject.Parse(client.DownloadString(
                                             "https://s3.amazonaws.com/Minecraft.Download/versions/versions.json"));
                ver = jObj["latest"][ver.Split(' ')[1].ToLower()].Value <string>();
            }

            var jarFile = "minecraft_server." + ver + ".jar";
            var jarUri  = "https://s3.amazonaws.com/Minecraft.Download/versions/" + ver + "/" + jarFile;

            var config   = WebConfig.OpenWebConfiguration("~");
            var settings = config.AppSettings.Settings;

            client.DownloadProgressChanged += (o, e) =>
                                              HttpContext.Application["UpdateProgress"] = e.ProgressPercentage + "%";

            client.DownloadFileCompleted += (o, e) =>
            {
                if (e.Error != null)
                {
                    HttpContext.Application["UpdateProgress"] = "Error: " + e.Error;
                    return;
                }

                HttpContext.Application["UpdateProgress"] = "Completed";

                settings["McJarFile"].Value = jarFile;
                config.Save();
            };

            HttpContext.Application["UpdateProgress"] = "0%";
            System.Threading.Tasks.Task.Run(() => // Workaround to allow Async call
            {
                try
                {
                    client.DownloadFileAsync(new Uri(jarUri), settings["McServerPath"].Value + jarFile);
                }
                catch (Exception ex)
                {
                    HttpContext.Application["UpdateProgress"] = "Error: " + ex;
                }
            });

            return(Content("OK " + DateTime.Now.Ticks));
        }