Nothing is outputted.
Closed this issue · 8 comments
I did a quick check against a couple of my servers. The script outputted nothing, not even [empty] output. Does this mean the script crashed or what? I would like an output of something indicating that the test was completed and nothing was found to exploit.
Or at least a -v option to give progress reports on the tests being done.
I also experience this issue. Only getting output from Apache 2.2.22 on Ubuntu 14.04 server. Tested against Apache 2.2.22 on Debian 7 and Apache 2.4.6 on Centos 7 servers - no output.
By default, there's no output if nothing unusual is detected. You need to use -a / --all to see an explicit [ok] output. Also note that even that "all" output is actually de-duplicated, so even if script tries N-times, and sees the same Allow header in every response, it's only reported once.
I tried with option --all and and -n 1 but output is still inconsistent:
Sorry, there's also no output when script fails to connect to the server, or if response includes no Allow header. You might be able to confirm with something like:
$ curl -v -X OPTIONS http://www16
I can confirm that there is no Allow header present in response from that host (and others with no output):
I have the same problem. When i run ./42745-ExploitApache.2.4.18.py -n 1 -a -u X.X.X.X the exploit crashed or something like that...I'm a scriptkiddie, really i would appreciate if you tell me its wrong in my sentence
Hey all,
is there any solution to it yet? i have same issue i got no response upon executing exploit
There really is nothing to fix, this is intended: THe script will output nothing if nothing is found.
I will add a note to the readme, but otherwise this is intended, the idea here is that you can use this for larger scans, i.e. scan a bunch of hosts and only get any output if something is wrong.