tilde_enum
tilde_enum copied to clipboard
WebBreacher
tilde_enum crash
tilde_enum.py` --no-check-certificate -u https://sometarget -d ../fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories.txt -w ../fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files.txt
[-] Testing with dummy file request https://sometarget/B9s35gaJQh.htm
[-] URLNotThere -> HTTP Code: 404, Response Length: 1245
[-] Testing with user-submitted https://sometarget
[-] URLUser -> HTTP Code: 200, Response Length: 4027
[+] The server is reporting that it is IIS (Microsoft-IIS/7.0).
[+] The server is vulnerable to the tilde enumeration vulnerability (IIS/5|6.x)..
[-] Finished doing the 8.3 enumeration for /.
[-] Now starting the word guessing using word list calls
Traceback (most recent call last):
File "tilde_enum.py", line 669, in <module>
if __name__ == "__main__": main()
File "tilde_enum.py", line 522, in main
performLookups(findings, url_good)
File "tilde_enum.py", line 375, in performLookups
test_response_length = url_response.headers['Content-Length']
File "/usr/lib/python2.7/rfc822.py", line 393, in __getitem__
return self.dict[name.lower()]
KeyError: 'content-length'
Hello and thank you for using this script. Pasting your error in here is a great first step...but I need more information if I'm going to assist you. Here are some questions to start our conversation out. Please feel free to add more questions/answers if you feel the responses might be helpful.
- Are the word list files specified in your command line actually in the ../directory?
- Do you have permission to read the word list files specified in your command line?
- Could you re-run the command with the -v flag set and paste that content?
Thanks!
Actually, I've tried to reproduce your error and am finding that, when the extension passed in via the word list is "aspx" or "aspx." then I get this same response. Can you confirm this?
Sure enough:
[*] Found file: (Size 4062) https://sometarget/searchresult.aspx.aspx.aspx
[+] URL: https://sometarget/searchresult.aspx.aspx.cs -> RESPONSE: 404
[+] URL: https://sometarget/searchresult.aspx.aspx.designer.cs -> RESPONSE: 404
[+] URL: https://sometarget/searchresult.aspx.aspx.resx -> RESPONSE: 404
[+] URL: https://sometarget/searchresult.aspx.aspx.vb -> RESPONSE: 404
[+] URL: https://sometarget/searchresult.aspx.aspxx -> RESPONSE: 404
[+] URL: https://sometarget/searchresult.aspx.aspy -> RESPONSE: 404
[+] URL: https://sometarget/search..asp -> RESPONSE: 404
[+] URL: https://sometarget/search..asp_ -> RESPONSE: 404
[+] URL: https://sometarget/search..asp_files -> RESPONSE: 404
[+] URL: https://sometarget/search..asp- -> RESPONSE: 404
[+] URL: https://sometarget/search..asp.asp -> RESPONSE: 404
[+] URL: https://sometarget/search..asp.bak -> RESPONSE: 404
[+] URL: https://sometarget/search..asp.html -> RESPONSE: 404
[+] URL: https://sometarget/search..asp.lck -> RESPONSE: 404
[+] URL: https://sometarget/search..asp.old -> RESPONSE: 404
[+] URL: https://sometarget/search..asp1 -> RESPONSE: 404
[+] URL: https://sometarget/search..asp2 -> RESPONSE: 404
[+] URL: https://sometarget/search..aspdonotuse -> RESPONSE: 404
[+] URL: https://sometarget/search..aspg -> RESPONSE: 404
[+] URL: https://sometarget/search..aspl -> RESPONSE: 404
[+] URL: https://sometarget/search..aspp -> RESPONSE: 404
[+] URL: https://sometarget/search..asps -> RESPONSE: 404
Traceback (most recent call last):
File "tilde_enum.py", line 669, in <module>
if __name__ == "__main__": main()
File "tilde_enum.py", line 522, in main
performLookups(findings, url_good)
File "tilde_enum.py", line 375, in performLookups
test_response_length = url_response.headers['Content-Length']
File "/usr/lib/python2.7/rfc822.py", line 393, in __getitem__
return self.dict[name.lower()]
KeyError: 'content-length'
Still working on this. I think there is something wrong with the getWebServerResponse() response processing as for the ASPX and some other extensions, the server is not returning expected response but instead an object. As I said, I'm working on this.
Sorry it has taken me so long to get back to you.
As you have found I can confirm the that the issue was with the aspx.
Thank you for working on this. it is much appreciated.
Sincerely,
Dark
On 2/18/17 10:04 PM, WebBreacher wrote:
Still working on this. I think there is something wrong with the getWebServerResponse() response processing as for the ASPX and some other extensions, the server is not returning expected response but instead an object. As I said, I'm working on this.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/WebBreacher/tilde_enum/issues/35#issuecomment-280894436, or mute the thread https://github.com/notifications/unsubscribe-auth/AL5dl8DfinFy4XYea7yCvWQlrdGWCaZNks5rd79QgaJpZM4MFTa6.
