Nothing is outputted.
Closed this issue · 8 comments
I did a quick check against a couple of my servers. The script outputted nothing, not even [empty] output. Does this mean the script crashed or what? I would like an output of something indicating that the test was completed and nothing was found to exploit.
Or at least a -v option to give progress reports on the tests being done.
I also experience this issue. Only getting output from Apache 2.2.22 on Ubuntu 14.04 server. Tested against Apache 2.2.22 on Debian 7 and Apache 2.4.6 on Centos 7 servers - no output.
By default, there's no output if nothing unusual is detected. You need to use -a
/ --all
to see an explicit [ok]
output. Also note that even that "all" output is actually de-duplicated, so even if script tries N-times, and sees the same Allow header in every response, it's only reported once.
Sorry, there's also no output when script fails to connect to the server, or if response includes no Allow header. You might be able to confirm with something like:
$ curl -v -X OPTIONS http://www16
I have the same problem. When i run ./42745-ExploitApache.2.4.18.py -n 1 -a -u X.X.X.X
the exploit crashed or something like that...I'm a scriptkiddie, really i would appreciate if you tell me its wrong in my sentence
Hey all,
is there any solution to it yet? i have same issue i got no response upon executing exploit
There really is nothing to fix, this is intended: THe script will output nothing if nothing is found.
I will add a note to the readme, but otherwise this is intended, the idea here is that you can use this for larger scans, i.e. scan a bunch of hosts and only get any output if something is wrong.