Jump to content
Please Use CODE Tags

Python socket.recv in Loop Only Receiving Once

LtStaffel
By LtStaffel
in Programming
 Share
Go to solution Solved by LtStaffel,

For any with the same issue, using requests solved this for me.

 

Spoiler 

import requests
import time

exts = ['conf', 'bak', 'swp', 'txt', 'old', 'tar', 'gz', 'bz2', 'zip']
pre = ['old', 'bak', 'backup', 'copyof']

session = requests.head("http://challenge01.root-me.org/")
if session.status_code == 200:
    print "[i] Connection is working."

http = "http://challenge01.root-me.org"
file = "/realiste/ch1/login.php"
urls = []
codes = []

def store(request, code):
    urls.append(request)
    codes.append(code)

for ext in exts:
    req = http + file + "." + ext
    connection = requests.head(req)
    store(req, connection.status_code)
    time.sleep(0.1)

for search in range(0, len(codes)):
    ecx = 1
    if codes[search] != 404:
        print "============="
        print "[" + str(ecx) + "] URL ::: " + urls[search].replace("\n", "").replace("\r", "")
        print "|__ COD ::: " + str(codes[search])

print "============="
print "[*] Done."

 

 

 

Posted

Hello,

 

What I'm Doing: I have client.recv(4096) after sending a get request via client.send(req) in a loop, where client is a socket already connected to the server.

 

What I Want It To Do: In essence, I just want to see if the file being tested on each iteration of the loop exists on the server or not.

 

What It Is Doing: The loop only gets a response on its first iteration.

 

Backstory & Other Info: I am trying to automate the solving of a hacking challenge I have already beaten. Below is my code, which I have commented on as best as I can. I am using PyPy. Please feel free to ask questions about anything I forgot to mention or was unclear about.

 

What I Have Tried: I have tried: using more complex while loops to attempt to gather all the data being received, searching stackoverflow, a little bit of confused reading on non-blocking sockets.

 

Possible Alternative Routes: Would the requests library help me here better than sockets are?

 

My Script:

Spoiler 

# I need socket obviously, and I am using time as a method to slow the process down just to wait for the server
import socket
import time

# My dictionaries of things to try ('pre' is not yet integrated)
exts = ['conf', 'bak', 'swp', 'txt', 'old', 'tar', 'gz', 'bz2', 'zip']
pre = ['old', 'bak', 'backup', 'copyof']

# Create and connect the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect(("challenge01.root-me.org", 80))
    
# Send a test request
client.send("HEAD / HTTP/1.1\r\nHost: challenge01.root-me.org\r\n\r\n")
resp = client.recv(4096)

# Tell myself it's working
if "200" in resp:
    print "[i] Connection is working."

# Setting up my request for the loop
head = "GET /realiste/ch1/login.php"
http = " HTTP/1.1\r\nHost: challenge01.root-me.org\r\n\r\n"

# Getting my lists to hold the requests and responses ready
urls = []
respers = []

# Saving myself some typing
def store(request, response):
    urls.append(request)
    respers.append(response)

# Here's the main loop. It's looping through my dictionary (techinically a list)
# of extensions.
for ext in exts:
    
    # It creates a request with each iteration, in essence adding .old or .bak to the file in the request
    req = head + '.' + ext + http

    # Send it off to the server
    client.send(req)

    # So I set my response variable to "" and then start grabbing data
    # If it has data, I put it in my response
    # If it's empty, I move on out of this while loop and back into the main for loop
    # Thing is, I may get a file or a large response. If either happen, I don't want the entire thing.
    # So I set up a little if/else to look for a connection code. As soon as
    # it finds it, it cuts the while loop.
    # To summarize, once it gets the entire response, or once it finds a connection code,
    # it stops the loop.
    resp = ""
    while True:
        currentResp = client.recv(4096)
        if currentResp != "":
            resp += currentResp
            if "200" in resp or "400" in resp or "404" in resp or "502" in resp:
                store(req, resp)
                break
        else:
			continue
        else:
            break

    # Give the server a breather
    time.sleep(0.5)

# Fancy shmancy output
for search in range(0, len(respers)):
    ecx = 1
    if "200" in respers[search]:
        print "[" + str(ecx) + "] " + urls[search].replace("\n", "").replace("\r", "")
        print "|__ ::: " + respers[search].splitlines()[0]
        print "|"

# Finish.
print "[*] Done."

 

 

Thanks in advance!

Join the Appleitionist cause! See spoiler below for answers to common questions that shouldn't be common!

Spoiler

Q: Do I have a virus?!
A: If you didn't click a sketchy email, haven't left your computer physically open to attack, haven't downloaded anything sketchy/free, know that your software hasn't been exploited in a new hack, then the answer is: probably not.

 

Q: What email/VPN should I use?
A: Proton mail and VPN are the best for email and VPNs respectively. (They're free in a good way)

 

Q: How can I stay anonymous on the (deep/dark) webzz???....

A: By learning how to de-anonymize everyone else; if you can do that, then you know what to do for yourself.

 

Q: What Linux distro is best for x y z?

A: Lubuntu for things with little processing power, Ubuntu for normal PCs, and if you need to do anything else then it's best if you do the research yourself.

 

Q: Why is my Linux giving me x y z error?

A: Have you not googled it? Are you sure StackOverflow doesn't have an answer? Does the error tell you what's wrong? If the answer is no to all of those, message me.

 

Link to post
Share on other sites
Posted
  • Author
  • Solution

For any with the same issue, using requests solved this for me.

 

Spoiler 

import requests
import time

exts = ['conf', 'bak', 'swp', 'txt', 'old', 'tar', 'gz', 'bz2', 'zip']
pre = ['old', 'bak', 'backup', 'copyof']

session = requests.head("http://challenge01.root-me.org/")
if session.status_code == 200:
    print "[i] Connection is working."

http = "http://challenge01.root-me.org"
file = "/realiste/ch1/login.php"
urls = []
codes = []

def store(request, code):
    urls.append(request)
    codes.append(code)

for ext in exts:
    req = http + file + "." + ext
    connection = requests.head(req)
    store(req, connection.status_code)
    time.sleep(0.1)

for search in range(0, len(codes)):
    ecx = 1
    if codes[search] != 404:
        print "============="
        print "[" + str(ecx) + "] URL ::: " + urls[search].replace("\n", "").replace("\r", "")
        print "|__ COD ::: " + str(codes[search])

print "============="
print "[*] Done."

 

 

 

Join the Appleitionist cause! See spoiler below for answers to common questions that shouldn't be common!

Spoiler

Q: Do I have a virus?!
A: If you didn't click a sketchy email, haven't left your computer physically open to attack, haven't downloaded anything sketchy/free, know that your software hasn't been exploited in a new hack, then the answer is: probably not.

 

Q: What email/VPN should I use?
A: Proton mail and VPN are the best for email and VPNs respectively. (They're free in a good way)

 

Q: How can I stay anonymous on the (deep/dark) webzz???....

A: By learning how to de-anonymize everyone else; if you can do that, then you know what to do for yourself.

 

Q: What Linux distro is best for x y z?

A: Lubuntu for things with little processing power, Ubuntu for normal PCs, and if you need to do anything else then it's best if you do the research yourself.

 

Q: Why is my Linux giving me x y z error?

A: Have you not googled it? Are you sure StackOverflow doesn't have an answer? Does the error tell you what's wrong? If the answer is no to all of those, message me.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×