python写MS17-010扫描器
前言:
MS17-010早已是上一年的事情了。只不过想写一个检测脚本方便自己进行测试和用
正文:
先说思路:
negotiate_protocol_request = binascii.unhexlify(
"00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200")
session_setup_request = binascii.unhexlify(
"00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000")
tree_connect_request = binascii.unhexlify(
"00000060ff534d4275000000001807c00000000000000000000000000000fffe0008400004ff006000080001003500005c005c003100390032002e003100360038002e003100370035002e003100320038005c00490050004300240000003f3f3f3f3f00")
trans2_session_setup = binascii.unhexlify(
"0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000")
1.先把这些payload(首先把payload进行字符化)发送到目标主机
2.然后读取返回的数据进行判断
3.验证是否存在MS17010漏洞
代码:
import socket
import binascii
import struct
import sys
user=input('IP:')
def scan():
payload0 = binascii.unhexlify ('00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200')
payload1 = binascii.unhexlify('00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000')
payload2 = binascii.unhexlify('00000060ff534d4275000000001807c00000000000000000000000000000fffe0008400004ff006000080001003500005c005c003100390032002e003100360038002e003100370035002e003100320038005c00490050004300240000003f3f3f3f3f00')
payload3 = binascii.unhexlify('0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000')
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.settimeout(5)
host=user
port=445
s.connect((host,port))
print('[+]{}Ready to send'.format(host))
s.send(payload0)
s.recv(1024)
print('[+]{}Setting request'.format(host))
s.send(payload1)
session_setup_response=s.recv(1024)
user_id=session_setup_response[32:34]
print(host,'User ID=%s'%struct.unpack('<H',user_id)[0])
modified_tree_connect_request=list(payload2)
modified_tree_connect_request[32]=user_id[0]
modified_tree_connect_request[33]=user_id[1]
modified_tree_connect_request="".join('%s'%ld for ld in modified_tree_connect_request)
print('[+]{}Send connection'.format(host))
s.send(payload2)
tree_connect_response=s.recv(1024)
tree_id=tree_connect_response[28:30]
print('[+]{}'.format(host),'Tree ID=%s'%struct.unpack('<H',tree_id)[0])
modified_trans2_session_setup=list(payload3)
modified_trans2_session_setup[28]=tree_id[0]
modified_trans2_session_setup[29]=tree_id[1]
modified_trans2_session_setup[32]=user_id[0]
modified_trans2_session_setup[33]=user_id[1]
modified_trans2_session_setup="".join('{}'.format(li for li in modified_trans2_session_setup))
print('[+]{}Sending success is actually returning.'.format(host))
s.send(payload3)
final_respone=s.recv(1024)
s.close()
if final_respone[32]=="\x51":
print('[*]existence MS17-010')
else:
print('[-]Not existence MS17-010')
def run():
scan()
run()
测试结果:
转载请声明来自422926799.github.io
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。
文章标题:python写MS17-010扫描器
本文作者:九世
发布时间:2018-08-11, 15:14:58
最后更新:2019-04-19, 20:36:16
原始链接:http://jiushill.github.io/posts/c68019ec.html版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。