0

Well i made a simple script to send an packet where i need to read the responce, if the response is what im looking for then print out were good, if not print out were bad, Now if the ip IS vuln, then the script works and prints out that its vuln. Now if its not vuln then the script just hangs and gets stuck on sending the payload of HEX data.

use IO::Socket;
use strict;

print "Connecting..\n";
my $socket = IO::Socket::INET->new(
    PeerAddr  => '23.113.161.164', # 38.124.108.67  <-- NON vuln ip for testing
    PeerPort  => 123,              # 23.113.161.164  <-- This IS a vuln ip!
    Proto => 'udp',
    Timeout => 1);
die "Error With Sockets!: $!\n" unless $socket;

print "Connected!\n";

my $payload = "\x97\x00\x00\x00\xAA\x00\x00\x00";
my $good = "\x97\x00\x00\x00";

$socket->send($payload) or die "Nothing got sent.";

my $data;
$socket->recv($data,4);
my $response = substr($data,0,8);
$response = reverse($response);
print $response;

if ($response == "\x97\x00\x00\x00") {
print "IP IS VULN\n";
} else {
print "IP IS NOT VULN\n";
exit;
}

Example error:

Using NON vuln ip:

root@localhost:~# perl 2.pl
Connecting..
Connected!

(Thats where it gets stuck)

Using vuln ip:

root@localhost:~# perl 2.pl
Connecting..
Connected!
▒IP IS VULN

(As you can see it does fine)

This is where the script gets stuck:

$socket->send($payload) or die "Nothing got sent.";

Any help will be greatly appreciated.

Taylor Smyth
  • 1

2 Answers2

2
  • use warnings;
  • use eq for string comparisons, == for numeric comparisons
  • Your code hangs on receive
  • recv() does not, by default, have a timeout. call setsockopt and see this thread for the details.
  • lastly, never post someone else's actual IPs with your questions.
Community
  • 1
  • 1
Alien Life Form
  • 1,884
  • 1
  • 19
  • 27
  • Re "lastly, never post actual IPs with your questions." Why not? If the OP doesn't consider them sensitive, it's best if he includes them so we can run his code as is! – ikegami Jan 15 '14 at 16:34
  • Suppose they are not his IPs. Suppose everybody and my uncle runs this code. Suppose the machine misbehaves under these conditions and/or it receives a bazillion packets from geeks trying out this code. Can you spell D-O-S? – Alien Life Form Jan 15 '14 at 17:20
  • The node has had 16 views per hour. How many of those do you think resulted in the code being executed? – ikegami Jan 15 '14 at 17:26
  • How is the OP to know? How is any reader to know? Again, suppose the binary sequence in the code actually reboots or freezes a mistakenly miconfigured server. Assume one code run per hour (that's 1/16 run/view): does one reboot/hour on a (say) payroll DBMS sounds good to you? – Alien Life Form Jan 16 '14 at 10:03
  • Common sense, and because I corrected you. The OP is more than capable of executing his code once per hour. – ikegami Jan 16 '14 at 12:19
  • That's nice to know. Next time I have a list of vulnerable IPs, I will post them here embedded in some 'problematic' code, knowing that there will be some love & understanding. Signing off, will send email if you want to keep going. – Alien Life Form Jan 16 '14 at 14:24
  • Now you're saying we should never post real IP addresses to prevent others from knowing of existence of a IP addresses vulnerable to ? There's a lot of problems with that, not the least of which that it's easy to scan all IPs. That doesn't hold water either. – ikegami Jan 16 '14 at 14:38
  • There's also the fact that you've posted real IPs and real domain names in your answers. (e.g. the one to which this comment is associated) – ikegami Jan 16 '14 at 14:40
0

If you actually checked where it's hanging, I'm sure you'll find it's hanging trying to receive data.

ikegami
  • 367,544
  • 15
  • 269
  • 518