Revision as of 05:03, 23 February 2010 by Root (talk | contribs)
Jump to navigationJump to search

How many ways can you get a web page?

This works in Bourne and Bash -- note that Bash `echo` behaves the opposite of Bourne!

if echo -e | grep -q -- -e; then
    echo "sh style"
    (echo 'GET /dotfiles HTTP/1.1\nHost:\n\n'; sleep 2 ) | telnet 80
    echo "Bash style"
    (echo -e 'GET /dotfiles HTTP/1.1\nHost:\n\n'; sleep 2 ) | telnet 80

It's probably just as well to use multiple `echo` statements since this will work on both:

(echo 'GET /dotfiles HTTP/1.1';echo 'Host:';echo;echo; sleep 2 ) | telnet 80

This one gets rid of the HTTP response header by deleting everything up to and including the first blank line.

(echo 'GET /dotfiles HTTP/1.0';echo 'Host:';echo;echo;sleep 1) | telnet 80 2>/dev/null | sed '1,/^$/ d'

You can do a similar thing with netcat (`nc`). Notice that the `telnet` version requires a `sleep` to give time for the data to come back whereas the `nc` version waits until the remove server closes the connection, so no `sleep` is necessary.

(echo 'GET /dotfiles HTTP/1.1';echo 'Host:';echo;echo) | nc 80