Skip to content

iis ms15-034 bug fix #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
loveraven42 wants to merge 4 commits into
base: master
Choose a base branch
from
Open

iis ms15-034 bug fix #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1501ee6
iis ms15-034 bug fix
loveraven42 Nov 18, 2017
f656b65
nginx fastcgi bug fix
loveraven42 Nov 18, 2017
741c137
clean all cache
loveraven42 Nov 18, 2017
0b9cc97
Delete pocdb.cpython-35.pyc
loveraven42 Nov 18, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion system/iis/iis_ms15034_httpsys_rce.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def run(self):
sock.connect((host, port))
sock.send(request.encode())
response = sock.recv(1024).decode()
if "Requested Range Not Satisfiable" in response:
if "Requested Range Not Satisfiable" in response and "Server: Microsoft" in response:
cprint("[+]存在MS15_034 http.sys远程代码执行漏洞...(高危)\tpayload: "+host+":"+str(port), "red")

except:
Expand Down
22 changes: 13 additions & 9 deletions system/nginx/multi_fastcgi_code_exec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from bs4 import BeautifulSoup
from termcolor import cprint


class multi_fastcgi_code_exec_BaseVerify:
def __init__(self, url):
self.url = url
Expand Down Expand Up @@ -49,25 +50,28 @@ def run(self):
turl = self.catch(self.url)
if len(turl) != 1:
for rurl in turl:
if r"http" not in self.url or r"https" not in self.url:
rurl = self.url + "/" + rurl
if r"http" not in self.url or r"https" not in self.url:
rurl = self.url + "/" + rurl
vulnurl = rurl + payload
html = requests.get(rurl, timeout=10, verify=False)
poc = requests.get(vulnurl + payload, timeout=10, verify=False)
if html.headers["Content-Type"] != poc.headers["Content-Type"]:
cprint("[+]存在Nginx Multi-FastCGI Code Execution漏洞...(高危)\tpayload: "+vulnurl+"\t老大去找上传点吧~", "red")
poc = requests.get(vulnurl + payload,
timeout=10, verify=False)
if html.headers["Content-Type"] != poc.headers["Content-Type"] and ("Server: nginx" in html.content or "Server: nginx" in poc.content):
cprint(
"[+]存在Nginx Multi-FastCGI Code Execution漏洞...(高危)\tpayload: " + vulnurl + "\t老大去找上传点吧~", "red")
break
else:
rurl = ''.join(turl)
vulnurl = rurl + payload
html = requests.get(rurl, timeout=10, verify=False)
poc = requests.get(vulnurl + payload, timeout=10, verify=False)
if html.headers["Content-Type"] != poc.headers["Content-Type"]:
cprint("[+]存在Nginx Multi-FastCGI Code Execution漏洞...(高危)\tpayload: "+vulnurl+"\t老大去找上传点吧~", "red")

if html.headers["Content-Type"] != poc.headers["Content-Type"] and ("Server: nginx" in html.content or "Server: nginx" in poc.content):
cprint("[+]存在Nginx Multi-FastCGI Code Execution漏洞...(高危)\tpayload: " +
vulnurl + "\t老大去找上传点吧~", "red")

except:
cprint("[-] "+__file__+"====>连接超时", "cyan")
cprint("[-] " + __file__ + "====>连接超时", "cyan")


if __name__ == "__main__":
warnings.filterwarnings("ignore")
Expand Down