tilde_enum crash

[cclements]

tilde_enum.py` --no-check-certificate -u https://sometarget -d ../fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories.txt -w ../fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files.txt
[-]  Testing with dummy file request https://sometarget/B9s35gaJQh.htm
[-]    URLNotThere -> HTTP Code: 404, Response Length: 1245
[-]  Testing with user-submitted https://sometarget
[-]    URLUser -> HTTP Code: 200, Response Length: 4027
[+]  The server is reporting that it is IIS (Microsoft-IIS/7.0).
[+]  The server is vulnerable to the tilde enumeration vulnerability (IIS/5|6.x)..
[-]  Finished doing the 8.3 enumeration for /.
[-]  Now starting the word guessing using word list calls
Traceback (most recent call last):
  File "tilde_enum.py", line 669, in <module>
    if __name__ == "__main__": main()
  File "tilde_enum.py", line 522, in main
    performLookups(findings, url_good)
  File "tilde_enum.py", line 375, in performLookups
    test_response_length = url_response.headers['Content-Length']
  File "/usr/lib/python2.7/rfc822.py", line 393, in __getitem__
    return self.dict[name.lower()]
KeyError: 'content-length'

[WebBreacher]

Hello and thank you for using this script. Pasting your error in here is a great first step...but I need more information if I'm going to assist you. Here are some questions to start our conversation out. Please feel free to add more questions/answers if you feel the responses might be helpful.

1. Are the word list files specified in your command line actually in the ../directory?
2. Do you have permission to read the word list files specified in your command line?
3. Could you re-run the command with the -v flag set and paste that content?

Thanks!

[WebBreacher]

Actually, I've tried to reproduce your error and am finding that, when the extension passed in via the word list is "aspx" or "aspx." then I get this same response. Can you confirm this?

[cclements]

Sure enough:

[*]  Found file: (Size 4062) https://sometarget/searchresult.aspx.aspx.aspx
[+]  URL: https://sometarget/searchresult.aspx.aspx.cs  -> RESPONSE: 404
[+]  URL: https://sometarget/searchresult.aspx.aspx.designer.cs  -> RESPONSE: 404
[+]  URL: https://sometarget/searchresult.aspx.aspx.resx  -> RESPONSE: 404
[+]  URL: https://sometarget/searchresult.aspx.aspx.vb  -> RESPONSE: 404
[+]  URL: https://sometarget/searchresult.aspx.aspxx  -> RESPONSE: 404
[+]  URL: https://sometarget/searchresult.aspx.aspy  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp_  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp_files  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp-  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp.asp  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp.bak  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp.html  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp.lck  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp.old  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp1  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asp2  -> RESPONSE: 404
[+]  URL: https://sometarget/search..aspdonotuse  -> RESPONSE: 404
[+]  URL: https://sometarget/search..aspg  -> RESPONSE: 404
[+]  URL: https://sometarget/search..aspl  -> RESPONSE: 404
[+]  URL: https://sometarget/search..aspp  -> RESPONSE: 404
[+]  URL: https://sometarget/search..asps  -> RESPONSE: 404
Traceback (most recent call last):
  File "tilde_enum.py", line 669, in <module>
    if __name__ == "__main__": main()
  File "tilde_enum.py", line 522, in main
    performLookups(findings, url_good)
  File "tilde_enum.py", line 375, in performLookups
    test_response_length = url_response.headers['Content-Length']
  File "/usr/lib/python2.7/rfc822.py", line 393, in __getitem__
    return self.dict[name.lower()]
KeyError: 'content-length'

[WebBreacher]

Still working on this. I think there is something wrong with the getWebServerResponse() response processing as for the ASPX and some other extensions, the server is not returning expected response but instead an object. As I said, I'm working on this.

[darkmatter1505]

Sorry it has taken me so long to get back to you. As you have found I can confirm the that the issue was with the aspx. Thank you for working on this. it is much appreciated. Sincerely, Dark

…

On 2/18/17 10:04 PM, WebBreacher wrote: Still working on this. I think there is something wrong with the getWebServerResponse() response processing as for the ASPX and some other extensions, the server is not returning expected response but instead an object. As I said, I'm working on this. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#35 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AL5dl8DfinFy4XYea7yCvWQlrdGWCaZNks5rd79QgaJpZM4MFTa6>.