CVE-2015-1635

i am getting the following error running this on my Mac

cve-2015-1635_exploit.rb:51:in <main>': undefined method each_header' for nil:NilClass (NoMethodError)

Current Ruby version: ruby 2.3.7p456 (2018-03-28 revision 63024) [universal.x86_64-darwin18]

Jan 16 '20 19:01 pickeltoes

Hi Are you sure you have got a response from the server? Before line 51, please add the following and tell me what you see

p response

Jan 16 '20 20:01 KINGSABRI

cve-2015-1635_exploit.rb:52:in <main>': undefined method each_header' for nil:NilClass (NoMethodError)

Jacob van Rensburg t: 09 930 6275 | m: 021 100 2639

From: KING SABRI [email protected] Reply to: KINGSABRI/CVE-in-Ruby [email protected] Date: Friday, 17 January 2020 at 9:41 AM To: KINGSABRI/CVE-in-Ruby [email protected] Cc: "IT Provider (PCTECHNZ)" [email protected], Author [email protected] Subject: Re: [KINGSABRI/CVE-in-Ruby] cve-2015-1635 (#11)

Hi Are you sure you have got a response from the server? Before line 51, please add the following and tell me what you see

p response

Jan 16 '20 21:01 pickeltoes

TODO: Find better way to know the default image name

p response

iis_version = response.each_header.to_h["server"]

if iis_version == "Microsoft-IIS/8.5"

path = "/iis-85.png" # IIS 8.x

else

path = "/welcom.png" # IIS 7.x

Jan 16 '20 21:01 pickeltoes

I'm sorry for not making myself clear.

What I meant is, after adding the line I mentioned in the code, execute the exploit and tell paste the outputs here.

Jan 16 '20 22:01 KINGSABRI

nil

cve-2015-1635_exploit.rb:52:in <main>': undefined method each_header' for nil:NilClass (NoMethodError)

Jan 16 '20 22:01 pickeltoes

It means there is no response from the server.

Also, can you uncomment and increase the response waiting time using these lines

http.read_timeout = 5
http.open_timeout = 5

Jan 17 '20 12:01 KINGSABRI