Created
May 15, 2016 09:31
-
-
Save libcrack/fccc09652970c89b96878c2b8aad4853 to your computer and use it in GitHub Desktop.
Simple nodejs HTTP server with exceptions & URL handling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env node | |
| // [email protected] | |
| // http://jessie.z.je/serv.js | |
| // Sun May 15 01:38:52 CEST 2016 | |
| // Missing modules? npm install <name> | |
| // | |
| // user@libcrack:~$ url="http://127.0.0.1:3003" | |
| // user@libcrack:~$ for i in {0..9}; do msg "$url/$i"; curl -s "$url/$i"; done | |
| // [*] http://127.0.0.1:3003/0 | |
| // [*] http://127.0.0.1:3003/1 | |
| // [*] http://127.0.0.1:3003/2 | |
| // [*] http://127.0.0.1:3003/3 | |
| // [*] http://127.0.0.1:3003/4 | |
| // [*] http://127.0.0.1:3003/5 | |
| // [*] http://127.0.0.1:3003/6 | |
| // [*] http://127.0.0.1:3003/7 | |
| // [*] http://127.0.0.1:3003/8 | |
| // [*] http://127.0.0.1:3003/9 | |
| // | |
| // user@libcrack:~$ ./serv.js | |
| // [0.0.0.0:3003] HTTP Server started at 0.0.0.0:3003 | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (1) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=55851 | |
| // [127.0.0.1] Requested path /0 | |
| // [127.0.0.1] Received invalid value "0" != "55851" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (2) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=56965 | |
| // [127.0.0.1] Requested path /1 | |
| // [127.0.0.1] Received invalid value "1" != "56965" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (3) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=55787 | |
| // [127.0.0.1] Requested path /2 | |
| // [127.0.0.1] Received invalid value "2" != "55787" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (4) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=54941 | |
| // [127.0.0.1] Requested path /3 | |
| // [127.0.0.1] Received invalid value "3" != "54941" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (5) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=54929 | |
| // [127.0.0.1] Requested path /4 | |
| // [127.0.0.1] Received invalid value "4" != "54929" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (6) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=57177 | |
| // [127.0.0.1] Requested path /5 | |
| // [127.0.0.1] Received invalid value "5" != "57177" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (7) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=56099 | |
| // [127.0.0.1] Requested path /6 | |
| // [127.0.0.1] Received invalid value "6" != "56099" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (8) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=56172 | |
| // [127.0.0.1] Requested path /7 | |
| // [127.0.0.1] Received invalid value "7" != "56172" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (9) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=55545 | |
| // [127.0.0.1] Requested path /8 | |
| // [127.0.0.1] Received invalid value "8" != "55545" | |
| // [127.0.0.1] ====================================== | |
| // [127.0.0.1] New client (10) from 127.0.0.1 | |
| // [127.0.0.1] val=0 | |
| // [127.0.0.1] val=0080 | |
| // [127.0.0.1] val=6400 | |
| // [127.0.0.1] val=56949 | |
| // [127.0.0.1] Requested path /9 | |
| // [127.0.0.1] Received invalid value "9" != "56949" | |
| const url = require("url"); | |
| const http = require("http"); | |
| const crypto = require("crypto"); | |
| const system = require("system"); | |
| var tmout = 5000; | |
| var lport = 3003; | |
| // var lhost = "127.0.0.1"; | |
| var lhost = "0.0.0.0"; | |
| var totalClients = 0; | |
| // XXX TypeError: Cannot read property 'length' of undefined | |
| // | |
| // // Pase arguments | |
| // if (system.args.length < 2) { | |
| // console.log("\nUsage: "+ system.args[0] + "<ip>:<port>"); | |
| // console.log(" ip : listener IP address"); | |
| // console.log(" port : listener TCP port number"); | |
| // console.log(""); | |
| // console.log("\n example: " + system.args[0] + "0.0.0.0:3000\n") | |
| // exit(1); | |
| // } else { | |
| // lport = system.args[1].split(":")[0]; | |
| // lhost = system.args[1].split(":")[1]; | |
| // } | |
| // --- Get random value (the lol way) ------- | |
| // @param s: input string | |
| // @returns: sha256 hash of param s | |
| function getRandom(s) { | |
| return crypto.createHash("sha256"). | |
| update(s).digest("binary")[0]; | |
| } | |
| // --- Get client address ------------------- | |
| // @param req: HTTP client request | |
| // @returns: HTTP client IP address | |
| //var getClientAddr = function(req) { | |
| function getClientAddr(req) { | |
| return (req.headers["x-forwarded-for"] || "").split(",")[0] || req.connection.remoteAddress; | |
| }; | |
| // --- 404 not found handler ---------------- | |
| // @param res: HTTP server response | |
| // @returns: none | |
| // var handle404 = function (res) { | |
| function handle404(res) { | |
| res.writeHead(404, { | |
| "Content-Type": "text/plain" | |
| }); | |
| res.write("404 Not Found\r\n"); | |
| res.end(); | |
| } | |
| // --- HTTP server dispatch callback -------- | |
| // handleReqResp = function (req, res){...}); | |
| // server = http.createServer(handleReqResp); | |
| var server = http.createServer(function(req, res) { | |
| res.writeHead(200, { | |
| "Content-Type": "text/plain" | |
| }); | |
| var flag = "8===============D"; | |
| var rawip = getClientAddr(req); | |
| var secret = "105b2f2c9b32f99d8df"; | |
| var ip = new Number(rawip.replace(/\./g, "")); | |
| var binip = ip.toString(2); | |
| var val = 0; | |
| var log = function(msg) { | |
| console.log("[" + rawip + "] " + msg); | |
| } | |
| totalClients += 1; | |
| log("========================================"); | |
| log("New client (" + totalClients + ") from " + rawip); | |
| log("val=" + val); | |
| for (var i = 1; i <= binip.length; i++) { | |
| var x = getRandom(secret + binip.slice(0, i)); | |
| if (x < 100) { | |
| val += x; | |
| } | |
| } | |
| log("val=" + val); | |
| val *= val; | |
| log("val=" + val); | |
| for (var i = 1; i <= 1000; i++) { | |
| val += Math.floor(Math.random() * 100); | |
| } | |
| log("val=" + val); | |
| // This line of code caused the below exception to be thrown: | |
| // res.end("THIS IS THE FLAG ON THE ACTUAL SERVER"); | |
| // | |
| // _http_outgoing.js:542 | |
| // throw new TypeError('First argument must be a string or Buffer'); | |
| // ^ | |
| // Solution: check if val is empty/null/invalid | |
| var path = url.parse(req.url).pathname; | |
| var uval = path.slice(0, 0) + path.slice(1, path.length); | |
| log("Requested path " + path); | |
| if (uval == "") { | |
| log("Received empty value"); | |
| res.end(); | |
| } else if (uval == val) { | |
| log("Received valid value \"" + uval + "\" == \"" + val + "\""); | |
| log("Sending flag \"" + flag + "\" to " + rawip); | |
| res.write(flag + "\r\n"); | |
| res.end(); | |
| } else { | |
| log("Received invalid value \"" + uval + "\" != \"" + val + "\""); | |
| res.end(); | |
| } | |
| // XXX: req.url.slice(req.url.indexOf('/') fails when path is empty | |
| // | |
| // console.log("req.url.slice(req.url.indexOf('/') + 1 = " + | |
| // req.url.slice(req.url.indexOf("/") + 1)); | |
| // | |
| // if (req.url.slice(req.url.indexOf("/") + 1) == val) { | |
| // console.log("Sending flag to " + rawip); | |
| // res.write("THIS IS THE FLAG ON THE ACTUAL SERVER\r\n"); | |
| // res.end(); | |
| // } else { | |
| // console.log("Sending val=" + val + " to " + rawip); | |
| // res.write("null\r\n"); | |
| // res.end(val); | |
| // } | |
| }); | |
| // --- HTTP server listener ----------------- | |
| server.listen(lport, lhost, function() { | |
| console.log("[" + lhost + ":" + lport + "] " + | |
| "HTTP Server started at " + lhost + ":" + lport); | |
| }); | |
| // --- HTTP server exception handler -------- | |
| server.on("error", function(e) { | |
| if (e.code == "EADDRINUSE") { | |
| console.log("[" + lhost + ":" + lport + "] " + | |
| "Address " + lhost + ":" + lport + " in use"); | |
| console.log("[" + lhost + ":" + lport + "] " + | |
| "Waiting " + tmout / 1000 + " seconds for a free slot"); | |
| setTimeout(function() { | |
| server.close(); | |
| server.listen(lport, lhost); | |
| }, tmout); | |
| } | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment