当前位置: 文江博客话题详情

如何在文件中发送 HTTP 请求?

发布于 2024-12-15 06:13:28 字数 1912 浏览 2 评论 0原文

我正在学习计算机安全并有一个关于命令的问题。我有一个易受攻击的 Web 服务器,我可以通过使用 telnet 命令然后发送带有超长 URL 的 http get 来利用缓冲区溢出。 URL 将溢出缓冲区。我知道这肯定有效。但现在,我想使用 netcat 来自动化该过程。到目前为止,我已将

netcat localhost 8080 < payload1

其发送到本地主机,因为我在同一台计算机上运行服务器和攻击。 Payload1 当前是格式错误的 HTTP Get 语句。但是,服务器无法理解这一点,因为它无法打开文件来查看 HTTP Get 语句。因此,我的问题是:如何使 HTTP Get 语句可执行,或者如何让服务器识别文件中的 HTTP Get?

谢谢!

编辑: 除其他外,保存 uri 的 req 似乎为 0。或者至少当我用 GDB 检查它时是这样。这是给我带来问题的代码行:

  if (req->uri == NULL || req->method == NULL ||
      req->headers == NULL || req->version == NULL) {
          return 0;
  }

GDB 在 if 语句中表示它存在分段错误。

我知道这可能没有多大意义,因为服务器的其余代码不存在。但是,netcat 语句发送的文件是:

get /aaaaaaaaaaaaAAAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddddddddaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa http/1.1

如果我使用 telnet 传输它,服务器会崩溃,所以我知道这是 netcat 的问题。有一个声明说,payload1 需要采用 DOS 格式,并带有 CRLF 结束行。为了检查这一点,我将文件传输到 Windows 计算机并且它显示正确,但是我想知道是否还有其他方法来检查这一点?

原文

I am learning about computer security and have a question about commands. I have a vulnerable web server that I can exploit a buffer overflow in by using the telnet command and and then sending a http get with a super long URL. The URL will overflow a buffer. I know that works for sure. But now, I want to use netcat to automate the process. So far, I have

netcat localhost 8080 < payload1

I send it to the localhost because I am running the server and the attack on the same computer. Payload1 is currently the malformed HTTP Get statement. However, the server cannot understand this because it cannot open the file to see the HTTP Get statement. Therefore, my question is: how can I make the HTTP Get statement executable, or how can I get the server to recognize the HTTP Get within the file?

Thanks!

edit:
it seems like the req which holds the uri, among other things, is 0. Or at least it is when I check it with GDB. This is the line of the code that is giving me a problem:

  if (req->uri == NULL || req->method == NULL ||
      req->headers == NULL || req->version == NULL) {
          return 0;
  }

GDB says its a segmentation fault here at the if statement.

I know it probably doesn't mean much since the rest of the code from the server isn't there. However, the file that the netcat statement sends is :

get /aaaaaaaaaaaaAAAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddddddddaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa http/1.1

If I were to use telnet to transmit it, the server does crash so I know its a problem with netcat. There was a statement that said payload1 needed to be in DOS format with CRLF end lines. To check this I transfered the file to a windows machine and it displayed properly however I was wondering if there was another way to check this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

小嗲 2024-12-22 06:13:28

您看到什么错误使您认为服务器无法读取该文件?使用您使用的命令行,“服务器”不会读取该文件,您的操作系统 shell 会打开该文件并将其用作 netcat 进程的标准输入。

所以我要求你:

  1. 检查payload1的路径。您可能需要使用类似 nc localhost 8080 nc localhost 8080 nc localhost 8080 nc localhost 8080 < /path/to/payload1
  2. 检查您的服务器是否正在侦听 TCP 端口 8080
  3. 如果这些都不起作用,请提出一些错误消息/您遇到的问题症状

更新(基于问题编辑):

这里的客户端是netcat。根据您的编辑,服务器似乎正在崩溃。所以请求正在传递到服务器。您可能刚刚发现了服务器软件的另一个错误(除了原始的缓冲区溢出之外)。当您尝试使用 telnet 时,您是否发送了相同的 URI?

What error do you see that makes you think the server can't read the file? With the command line you've used, the "server" doesn't read the file, your OS shell opens the file and uses that as the standard input for the netcat process.

So I'd ask you to:

  1. Check the path of payload1. You may need to use something like nc localhost 8080 < /path/to/payload1
  2. Check that your server is listening on TCP port 8080
  3. If none of these work, put up some error messages / symptoms of problems you're seeing

Update (based on question edit):

The client here is netcat. Based on your edit, it seems like the server is crashing. So the request is going through to the server. Its possible you just discovered another bug with the server software (in addition to the original buffer overflow). When you tried using telnet, did you send an indentical URI?

回复 原文
~没有更多了~

关于作者

虐人心

有一天你能到我的心里去,你会看到那里全是你给的伤悲。

文章
评论
24518 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

hncloud

文章 0 评论 0

13545243122

文章 0 评论 0

探春

文章 0 评论 0

樱桃奶球

文章 0 评论 0

LR

文章 0 评论 0

J.smile

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文